Merge OpenSSL 1.1.1b.

530 files changed, 14344 insertions, 12017 deletions

diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
index ef8c131ff32cf..39e90a52b3b90 100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -3,8 +3,8 @@
 .include <bsd.own.mk>
 
 # OpenSSL version used for manual page generation
-OPENSSL_VER=	1.1.1a
-OPENSSL_DATE=	2018-11-20
+OPENSSL_VER=	1.1.1b
+OPENSSL_DATE=	2019-02-26
 
 LCRYPTO_SRC=	${SRCTOP}/crypto/openssl
 LCRYPTO_DOC=	${LCRYPTO_SRC}/doc
diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man
index 61d6d071d96ed..b0a8508ef809b 100644
--- a/secure/lib/libcrypto/Makefile.man
+++ b/secure/lib/libcrypto/Makefile.man
@@ -1969,6 +1969,8 @@ MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_parent.3
 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_free.3
 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_new.3
 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_appname.3
+MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_file_flags.3
+MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_filename.3
 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_atexit.3
 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_cleanup.3
 MLINKS+= OPENSSL_init_crypto.3 OPENSSL_thread_stop.3
diff --git a/secure/lib/libcrypto/aarch64/aesv8-armx.S b/secure/lib/libcrypto/aarch64/aesv8-armx.S
index 076071ce631cc..d8eb85a9840e7 100644
--- a/secure/lib/libcrypto/aarch64/aesv8-armx.S
+++ b/secure/lib/libcrypto/aarch64/aesv8-armx.S
@@ -181,6 +181,7 @@ aes_v8_set_encrypt_key:
 .type	aes_v8_set_decrypt_key,%function
 .align	5
 aes_v8_set_decrypt_key:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	bl	.Lenc_key
@@ -214,6 +215,7 @@ aes_v8_set_decrypt_key:
 	eor	x0,x0,x0		// return value
 .Ldec_key_abort:
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	aes_v8_set_decrypt_key,.-aes_v8_set_decrypt_key
 .globl	aes_v8_encrypt
diff --git a/secure/lib/libcrypto/aarch64/armv8-mont.S b/secure/lib/libcrypto/aarch64/armv8-mont.S
index 13725c7751cbb..55c1f76ecd69f 100644
--- a/secure/lib/libcrypto/aarch64/armv8-mont.S
+++ b/secure/lib/libcrypto/aarch64/armv8-mont.S
@@ -211,6 +211,7 @@ __bn_sqr8x_mont:
 	cmp	x1,x2
 	b.ne	__bn_mul4x_mont
 .Lsqr8x_mont:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -961,11 +962,13 @@ __bn_sqr8x_mont:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldr	x29,[sp],#128
+.inst	0xd50323bf		// autiasp
 	ret
 .size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
 .type	__bn_mul4x_mont,%function
 .align	5
 __bn_mul4x_mont:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -1399,6 +1402,7 @@ __bn_mul4x_mont:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldr	x29,[sp],#128
+.inst	0xd50323bf		// autiasp
 	ret
 .size	__bn_mul4x_mont,.-__bn_mul4x_mont
 .byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/secure/lib/libcrypto/aarch64/chacha-armv8.S b/secure/lib/libcrypto/aarch64/chacha-armv8.S
index 5b452b5797a4d..0208c2030faed 100644
--- a/secure/lib/libcrypto/aarch64/chacha-armv8.S
+++ b/secure/lib/libcrypto/aarch64/chacha-armv8.S
@@ -38,6 +38,7 @@ ChaCha20_ctr32:
 	b.ne	ChaCha20_neon
 
 .Lshort:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 
@@ -249,6 +250,7 @@ ChaCha20_ctr32:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
 .Labort:
 	ret
 
@@ -305,12 +307,14 @@ ChaCha20_ctr32:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_ctr32,.-ChaCha20_ctr32
 
 .type	ChaCha20_neon,%function
 .align	5
 ChaCha20_neon:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 
@@ -690,6 +694,7 @@ ChaCha20_neon:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
 	ret
 
 .Ltail_neon:
@@ -799,11 +804,13 @@ ChaCha20_neon:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_neon,.-ChaCha20_neon
 .type	ChaCha20_512_neon,%function
 .align	5
 ChaCha20_512_neon:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 
@@ -1966,5 +1973,6 @@ ChaCha20_512_neon:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_512_neon,.-ChaCha20_512_neon
diff --git a/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S b/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S
index 52c11e9549c9d..c0b5f8cede176 100644
--- a/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S
+++ b/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S
@@ -2397,6 +2397,7 @@ ecp_nistz256_precomputed:
 .type	ecp_nistz256_to_mont,%function
 .align	6
 ecp_nistz256_to_mont:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -2412,6 +2413,7 @@ ecp_nistz256_to_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
 
@@ -2420,6 +2422,7 @@ ecp_nistz256_to_mont:
 .type	ecp_nistz256_from_mont,%function
 .align	4
 ecp_nistz256_from_mont:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -2435,6 +2438,7 @@ ecp_nistz256_from_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
 
@@ -2444,6 +2448,7 @@ ecp_nistz256_from_mont:
 .type	ecp_nistz256_mul_mont,%function
 .align	4
 ecp_nistz256_mul_mont:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -2458,6 +2463,7 @@ ecp_nistz256_mul_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
 
@@ -2466,6 +2472,7 @@ ecp_nistz256_mul_mont:
 .type	ecp_nistz256_sqr_mont,%function
 .align	4
 ecp_nistz256_sqr_mont:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-32]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -2479,6 +2486,7 @@ ecp_nistz256_sqr_mont:
 
 	ldp	x19,x20,[sp,#16]
 	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
 
@@ -2488,6 +2496,7 @@ ecp_nistz256_sqr_mont:
 .type	ecp_nistz256_add,%function
 .align	4
 ecp_nistz256_add:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -2501,6 +2510,7 @@ ecp_nistz256_add:
 	bl	__ecp_nistz256_add
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_add,.-ecp_nistz256_add
 
@@ -2509,6 +2519,7 @@ ecp_nistz256_add:
 .type	ecp_nistz256_div_by_2,%function
 .align	4
 ecp_nistz256_div_by_2:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -2520,6 +2531,7 @@ ecp_nistz256_div_by_2:
 	bl	__ecp_nistz256_div_by_2
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		//  autiasp
 	ret
 .size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
 
@@ -2528,6 +2540,7 @@ ecp_nistz256_div_by_2:
 .type	ecp_nistz256_mul_by_2,%function
 .align	4
 ecp_nistz256_mul_by_2:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -2543,6 +2556,7 @@ ecp_nistz256_mul_by_2:
 	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
 
@@ -2551,6 +2565,7 @@ ecp_nistz256_mul_by_2:
 .type	ecp_nistz256_mul_by_3,%function
 .align	4
 ecp_nistz256_mul_by_3:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -2577,6 +2592,7 @@ ecp_nistz256_mul_by_3:
 	bl	__ecp_nistz256_add	// ret += a	// 2*a+a=3*a
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
 
@@ -2586,6 +2602,7 @@ ecp_nistz256_mul_by_3:
 .type	ecp_nistz256_sub,%function
 .align	4
 ecp_nistz256_sub:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -2597,6 +2614,7 @@ ecp_nistz256_sub:
 	bl	__ecp_nistz256_sub_from
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_sub,.-ecp_nistz256_sub
 
@@ -2605,6 +2623,7 @@ ecp_nistz256_sub:
 .type	ecp_nistz256_neg,%function
 .align	4
 ecp_nistz256_neg:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -2619,6 +2638,7 @@ ecp_nistz256_neg:
 	bl	__ecp_nistz256_sub_from
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_neg,.-ecp_nistz256_neg
 
@@ -2996,6 +3016,7 @@ __ecp_nistz256_div_by_2:
 .type	ecp_nistz256_point_double,%function
 .align	5
 ecp_nistz256_point_double:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -3130,12 +3151,14 @@ ecp_nistz256_point_double:
 	ldp	x19,x20,[x29,#16]
 	ldp	x21,x22,[x29,#32]
 	ldp	x29,x30,[sp],#80
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
 .globl	ecp_nistz256_point_add
 .type	ecp_nistz256_point_add,%function
 .align	5
 ecp_nistz256_point_add:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -3385,18 +3408,20 @@ ecp_nistz256_point_add:
 	stp	x16,x17,[x21,#64+16]
 
 .Ladd_done:
-	add	sp,x29,#0	// destroy frame
+	add	sp,x29,#0		// destroy frame
 	ldp	x19,x20,[x29,#16]
 	ldp	x21,x22,[x29,#32]
 	ldp	x23,x24,[x29,#48]
 	ldp	x25,x26,[x29,#64]
 	ldp	x29,x30,[sp],#80
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
 .globl	ecp_nistz256_point_add_affine
 .type	ecp_nistz256_point_add_affine,%function
 .align	5
 ecp_nistz256_point_add_affine:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -3595,6 +3620,7 @@ ecp_nistz256_point_add_affine:
 	ldp	x23,x24,[x29,#48]
 	ldp	x25,x26,[x29,#64]
 	ldp	x29,x30,[sp],#80
+.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
 ////////////////////////////////////////////////////////////////////////
diff --git a/secure/lib/libcrypto/aarch64/keccak1600-armv8.S b/secure/lib/libcrypto/aarch64/keccak1600-armv8.S
index 50bf2fb4a8ecb..ff3f7f83e5279 100644
--- a/secure/lib/libcrypto/aarch64/keccak1600-armv8.S
+++ b/secure/lib/libcrypto/aarch64/keccak1600-armv8.S
@@ -36,6 +36,7 @@ iotas:
 .align	5
 KeccakF1600_int:
 	adr	x28,iotas
+.inst	0xd503233f			// paciasp
 	stp	x28,x30,[sp,#16]		// 32 bytes on top are mine
 	b	.Loop
 .align	4
@@ -199,12 +200,14 @@ KeccakF1600_int:
 	bne	.Loop
 
 	ldr	x30,[sp,#24]
+.inst	0xd50323bf			// autiasp
 	ret
 .size	KeccakF1600_int,.-KeccakF1600_int
 
 .type	KeccakF1600,%function
 .align	5
 KeccakF1600:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -254,6 +257,7 @@ KeccakF1600:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf			// autiasp
 	ret
 .size	KeccakF1600,.-KeccakF1600
 
@@ -261,6 +265,7 @@ KeccakF1600:
 .type	SHA3_absorb,%function
 .align	5
 SHA3_absorb:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -494,12 +499,14 @@ SHA3_absorb:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf			// autiasp
 	ret
 .size	SHA3_absorb,.-SHA3_absorb
 .globl	SHA3_squeeze
 .type	SHA3_squeeze,%function
 .align	5
 SHA3_squeeze:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-48]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@@ -562,6 +569,7 @@ SHA3_squeeze:
 	ldp	x19,x20,[sp,#16]
 	ldp	x21,x22,[sp,#32]
 	ldp	x29,x30,[sp],#48
+.inst	0xd50323bf			// autiasp
 	ret
 .size	SHA3_squeeze,.-SHA3_squeeze
 .type	KeccakF1600_ce,%function
@@ -755,6 +763,7 @@ KeccakF1600_ce:
 .type	KeccakF1600_cext,%function
 .align	5
 KeccakF1600_cext:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#16]		// per ABI requirement
@@ -795,12 +804,14 @@ KeccakF1600_cext:
 	ldp	d12,d13,[sp,#48]
 	ldp	d14,d15,[sp,#64]
 	ldr	x29,[sp],#80
+.inst	0xd50323bf		// autiasp
 	ret
 .size	KeccakF1600_cext,.-KeccakF1600_cext
 .globl	SHA3_absorb_cext
 .type	SHA3_absorb_cext,%function
 .align	5
 SHA3_absorb_cext:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#16]		// per ABI requirement
@@ -1016,12 +1027,14 @@ SHA3_absorb_cext:
 	ldp	d12,d13,[sp,#48]
 	ldp	d14,d15,[sp,#64]
 	ldp	x29,x30,[sp],#80
+.inst	0xd50323bf		// autiasp
 	ret
 .size	SHA3_absorb_cext,.-SHA3_absorb_cext
 .globl	SHA3_squeeze_cext
 .type	SHA3_squeeze_cext,%function
 .align	5
 SHA3_squeeze_cext:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	mov	x9,x0
@@ -1077,6 +1090,7 @@ SHA3_squeeze_cext:
 
 .Lsqueeze_done_ce:
 	ldr	x29,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	SHA3_squeeze_cext,.-SHA3_squeeze_cext
 .byte	75,101,99,99,97,107,45,49,54,48,48,32,97,98,115,111,114,98,32,97,110,100,32,115,113,117,101,101,122,101,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/secure/lib/libcrypto/aarch64/poly1305-armv8.S b/secure/lib/libcrypto/aarch64/poly1305-armv8.S
index 022d84526a523..5e145838fe341 100644
--- a/secure/lib/libcrypto/aarch64/poly1305-armv8.S
+++ b/secure/lib/libcrypto/aarch64/poly1305-armv8.S
@@ -228,6 +228,7 @@ poly1305_blocks_neon:
 	cbz	x17,poly1305_blocks
 
 .Lblocks_neon:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-80]!
 	add	x29,sp,#0
 
@@ -796,6 +797,7 @@ poly1305_blocks_neon:
 	st1	{v23.s}[0],[x0]
 
 .Lno_data_neon:
+.inst	0xd50323bf		// autiasp
 	ldr	x29,[sp],#80
 	ret
 .size	poly1305_blocks_neon,.-poly1305_blocks_neon
diff --git a/secure/lib/libcrypto/aarch64/sha256-armv8.S b/secure/lib/libcrypto/aarch64/sha256-armv8.S
index 2d620be8bb5f7..40d1fb269b353 100644
--- a/secure/lib/libcrypto/aarch64/sha256-armv8.S
+++ b/secure/lib/libcrypto/aarch64/sha256-armv8.S
@@ -1,6 +1,6 @@
 /* $FreeBSD$ */
 /* Do not modify. This file is auto-generated from sha512-armv8.pl. */
-// Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
 //
 // Licensed under the OpenSSL license (the "License").  You may not use
 // this file except in compliance with the License.  You can obtain a copy
@@ -79,6 +79,7 @@ sha256_block_data_order:
 	tst	w16,#ARMV7_NEON
 	b.ne	.Lneon_entry
 #endif
+.inst	0xd503233f				// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 
@@ -1038,6 +1039,7 @@ sha256_block_data_order:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf				// autiasp
 	ret
 .size	sha256_block_data_order,.-sha256_block_data_order
 
diff --git a/secure/lib/libcrypto/aarch64/sha512-armv8.S b/secure/lib/libcrypto/aarch64/sha512-armv8.S
index 094441cfd4ec5..a2a2b030ef4c9 100644
--- a/secure/lib/libcrypto/aarch64/sha512-armv8.S
+++ b/secure/lib/libcrypto/aarch64/sha512-armv8.S
@@ -1,6 +1,6 @@
 /* $FreeBSD$ */
 /* Do not modify. This file is auto-generated from sha512-armv8.pl. */
-// Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
 //
 // Licensed under the OpenSSL license (the "License").  You may not use
 // this file except in compliance with the License.  You can obtain a copy
@@ -77,6 +77,7 @@ sha512_block_data_order:
 	tst	w16,#ARMV8_SHA512
 	b.ne	.Lv8_entry
 #endif
+.inst	0xd503233f				// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 
@@ -1036,6 +1037,7 @@ sha512_block_data_order:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf				// autiasp
 	ret
 .size	sha512_block_data_order,.-sha512_block_data_order
 
diff --git a/secure/lib/libcrypto/aarch64/vpaes-armv8.S b/secure/lib/libcrypto/aarch64/vpaes-armv8.S
index cc9bc79012ab8..390125ff05213 100644
--- a/secure/lib/libcrypto/aarch64/vpaes-armv8.S
+++ b/secure/lib/libcrypto/aarch64/vpaes-armv8.S
@@ -197,6 +197,7 @@ _vpaes_encrypt_core:
 .type	vpaes_encrypt,%function
 .align	4
 vpaes_encrypt:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -206,6 +207,7 @@ vpaes_encrypt:
 	st1	{v0.16b}, [x1]
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf			// autiasp
 	ret
 .size	vpaes_encrypt,.-vpaes_encrypt
 
@@ -428,6 +430,7 @@ _vpaes_decrypt_core:
 .type	vpaes_decrypt,%function
 .align	4
 vpaes_decrypt:
+.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -437,6 +440,7 @@ vpaes_decrypt:
 	st1	{v0.16b}, [x1]
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf			// autiasp
 	ret
 .size	vpaes_decrypt,.-vpaes_decrypt
 
@@ -600,6 +604,7 @@ _vpaes_key_preheat:
 .type	_vpaes_schedule_core,%function
 .align	4
 _vpaes_schedule_core:
+.inst	0xd503233f			// paciasp
 	stp	x29, x30, [sp,#-16]!
 	add	x29,sp,#0
 
@@ -764,6 +769,7 @@ _vpaes_schedule_core:
 	eor	v6.16b, v6.16b, v6.16b		// vpxor	%xmm6,	%xmm6,	%xmm6
 	eor	v7.16b, v7.16b, v7.16b		// vpxor	%xmm7,	%xmm7,	%xmm7
 	ldp	x29, x30, [sp],#16
+.inst	0xd50323bf			// autiasp
 	ret
 .size	_vpaes_schedule_core,.-_vpaes_schedule_core
 
@@ -976,6 +982,7 @@ _vpaes_schedule_mangle:
 .type	vpaes_set_encrypt_key,%function
 .align	4
 vpaes_set_encrypt_key:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -991,6 +998,7 @@ vpaes_set_encrypt_key:
 
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
 
@@ -998,6 +1006,7 @@ vpaes_set_encrypt_key:
 .type	vpaes_set_decrypt_key,%function
 .align	4
 vpaes_set_decrypt_key:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1017,6 +1026,7 @@ vpaes_set_decrypt_key:
 
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
 .globl	vpaes_cbc_encrypt
@@ -1027,6 +1037,7 @@ vpaes_cbc_encrypt:
 	cmp	w5, #0			// check direction
 	b.eq	vpaes_cbc_decrypt
 
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 
@@ -1049,6 +1060,7 @@ vpaes_cbc_encrypt:
 	st1	{v0.16b}, [x4]	// write ivec
 
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 .Lcbc_abort:
 	ret
 .size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
@@ -1056,6 +1068,7 @@ vpaes_cbc_encrypt:
 .type	vpaes_cbc_decrypt,%function
 .align	4
 vpaes_cbc_decrypt:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1097,12 +1110,14 @@ vpaes_cbc_decrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
 .globl	vpaes_ecb_encrypt
 .type	vpaes_ecb_encrypt,%function
 .align	4
 vpaes_ecb_encrypt:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1136,6 +1151,7 @@ vpaes_ecb_encrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
 
@@ -1143,6 +1159,7 @@ vpaes_ecb_encrypt:
 .type	vpaes_ecb_decrypt,%function
 .align	4
 vpaes_ecb_decrypt:
+.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@@ -1176,5 +1193,6 @@ vpaes_ecb_decrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
diff --git a/secure/lib/libcrypto/amd64/aes-x86_64.S b/secure/lib/libcrypto/amd64/aes-x86_64.S
index f7750aea410bc..38627ac0363b7 100644
--- a/secure/lib/libcrypto/amd64/aes-x86_64.S
+++ b/secure/lib/libcrypto/amd64/aes-x86_64.S
@@ -157,6 +157,7 @@ _x86_64_AES_encrypt:
 .type	_x86_64_AES_encrypt_compact,@function
 .align	16
 _x86_64_AES_encrypt_compact:
+.cfi_startproc	
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@@ -326,6 +327,7 @@ _x86_64_AES_encrypt_compact:
 	xorl	8(%r15),%ecx
 	xorl	12(%r15),%edx
 .byte	0xf3,0xc3
+.cfi_endproc	
 .size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
 .globl	AES_encrypt
 .type	AES_encrypt,@function
@@ -570,6 +572,7 @@ _x86_64_AES_decrypt:
 .type	_x86_64_AES_decrypt_compact,@function
 .align	16
 _x86_64_AES_decrypt_compact:
+.cfi_startproc	
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@@ -791,6 +794,7 @@ _x86_64_AES_decrypt_compact:
 	xorl	8(%r15),%ecx
 	xorl	12(%r15),%edx
 .byte	0xf3,0xc3
+.cfi_endproc	
 .size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
 .globl	AES_decrypt
 .type	AES_decrypt,@function
@@ -922,6 +926,7 @@ AES_set_encrypt_key:
 .type	_x86_64_AES_set_encrypt_key,@function
 .align	16
 _x86_64_AES_set_encrypt_key:
+.cfi_startproc	
 	movl	%esi,%ecx
 	movq	%rdi,%rsi
 	movq	%rdx,%rdi
@@ -1157,6 +1162,7 @@ _x86_64_AES_set_encrypt_key:
 	movq	$-1,%rax
 .Lexit:
 .byte	0xf3,0xc3
+.cfi_endproc	
 .size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
 .globl	AES_set_decrypt_key
 .type	AES_set_decrypt_key,@function
@@ -1379,8 +1385,9 @@ AES_cbc_encrypt:
 	cmpq	$0,%rdx
 	je	.Lcbc_epilogue
 	pushfq
+
+
 .cfi_adjust_cfa_offset	8
-.cfi_offset	49,-16
 	pushq	%rbx
 .cfi_adjust_cfa_offset	8
 .cfi_offset	%rbx,-24
@@ -1409,6 +1416,7 @@ AES_cbc_encrypt:
 	cmpq	$0,%r9
 	cmoveq	%r10,%r14
 
+.cfi_remember_state	
 	movl	OPENSSL_ia32cap_P(%rip),%r10d
 	cmpq	$512,%rdx
 	jb	.Lcbc_slow_prologue
@@ -1644,6 +1652,7 @@ AES_cbc_encrypt:
 
 .align	16
 .Lcbc_slow_prologue:
+.cfi_restore_state	
 
 	leaq	-88(%rsp),%rbp
 	andq	$-64,%rbp
@@ -1655,8 +1664,10 @@ AES_cbc_encrypt:
 	subq	%r10,%rbp
 
 	xchgq	%rsp,%rbp
+.cfi_def_cfa_register	%rbp
 
 	movq	%rbp,16(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x10,0x06,0x23,0x40
 .Lcbc_slow_body:
 
 
@@ -1845,8 +1856,9 @@ AES_cbc_encrypt:
 .cfi_def_cfa	%rsp,16
 .Lcbc_popfq:
 	popfq
+
+
 .cfi_adjust_cfa_offset	-8
-.cfi_restore	49
 .Lcbc_epilogue:
 	.byte	0xf3,0xc3
 .cfi_endproc	
diff --git a/secure/lib/libcrypto/amd64/aesni-x86_64.S b/secure/lib/libcrypto/amd64/aesni-x86_64.S
index b4cb5b92f6af0..e2ef2d6666cb5 100644
--- a/secure/lib/libcrypto/amd64/aesni-x86_64.S
+++ b/secure/lib/libcrypto/amd64/aesni-x86_64.S
@@ -6,6 +6,7 @@
 .type	aesni_encrypt,@function
 .align	16
 aesni_encrypt:
+.cfi_startproc	
 	movups	(%rdi),%xmm2
 	movl	240(%rdx),%eax
 	movups	(%rdx),%xmm0
@@ -24,12 +25,14 @@ aesni_encrypt:
 	movups	%xmm2,(%rsi)
 	pxor	%xmm2,%xmm2
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	aesni_encrypt,.-aesni_encrypt
 
 .globl	aesni_decrypt
 .type	aesni_decrypt,@function
 .align	16
 aesni_decrypt:
+.cfi_startproc	
 	movups	(%rdi),%xmm2
 	movl	240(%rdx),%eax
 	movups	(%rdx),%xmm0
@@ -48,10 +51,12 @@ aesni_decrypt:
 	movups	%xmm2,(%rsi)
 	pxor	%xmm2,%xmm2
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	aesni_decrypt, .-aesni_decrypt
 .type	_aesni_encrypt2,@function
 .align	16
 _aesni_encrypt2:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -77,10 +82,12 @@ _aesni_encrypt2:
 .byte	102,15,56,221,208
 .byte	102,15,56,221,216
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_encrypt2,.-_aesni_encrypt2
 .type	_aesni_decrypt2,@function
 .align	16
 _aesni_decrypt2:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -106,10 +113,12 @@ _aesni_decrypt2:
 .byte	102,15,56,223,208
 .byte	102,15,56,223,216
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_decrypt2,.-_aesni_decrypt2
 .type	_aesni_encrypt3,@function
 .align	16
 _aesni_encrypt3:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -140,10 +149,12 @@ _aesni_encrypt3:
 .byte	102,15,56,221,216
 .byte	102,15,56,221,224
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_encrypt3,.-_aesni_encrypt3
 .type	_aesni_decrypt3,@function
 .align	16
 _aesni_decrypt3:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -174,10 +185,12 @@ _aesni_decrypt3:
 .byte	102,15,56,223,216
 .byte	102,15,56,223,224
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_decrypt3,.-_aesni_decrypt3
 .type	_aesni_encrypt4,@function
 .align	16
 _aesni_encrypt4:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -214,10 +227,12 @@ _aesni_encrypt4:
 .byte	102,15,56,221,224
 .byte	102,15,56,221,232
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_encrypt4,.-_aesni_encrypt4
 .type	_aesni_decrypt4,@function
 .align	16
 _aesni_decrypt4:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -254,10 +269,12 @@ _aesni_decrypt4:
 .byte	102,15,56,223,224
 .byte	102,15,56,223,232
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_decrypt4,.-_aesni_decrypt4
 .type	_aesni_encrypt6,@function
 .align	16
 _aesni_encrypt6:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -308,10 +325,12 @@ _aesni_encrypt6:
 .byte	102,15,56,221,240
 .byte	102,15,56,221,248
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_encrypt6,.-_aesni_encrypt6
 .type	_aesni_decrypt6,@function
 .align	16
 _aesni_decrypt6:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -362,10 +381,12 @@ _aesni_decrypt6:
 .byte	102,15,56,223,240
 .byte	102,15,56,223,248
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_decrypt6,.-_aesni_decrypt6
 .type	_aesni_encrypt8,@function
 .align	16
 _aesni_encrypt8:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -426,10 +447,12 @@ _aesni_encrypt8:
 .byte	102,68,15,56,221,192
 .byte	102,68,15,56,221,200
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_encrypt8,.-_aesni_encrypt8
 .type	_aesni_decrypt8,@function
 .align	16
 _aesni_decrypt8:
+.cfi_startproc	
 	movups	(%rcx),%xmm0
 	shll	$4,%eax
 	movups	16(%rcx),%xmm1
@@ -490,11 +513,13 @@ _aesni_decrypt8:
 .byte	102,68,15,56,223,192
 .byte	102,68,15,56,223,200
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_aesni_decrypt8,.-_aesni_decrypt8
 .globl	aesni_ecb_encrypt
 .type	aesni_ecb_encrypt,@function
 .align	16
 aesni_ecb_encrypt:
+.cfi_startproc	
 	andq	$-16,%rdx
 	jz	.Lecb_ret
 
@@ -832,6 +857,7 @@ aesni_ecb_encrypt:
 	xorps	%xmm0,%xmm0
 	pxor	%xmm1,%xmm1
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
 .globl	aesni_ccm64_encrypt_blocks
 .type	aesni_ccm64_encrypt_blocks,@function
diff --git a/secure/lib/libcrypto/amd64/bsaes-x86_64.S b/secure/lib/libcrypto/amd64/bsaes-x86_64.S
index dcd0eb5c0ea1c..8b68f80dbc9b9 100644
--- a/secure/lib/libcrypto/amd64/bsaes-x86_64.S
+++ b/secure/lib/libcrypto/amd64/bsaes-x86_64.S
@@ -8,6 +8,7 @@
 .type	_bsaes_encrypt8,@function
 .align	64
 _bsaes_encrypt8:
+.cfi_startproc	
 	leaq	.LBS0(%rip),%r11
 
 	movdqa	(%rax),%xmm8
@@ -475,11 +476,13 @@ _bsaes_encrypt8_bitslice:
 	pxor	%xmm7,%xmm15
 	pxor	%xmm7,%xmm0
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_bsaes_encrypt8,.-_bsaes_encrypt8
 
 .type	_bsaes_decrypt8,@function
 .align	64
 _bsaes_decrypt8:
+.cfi_startproc	
 	leaq	.LBS0(%rip),%r11
 
 	movdqa	(%rax),%xmm8
@@ -981,10 +984,12 @@ _bsaes_decrypt8:
 	pxor	%xmm7,%xmm15
 	pxor	%xmm7,%xmm0
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_bsaes_decrypt8,.-_bsaes_decrypt8
 .type	_bsaes_key_convert,@function
 .align	16
 _bsaes_key_convert:
+.cfi_startproc	
 	leaq	.Lmasks(%rip),%r11
 	movdqu	(%rcx),%xmm7
 	leaq	16(%rcx),%rcx
@@ -1063,6 +1068,7 @@ _bsaes_key_convert:
 	movdqa	80(%r11),%xmm7
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_bsaes_key_convert,.-_bsaes_key_convert
 
 .globl	bsaes_cbc_encrypt
diff --git a/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S b/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S
index b8de76454af49..1176feea40c24 100644
--- a/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S
+++ b/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S
@@ -3961,6 +3961,7 @@ ecp_nistz256_mul_mont:
 .type	__ecp_nistz256_mul_montq,@function
 .align	32
 __ecp_nistz256_mul_montq:
+.cfi_startproc	
 
 
 	movq	%rax,%rbp
@@ -4172,6 +4173,7 @@ __ecp_nistz256_mul_montq:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq
 
 
@@ -4249,6 +4251,7 @@ ecp_nistz256_sqr_mont:
 .type	__ecp_nistz256_sqr_montq,@function
 .align	32
 __ecp_nistz256_sqr_montq:
+.cfi_startproc	
 	movq	%rax,%r13
 	mulq	%r14
 	movq	%rax,%r9
@@ -4406,10 +4409,12 @@ __ecp_nistz256_sqr_montq:
 	movq	%r15,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq
 .type	__ecp_nistz256_mul_montx,@function
 .align	32
 __ecp_nistz256_mul_montx:
+.cfi_startproc	
 
 
 	mulxq	%r9,%r8,%r9
@@ -4572,11 +4577,13 @@ __ecp_nistz256_mul_montx:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx
 
 .type	__ecp_nistz256_sqr_montx,@function
 .align	32
 __ecp_nistz256_sqr_montx:
+.cfi_startproc	
 	mulxq	%r14,%r9,%r10
 	mulxq	%r15,%rcx,%r11
 	xorl	%eax,%eax
@@ -4700,6 +4707,7 @@ __ecp_nistz256_sqr_montx:
 	movq	%r15,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx
 
 
@@ -4839,6 +4847,7 @@ ecp_nistz256_scatter_w5:
 .type	ecp_nistz256_gather_w5,@function
 .align	32
 ecp_nistz256_gather_w5:
+.cfi_startproc	
 	movl	OPENSSL_ia32cap_P+8(%rip),%eax
 	testl	$32,%eax
 	jnz	.Lavx2_gather_w5
@@ -4893,6 +4902,7 @@ ecp_nistz256_gather_w5:
 	movdqu	%xmm6,64(%rdi)
 	movdqu	%xmm7,80(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .LSEH_end_ecp_nistz256_gather_w5:
 .size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
 
@@ -4921,6 +4931,7 @@ ecp_nistz256_scatter_w7:
 .type	ecp_nistz256_gather_w7,@function
 .align	32
 ecp_nistz256_gather_w7:
+.cfi_startproc	
 	movl	OPENSSL_ia32cap_P+8(%rip),%eax
 	testl	$32,%eax
 	jnz	.Lavx2_gather_w7
@@ -4964,6 +4975,7 @@ ecp_nistz256_gather_w7:
 	movdqu	%xmm4,32(%rdi)
 	movdqu	%xmm5,48(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .LSEH_end_ecp_nistz256_gather_w7:
 .size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
 
@@ -4971,6 +4983,7 @@ ecp_nistz256_gather_w7:
 .type	ecp_nistz256_avx2_gather_w5,@function
 .align	32
 ecp_nistz256_avx2_gather_w5:
+.cfi_startproc	
 .Lavx2_gather_w5:
 	vzeroupper
 	vmovdqa	.LTwo(%rip),%ymm0
@@ -5025,6 +5038,7 @@ ecp_nistz256_avx2_gather_w5:
 	vmovdqu	%ymm4,64(%rdi)
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .LSEH_end_ecp_nistz256_avx2_gather_w5:
 .size	ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5
 
@@ -5034,6 +5048,7 @@ ecp_nistz256_avx2_gather_w5:
 .type	ecp_nistz256_avx2_gather_w7,@function
 .align	32
 ecp_nistz256_avx2_gather_w7:
+.cfi_startproc	
 .Lavx2_gather_w7:
 	vzeroupper
 	vmovdqa	.LThree(%rip),%ymm0
@@ -5103,11 +5118,13 @@ ecp_nistz256_avx2_gather_w7:
 	vmovdqu	%ymm3,32(%rdi)
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .LSEH_end_ecp_nistz256_avx2_gather_w7:
 .size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
 .type	__ecp_nistz256_add_toq,@function
 .align	32
 __ecp_nistz256_add_toq:
+.cfi_startproc	
 	xorq	%r11,%r11
 	addq	0(%rbx),%r12
 	adcq	8(%rbx),%r13
@@ -5135,11 +5152,13 @@ __ecp_nistz256_add_toq:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq
 
 .type	__ecp_nistz256_sub_fromq,@function
 .align	32
 __ecp_nistz256_sub_fromq:
+.cfi_startproc	
 	subq	0(%rbx),%r12
 	sbbq	8(%rbx),%r13
 	movq	%r12,%rax
@@ -5166,11 +5185,13 @@ __ecp_nistz256_sub_fromq:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq
 
 .type	__ecp_nistz256_subq,@function
 .align	32
 __ecp_nistz256_subq:
+.cfi_startproc	
 	subq	%r12,%rax
 	sbbq	%r13,%rbp
 	movq	%rax,%r12
@@ -5193,11 +5214,13 @@ __ecp_nistz256_subq:
 	cmovnzq	%r10,%r9
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_subq,.-__ecp_nistz256_subq
 
 .type	__ecp_nistz256_mul_by_2q,@function
 .align	32
 __ecp_nistz256_mul_by_2q:
+.cfi_startproc	
 	xorq	%r11,%r11
 	addq	%r12,%r12
 	adcq	%r13,%r13
@@ -5225,6 +5248,7 @@ __ecp_nistz256_mul_by_2q:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q
 .globl	ecp_nistz256_point_double
 .type	ecp_nistz256_point_double,@function
@@ -5657,7 +5681,9 @@ ecp_nistz256_point_add:
 .byte	102,72,15,126,206
 .byte	102,72,15,126,199
 	addq	$416,%rsp
+.cfi_adjust_cfa_offset	-416
 	jmp	.Lpoint_double_shortcutq
+.cfi_adjust_cfa_offset	416
 
 .align	32
 .Ladd_proceedq:
@@ -6219,6 +6245,7 @@ ecp_nistz256_point_add_affine:
 .type	__ecp_nistz256_add_tox,@function
 .align	32
 __ecp_nistz256_add_tox:
+.cfi_startproc	
 	xorq	%r11,%r11
 	adcq	0(%rbx),%r12
 	adcq	8(%rbx),%r13
@@ -6247,11 +6274,13 @@ __ecp_nistz256_add_tox:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox
 
 .type	__ecp_nistz256_sub_fromx,@function
 .align	32
 __ecp_nistz256_sub_fromx:
+.cfi_startproc	
 	xorq	%r11,%r11
 	sbbq	0(%rbx),%r12
 	sbbq	8(%rbx),%r13
@@ -6280,11 +6309,13 @@ __ecp_nistz256_sub_fromx:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx
 
 .type	__ecp_nistz256_subx,@function
 .align	32
 __ecp_nistz256_subx:
+.cfi_startproc	
 	xorq	%r11,%r11
 	sbbq	%r12,%rax
 	sbbq	%r13,%rbp
@@ -6309,11 +6340,13 @@ __ecp_nistz256_subx:
 	cmovcq	%r10,%r9
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_subx,.-__ecp_nistz256_subx
 
 .type	__ecp_nistz256_mul_by_2x,@function
 .align	32
 __ecp_nistz256_mul_by_2x:
+.cfi_startproc	
 	xorq	%r11,%r11
 	adcq	%r12,%r12
 	adcq	%r13,%r13
@@ -6342,6 +6375,7 @@ __ecp_nistz256_mul_by_2x:
 	movq	%r9,24(%rdi)
 
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	__ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x
 .type	ecp_nistz256_point_doublex,@function
 .align	32
@@ -6766,7 +6800,9 @@ ecp_nistz256_point_addx:
 .byte	102,72,15,126,206
 .byte	102,72,15,126,199
 	addq	$416,%rsp
+.cfi_adjust_cfa_offset	-416
 	jmp	.Lpoint_double_shortcutx
+.cfi_adjust_cfa_offset	416
 
 .align	32
 .Ladd_proceedx:
diff --git a/secure/lib/libcrypto/amd64/ghash-x86_64.S b/secure/lib/libcrypto/amd64/ghash-x86_64.S
index 9d83bd9f19750..078353528d5f5 100644
--- a/secure/lib/libcrypto/amd64/ghash-x86_64.S
+++ b/secure/lib/libcrypto/amd64/ghash-x86_64.S
@@ -707,6 +707,7 @@ gcm_ghash_4bit:
 .type	gcm_init_clmul,@function
 .align	16
 gcm_init_clmul:
+.cfi_startproc	
 .L_init_clmul:
 	movdqu	(%rsi),%xmm2
 	pshufd	$78,%xmm2,%xmm2
@@ -858,11 +859,13 @@ gcm_init_clmul:
 .byte	102,15,58,15,227,8
 	movdqu	%xmm4,80(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_init_clmul,.-gcm_init_clmul
 .globl	gcm_gmult_clmul
 .type	gcm_gmult_clmul,@function
 .align	16
 gcm_gmult_clmul:
+.cfi_startproc	
 .L_gmult_clmul:
 	movdqu	(%rdi),%xmm0
 	movdqa	.Lbswap_mask(%rip),%xmm5
@@ -909,11 +912,13 @@ gcm_gmult_clmul:
 .byte	102,15,56,0,197
 	movdqu	%xmm0,(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_gmult_clmul,.-gcm_gmult_clmul
 .globl	gcm_ghash_clmul
 .type	gcm_ghash_clmul,@function
 .align	32
 gcm_ghash_clmul:
+.cfi_startproc	
 .L_ghash_clmul:
 	movdqa	.Lbswap_mask(%rip),%xmm10
 
@@ -1292,11 +1297,13 @@ gcm_ghash_clmul:
 .byte	102,65,15,56,0,194
 	movdqu	%xmm0,(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_ghash_clmul,.-gcm_ghash_clmul
 .globl	gcm_init_avx
 .type	gcm_init_avx,@function
 .align	32
 gcm_init_avx:
+.cfi_startproc	
 	vzeroupper
 
 	vmovdqu	(%rsi),%xmm2
@@ -1399,17 +1406,21 @@ gcm_init_avx:
 
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_init_avx,.-gcm_init_avx
 .globl	gcm_gmult_avx
 .type	gcm_gmult_avx,@function
 .align	32
 gcm_gmult_avx:
+.cfi_startproc	
 	jmp	.L_gmult_clmul
+.cfi_endproc	
 .size	gcm_gmult_avx,.-gcm_gmult_avx
 .globl	gcm_ghash_avx
 .type	gcm_ghash_avx,@function
 .align	32
 gcm_ghash_avx:
+.cfi_startproc	
 	vzeroupper
 
 	vmovdqu	(%rdi),%xmm10
@@ -1781,6 +1792,7 @@ gcm_ghash_avx:
 	vmovdqu	%xmm10,(%rdi)
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	gcm_ghash_avx,.-gcm_ghash_avx
 .align	64
 .Lbswap_mask:
diff --git a/secure/lib/libcrypto/amd64/rsaz-avx2.S b/secure/lib/libcrypto/amd64/rsaz-avx2.S
index 4e186e11e870f..3075a52d2eec5 100644
--- a/secure/lib/libcrypto/amd64/rsaz-avx2.S
+++ b/secure/lib/libcrypto/amd64/rsaz-avx2.S
@@ -1214,6 +1214,7 @@ rsaz_1024_mul_avx2:
 .type	rsaz_1024_red2norm_avx2,@function
 .align	32
 rsaz_1024_red2norm_avx2:
+.cfi_startproc	
 	subq	$-128,%rsi
 	xorq	%rax,%rax
 	movq	-128(%rsi),%r8
@@ -1405,12 +1406,14 @@ rsaz_1024_red2norm_avx2:
 	movq	%rax,120(%rdi)
 	movq	%r11,%rax
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2
 
 .globl	rsaz_1024_norm2red_avx2
 .type	rsaz_1024_norm2red_avx2,@function
 .align	32
 rsaz_1024_norm2red_avx2:
+.cfi_startproc	
 	subq	$-128,%rdi
 	movq	(%rsi),%r8
 	movl	$0x1fffffff,%eax
@@ -1563,11 +1566,13 @@ rsaz_1024_norm2red_avx2:
 	movq	%r8,176(%rdi)
 	movq	%r8,184(%rdi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2
 .globl	rsaz_1024_scatter5_avx2
 .type	rsaz_1024_scatter5_avx2,@function
 .align	32
 rsaz_1024_scatter5_avx2:
+.cfi_startproc	
 	vzeroupper
 	vmovdqu	.Lscatter_permd(%rip),%ymm5
 	shll	$4,%edx
@@ -1587,6 +1592,7 @@ rsaz_1024_scatter5_avx2:
 
 	vzeroupper
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2
 
 .globl	rsaz_1024_gather5_avx2
diff --git a/secure/lib/libcrypto/amd64/vpaes-x86_64.S b/secure/lib/libcrypto/amd64/vpaes-x86_64.S
index 7b0ef0dd04778..b9c6f7e98a690 100644
--- a/secure/lib/libcrypto/amd64/vpaes-x86_64.S
+++ b/secure/lib/libcrypto/amd64/vpaes-x86_64.S
@@ -20,6 +20,7 @@
 .type	_vpaes_encrypt_core,@function
 .align	16
 _vpaes_encrypt_core:
+.cfi_startproc	
 	movq	%rdx,%r9
 	movq	$16,%r11
 	movl	240(%rdx),%eax
@@ -100,6 +101,7 @@ _vpaes_encrypt_core:
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,193
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
 
 
@@ -110,6 +112,7 @@ _vpaes_encrypt_core:
 .type	_vpaes_decrypt_core,@function
 .align	16
 _vpaes_decrypt_core:
+.cfi_startproc	
 	movq	%rdx,%r9
 	movl	240(%rdx),%eax
 	movdqa	%xmm9,%xmm1
@@ -206,6 +209,7 @@ _vpaes_decrypt_core:
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,194
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
 
 
@@ -216,6 +220,7 @@ _vpaes_decrypt_core:
 .type	_vpaes_schedule_core,@function
 .align	16
 _vpaes_schedule_core:
+.cfi_startproc	
 
 
 
@@ -382,6 +387,7 @@ _vpaes_schedule_core:
 	pxor	%xmm6,%xmm6
 	pxor	%xmm7,%xmm7
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_schedule_core,.-_vpaes_schedule_core
 
 
@@ -401,6 +407,7 @@ _vpaes_schedule_core:
 .type	_vpaes_schedule_192_smear,@function
 .align	16
 _vpaes_schedule_192_smear:
+.cfi_startproc	
 	pshufd	$0x80,%xmm6,%xmm1
 	pshufd	$0xFE,%xmm7,%xmm0
 	pxor	%xmm1,%xmm6
@@ -409,6 +416,7 @@ _vpaes_schedule_192_smear:
 	movdqa	%xmm6,%xmm0
 	movhlps	%xmm1,%xmm6
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
 
 
@@ -432,6 +440,7 @@ _vpaes_schedule_192_smear:
 .type	_vpaes_schedule_round,@function
 .align	16
 _vpaes_schedule_round:
+.cfi_startproc	
 
 	pxor	%xmm1,%xmm1
 .byte	102,65,15,58,15,200,15
@@ -485,6 +494,7 @@ _vpaes_schedule_low_round:
 	pxor	%xmm7,%xmm0
 	movdqa	%xmm0,%xmm7
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_schedule_round,.-_vpaes_schedule_round
 
 
@@ -499,6 +509,7 @@ _vpaes_schedule_low_round:
 .type	_vpaes_schedule_transform,@function
 .align	16
 _vpaes_schedule_transform:
+.cfi_startproc	
 	movdqa	%xmm9,%xmm1
 	pandn	%xmm0,%xmm1
 	psrld	$4,%xmm1
@@ -509,6 +520,7 @@ _vpaes_schedule_transform:
 .byte	102,15,56,0,193
 	pxor	%xmm2,%xmm0
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
 
 
@@ -537,6 +549,7 @@ _vpaes_schedule_transform:
 .type	_vpaes_schedule_mangle,@function
 .align	16
 _vpaes_schedule_mangle:
+.cfi_startproc	
 	movdqa	%xmm0,%xmm4
 	movdqa	.Lk_mc_forward(%rip),%xmm5
 	testq	%rcx,%rcx
@@ -601,6 +614,7 @@ _vpaes_schedule_mangle:
 	andq	$0x30,%r8
 	movdqu	%xmm3,(%rdx)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
 
 
@@ -610,6 +624,7 @@ _vpaes_schedule_mangle:
 .type	vpaes_set_encrypt_key,@function
 .align	16
 vpaes_set_encrypt_key:
+.cfi_startproc	
 	movl	%esi,%eax
 	shrl	$5,%eax
 	addl	$5,%eax
@@ -620,12 +635,14 @@ vpaes_set_encrypt_key:
 	call	_vpaes_schedule_core
 	xorl	%eax,%eax
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
 
 .globl	vpaes_set_decrypt_key
 .type	vpaes_set_decrypt_key,@function
 .align	16
 vpaes_set_decrypt_key:
+.cfi_startproc	
 	movl	%esi,%eax
 	shrl	$5,%eax
 	addl	$5,%eax
@@ -641,33 +658,39 @@ vpaes_set_decrypt_key:
 	call	_vpaes_schedule_core
 	xorl	%eax,%eax
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
 
 .globl	vpaes_encrypt
 .type	vpaes_encrypt,@function
 .align	16
 vpaes_encrypt:
+.cfi_startproc	
 	movdqu	(%rdi),%xmm0
 	call	_vpaes_preheat
 	call	_vpaes_encrypt_core
 	movdqu	%xmm0,(%rsi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	vpaes_encrypt,.-vpaes_encrypt
 
 .globl	vpaes_decrypt
 .type	vpaes_decrypt,@function
 .align	16
 vpaes_decrypt:
+.cfi_startproc	
 	movdqu	(%rdi),%xmm0
 	call	_vpaes_preheat
 	call	_vpaes_decrypt_core
 	movdqu	%xmm0,(%rsi)
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	vpaes_decrypt,.-vpaes_decrypt
 .globl	vpaes_cbc_encrypt
 .type	vpaes_cbc_encrypt,@function
 .align	16
 vpaes_cbc_encrypt:
+.cfi_startproc	
 	xchgq	%rcx,%rdx
 	subq	$16,%rcx
 	jc	.Lcbc_abort
@@ -703,6 +726,7 @@ vpaes_cbc_encrypt:
 	movdqu	%xmm6,(%r8)
 .Lcbc_abort:
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
 
 
@@ -713,6 +737,7 @@ vpaes_cbc_encrypt:
 .type	_vpaes_preheat,@function
 .align	16
 _vpaes_preheat:
+.cfi_startproc	
 	leaq	.Lk_s0F(%rip),%r10
 	movdqa	-32(%r10),%xmm10
 	movdqa	-16(%r10),%xmm11
@@ -722,6 +747,7 @@ _vpaes_preheat:
 	movdqa	80(%r10),%xmm15
 	movdqa	96(%r10),%xmm14
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	_vpaes_preheat,.-_vpaes_preheat
 
 
diff --git a/secure/lib/libcrypto/amd64/x86_64-mont5.S b/secure/lib/libcrypto/amd64/x86_64-mont5.S
index 87894fc63ffd8..85686f2aa4a29 100644
--- a/secure/lib/libcrypto/amd64/x86_64-mont5.S
+++ b/secure/lib/libcrypto/amd64/x86_64-mont5.S
@@ -2895,6 +2895,7 @@ bn_powerx5:
 .align	32
 bn_sqrx8x_internal:
 __bn_sqrx8x_internal:
+.cfi_startproc	
 
 
 
@@ -3506,6 +3507,7 @@ __bn_sqrx8x_reduction:
 	cmpq	8+8(%rsp),%r8
 	jb	.Lsqrx8x_reduction_loop
 	.byte	0xf3,0xc3
+.cfi_endproc	
 .size	bn_sqrx8x_internal,.-bn_sqrx8x_internal
 .align	32
 __bn_postx4x_internal:
diff --git a/secure/lib/libcrypto/man/ADMISSIONS.3 b/secure/lib/libcrypto/man/ADMISSIONS.3
index dd9b4240f99e0..5d43e1ae32d2d 100644
--- a/secure/lib/libcrypto/man/ADMISSIONS.3
+++ b/secure/lib/libcrypto/man/ADMISSIONS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ADMISSIONS 3"
-.TH ADMISSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ADMISSIONS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -204,58 +208,58 @@ by <https://www.t7ev.org>.
 Knowledge of those structures and their semantics is assumed.
 .PP
 The conventional routines to convert between \s-1DER\s0 and the local format
-are described in \fId2i_X509\fR\|(3).
+are described in \fBd2i_X509\fR\|(3).
 The conventional routines to allocate and free the types are defined
-in \fIX509_dup\fR\|(3).
+in \fBX509_dup\fR\|(3).
 .PP
 The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see
-\&\s-1\fIDEFINE_STACK_OF\s0\fR\|(3) for details.
+\&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details.
 .PP
 The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields.
-The \fINAMING_AUTHORITY_get0_authorityId()\fR,
-\&\fINAMING_AUTHORITY_get0_get0_authorityURL()\fR, and
-\&\fINAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers
+The \fBNAMING_AUTHORITY_get0_authorityId()\fR,
+\&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and
+\&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers
 to those values within the object.
-The \fINAMING_AUTHORITY_set0_authorityId()\fR,
-\&\fINAMING_AUTHORITY_set0_get0_authorityURL()\fR, and
-\&\fINAMING_AUTHORITY_set0_get0_authorityText()\fR,
+The \fBNAMING_AUTHORITY_set0_authorityId()\fR,
+\&\fBNAMING_AUTHORITY_set0_get0_authorityURL()\fR, and
+\&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR,
 functions free any existing value and set the pointer to the specified value.
 .PP
 The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of
 \&\fB\s-1ADMISSION\s0\fR objects.
-The \fIADMISSION_SYNTAX_get0_admissionAuthority()\fR
-and \fIADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers
+The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR
+and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers
 to those values within the object.
 The
-\&\fIADMISSION_SYNTAX_set0_admissionAuthority()\fR and
-\&\fIADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR
+\&\fBADMISSION_SYNTAX_set0_admissionAuthority()\fR and
+\&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR
 functions free any existing value and set the pointer to the specified value.
 .PP
 The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a
 stack of \fB\s-1PROFSSION_INFO\s0\fR items.
-The \fIADMISSIONS_get0_admissionAuthority()\fR, \fIADMISSIONS_get0_namingAuthority()\fR,
-and \fIADMISSIONS_get0_professionInfos()\fR
+The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR,
+and \fBADMISSIONS_get0_professionInfos()\fR
 functions return pointers to those values within the object.
 The
-\&\fIADMISSIONS_set0_admissionAuthority()\fR,
-\&\fIADMISSIONS_set0_namingAuthority()\fR, and
-\&\fIADMISSIONS_set0_professionInfos()\fR
+\&\fBADMISSIONS_set0_admissionAuthority()\fR,
+\&\fBADMISSIONS_set0_namingAuthority()\fR, and
+\&\fBADMISSIONS_set0_professionInfos()\fR
 functions free any existing value and set the pointer to the specified value.
 .PP
 The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of
 profession Items and OIDs, a registration number, and additional
 profession info.
-The functions \fIPROFESSION_INFO_get0_addProfessionInfo()\fR,
-\&\fIPROFESSION_INFO_get0_namingAuthority()\fR, \fIPROFESSION_INFO_get0_professionItems()\fR,
-\&\fIPROFESSION_INFO_get0_professionOIDs()\fR, and
-\&\fIPROFESSION_INFO_get0_registrationNumber()\fR
+The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR,
+\&\fBPROFESSION_INFO_get0_namingAuthority()\fR, \fBPROFESSION_INFO_get0_professionItems()\fR,
+\&\fBPROFESSION_INFO_get0_professionOIDs()\fR, and
+\&\fBPROFESSION_INFO_get0_registrationNumber()\fR
 functions return pointers to those values within the object.
 The
-\&\fIPROFESSION_INFO_set0_addProfessionInfo()\fR,
-\&\fIPROFESSION_INFO_set0_namingAuthority()\fR,
-\&\fIPROFESSION_INFO_set0_professionItems()\fR,
-\&\fIPROFESSION_INFO_set0_professionOIDs()\fR, and
-\&\fIPROFESSION_INFO_set0_registrationNumber()\fR
+\&\fBPROFESSION_INFO_set0_addProfessionInfo()\fR,
+\&\fBPROFESSION_INFO_set0_namingAuthority()\fR,
+\&\fBPROFESSION_INFO_set0_professionItems()\fR,
+\&\fBPROFESSION_INFO_set0_professionOIDs()\fR, and
+\&\fBPROFESSION_INFO_set0_registrationNumber()\fR
 functions free any existing value and set the pointer to the specified value.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -264,8 +268,8 @@ Note that all of the \fIget0\fR functions return a pointer to the internal data
 structure and must not be freed.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_dup\fR\|(3),
-\&\fId2i_X509\fR\|(3),
+\&\fBX509_dup\fR\|(3),
+\&\fBd2i_X509\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
index 2d382df14f87d..5740ecd32b056 100644
--- a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
+++ b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_INTEGER_GET_INT64 3"
-.TH ASN1_INTEGER_GET_INT64 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_INTEGER_GET_INT64 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,45 +171,45 @@ ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_I
 These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR
 structures.
 .PP
-\&\fIASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type
+\&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type
 If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails
 (due to invalid type or the value being too big to fit into an \fBint64_t\fR type)
 it returns 0.
 .PP
-\&\fIASN1_INTEGER_get_uint64()\fR is similar to \fIASN1_INTEGER_get_int64_t()\fR except it
+\&\fBASN1_INTEGER_get_uint64()\fR is similar to \fBASN1_INTEGER_get_int64_t()\fR except it
 converts to a \fBuint64_t\fR type and an error is returned if the passed integer
 is negative.
 .PP
-\&\fIASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is
+\&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is
 \&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for
-an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fIASN1_INTEGER_get_int64()\fR
+an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR
 instead.
 .PP
-\&\fIASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the
+\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the
 \&\fBint64_t\fR value \fBr\fR.
 .PP
-\&\fIASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the
+\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the
 \&\fBuint64_t\fR value \fBr\fR.
 .PP
-\&\fIASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value
+\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value
 \&\fBv\fR.
 .PP
-\&\fIBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR
+\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR
 is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then
 the existing structure will be used instead.
 .PP
-\&\fIASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is
+\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is
 \&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the
 existing structure will be used instead.
 .PP
-\&\fIASN1_ENUMERATED_get_int64()\fR, \fIASN1_ENUMERATED_set_int64()\fR,
-\&\fIASN1_ENUMERATED_set()\fR, \fIBN_to_ASN1_ENUMERATED()\fR and \fIASN1_ENUMERATED_to_BN()\fR
+\&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR,
+\&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR
 behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they
 operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value.
 .PP
-\&\fIASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to
-\&\fIASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not
-fit in a long type. New applications should use \fIASN1_ENUMERATED_get_int64()\fR
+\&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to
+\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not
+fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR
 instead.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -216,36 +220,36 @@ represent small integers which can be more easily manipulated if converted to
 an appropriate C integer type.
 .SH "BUGS"
 .IX Header "BUGS"
-The ambiguous return values of \fIASN1_INTEGER_get()\fR and \fIASN1_ENUMERATED_get()\fR
+The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR
 mean these functions should be avoided if possible. They are retained for
 compatibility. Normally the ambiguous return values are not legitimate
 values for the fields they represent.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_set()\fR, \fIASN1_ENUMERATED_set_int64()\fR and
-\&\fIASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only
+\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_set()\fR, \fBASN1_ENUMERATED_set_int64()\fR and
+\&\fBASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only
 fail if a memory allocation error occurs.
 .PP
-\&\fIASN1_INTEGER_get_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR return 1 for success
+\&\fBASN1_INTEGER_get_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR return 1 for success
 and 0 for failure. They will fail if the passed type is incorrect (this will
 only happen if there is a programming error) or if the value exceeds the range
 of an \fBint64_t\fR type.
 .PP
-\&\fIBN_to_ASN1_INTEGER()\fR and \fIBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or
+\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or
 \&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will
 only fail due to a memory allocation error.
 .PP
-\&\fIASN1_INTEGER_to_BN()\fR and \fIASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure
+\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure
 of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect
 (due to programming error) or due to a memory allocation failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_get_int64()\fR,
-\&\fIASN1_ENUMERATED_set_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR
-were added to OpenSSL 1.1.0.
+\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR,
+\&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR
+were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
index cdf3d67278941..ff74ed9b4468c 100644
--- a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
+++ b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_ITEM_LOOKUP 3"
-.TH ASN1_ITEM_LOOKUP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_ITEM_LOOKUP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,17 +150,17 @@ ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR.
+\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR.
 .PP
-\&\fIASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function
+\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function
 returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_ITEM_lookup()\fR and \fIASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure
+\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure
 or \fB\s-1NULL\s0\fR if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
index 6b7017deb6b21..599a3d045a982 100644
--- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_OBJECT_NEW 3"
-.TH ASN1_OBJECT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_OBJECT_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,25 +153,25 @@ ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions
 The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an
 \&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0
 .PP
-\&\fIASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure.
+\&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure.
 .PP
-\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR.
+\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR.
 If \fBa\fR is \s-1NULL,\s0 nothing is done.
 .SH "NOTES"
 .IX Header "NOTES"
-Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it
+Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it
 is almost never used in applications. The \s-1ASN1\s0 object utility functions
-such as \fIOBJ_nid2obj()\fR are used instead.
+such as \fBOBJ_nid2obj()\fR are used instead.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
-code that can be obtained by \fIERR_get_error\fR\|(3).
+If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fBERR_get_error\fR\|(3).
 Otherwise it returns a pointer to the newly allocated structure.
 .PP
-\&\fIASN1_OBJECT_free()\fR returns no value.
+\&\fBASN1_OBJECT_free()\fR returns no value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
index ab97f42b67b35..201e5ac0bdfcc 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_TABLE_ADD 3"
-.TH ASN1_STRING_TABLE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_STRING_TABLE_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,7 +160,7 @@ ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TAB
 (basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object.
 .SS "Functions"
 .IX Subsection "Functions"
-\&\fIASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the
+\&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the
 local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters.
 .PP
 If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are
@@ -165,22 +169,22 @@ and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is st
 a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with
 other parameters.
 .PP
-\&\fIASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based
+\&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based
 on \fBnid\fR. It will search the local table first, then the standard one.
 .PP
-\&\fIASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added
-by \fIASN1_STRING_TABLE_add()\fR.
+\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added
+by \fBASN1_STRING_TABLE_add()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred.
+\&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred.
 .PP
-\&\fIASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure
+\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure
 or \fB\s-1NULL\s0\fR if nothing is found.
 .PP
-\&\fIASN1_STRING_TABLE_cleanup()\fR does not return a value.
+\&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
index 6d35b461eb487..fc5792b1f1b46 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_LENGTH 3"
-.TH ASN1_STRING_LENGTH 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_STRING_LENGTH 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,32 +163,32 @@ ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRI
 .IX Header "DESCRIPTION"
 These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated.
 .PP
-\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
+\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
 .PP
-\&\fIASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR.
+\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR.
 Since this is an internal pointer it should \fBnot\fR be freed or
 modified in any way.
 .PP
-\&\fIASN1_STRING_data()\fR is similar to \fIASN1_STRING_get0_data()\fR except the
+\&\fBASN1_STRING_data()\fR is similar to \fBASN1_STRING_get0_data()\fR except the
 returned value is not constant. This function is deprecated:
-applications should use \fIASN1_STRING_get0_data()\fR instead.
+applications should use \fBASN1_STRING_get0_data()\fR instead.
 .PP
-\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR.
+\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR.
 .PP
-\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two
+\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two
 are identical. The string types and content are compared.
 .PP
-\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer
+\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer
 \&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR
 is \-1 then the length is determined by strlen(data).
 .PP
-\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants
+\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants
 such as \fBV_ASN1_OCTET_STRING\fR.
 .PP
-\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the
+\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the
 converted data is allocated in a buffer in \fB*out\fR. The length of
 \&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR
-should be freed using \fIOPENSSL_free()\fR.
+should be freed using \fBOPENSSL_free()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR
@@ -198,36 +202,36 @@ These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGE
 or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR
 utility functions should be used instead.
 .PP
-In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR
+In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR
 is null terminated or does not contain embedded nulls. The actual format
 of the data will depend on the actual string type itself: for example
 for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per
 character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format.
 .PP
 Similar care should be take to ensure the data is in the correct format
-when calling \fIASN1_STRING_set()\fR.
+when calling \fBASN1_STRING_set()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
+\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
 .PP
-\&\fIASN1_STRING_get0_data()\fR and \fIASN1_STRING_data()\fR return an internal pointer to
+\&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to
 the data of \fBx\fR.
 .PP
-\&\fIASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an
+\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an
 error occurred.
 .PP
-\&\fIASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0,
+\&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0,
 according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR.
 .PP
-\&\fIASN1_STRING_set()\fR returns 1 on success or 0 on error.
+\&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR.
+\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR.
 .PP
-\&\fIASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a
+\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a
 negative value if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
index ce33ba401a8e4..30b1e62bfb8f0 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_NEW 3"
-.TH ASN1_STRING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_STRING_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,27 +151,27 @@ ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocatio
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type
+\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type
 is undefined.
 .PP
-\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of
+\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of
 type \fBtype\fR.
 .PP
-\&\fIASN1_STRING_free()\fR frees up \fBa\fR.
+\&\fBASN1_STRING_free()\fR frees up \fBa\fR.
 If \fBa\fR is \s-1NULL\s0 nothing is done.
 .SH "NOTES"
 .IX Header "NOTES"
 Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example
-\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
+\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid
+\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid
 \&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIASN1_STRING_free()\fR does not return a value.
+\&\fBASN1_STRING_free()\fR does not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
index 47ac8ec74a6cc..47b5deff4c4f6 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_PRINT_EX 3"
-.TH ASN1_STRING_PRINT_EX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_STRING_PRINT_EX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,19 +156,19 @@ ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \
 These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to
 represent all the \s-1ASN1\s0 string types.
 .PP
-\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by
-the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs
+\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by
+the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs
 to \fBfp\fR instead.
 .PP
-\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
-\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0)
+\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
+\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0)
 with '.'.
 .PP
-\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR.
+\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIASN1_STRING_print()\fR is a deprecated function which should be avoided; use
-\&\fIASN1_STRING_print_ex()\fR instead.
+\&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use
+\&\fBASN1_STRING_print_ex()\fR instead.
 .PP
 Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is
 suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR.
@@ -199,7 +203,7 @@ all: everything is assumed to be one byte per character. This is primarily for
 debugging purposes and can result in confusing output in multi character strings.
 .PP
 If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out
-before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR.
+before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR.
 .PP
 The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just
 outputs the value of the string using the form #XXXX using hex format for each
@@ -221,16 +225,16 @@ equivalent to:
  \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_STRING_print_ex()\fR and \fIASN1_STRING_print_ex_fp()\fR return the number of
+\&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of
 characters written or \-1 if an error occurred.
 .PP
-\&\fIASN1_STRING_print()\fR returns 1 on success or 0 on error.
+\&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR.
+\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIASN1_tag2str\fR\|(3)
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBASN1_tag2str\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3
index 1a1f2d2633cbd..5930c55905e49 100644
--- a/secure/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_TIME_SET 3"
-.TH ASN1_TIME_SET 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_TIME_SET 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -182,11 +186,11 @@ ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_U
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR and \fIASN1_GENERALIZEDTIME_set()\fR
+The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR
 functions set the structure \fBs\fR to the time represented by the time_t
 value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned.
 .PP
-The \fIASN1_TIME_adj()\fR, \fIASN1_UTCTIME_adj()\fR and \fIASN1_GENERALIZEDTIME_adj()\fR
+The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR
 functions set the time structure \fBs\fR to the time represented
 by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR.
 The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a
@@ -194,29 +198,29 @@ time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of
 seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated
 and returned.
 .PP
-The \fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR and
-\&\fIASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR
+The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and
+\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR
 to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0
 time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0
 this function performs a format check on \fBstr\fR only. The string \fBstr\fR
 is copied into \fBs\fR.
 .PP
-\&\fIASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time
+\&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time
 represented by string \fBstr\fR which must be in appropriate time format
 that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and
 \&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format
 are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check
 on \fBstr\fR only.
 .PP
-The \fIASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or
+The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or
 \&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It
-should be used after the \fIASN1_TIME_set_string()\fR functions and before
-\&\fIASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results.
+should be used after the \fBASN1_TIME_set_string()\fR functions and before
+\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results.
 .PP
-The \fIASN1_TIME_check()\fR, \fIASN1_UTCTIME_check()\fR and \fIASN1_GENERALIZEDTIME_check()\fR
+The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR
 functions check the syntax of the time structure \fBs\fR.
 .PP
-The \fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR
+The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR
 functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable
 format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example
 \&\*(L"Feb  3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time
@@ -224,7 +228,7 @@ structure has invalid format it prints out \*(L"Bad time value\*(R" and returns
 an error. The output for generalized time may include a fractional part
 following the second.
 .PP
-\&\fIASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure.
+\&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure.
 If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0
 The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR,
 \&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values,
@@ -233,7 +237,7 @@ a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractio
 seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while
 converting \fBs\fR to \fBtm\fR structure.
 .PP
-\&\fIASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between
+\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between
 \&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then
 one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR
 will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then
@@ -243,13 +247,13 @@ If both \fB*pday\fR and \fB*psec\fR are non-zero they will always have the same
 sign. The value of \fB*psec\fR will always be less than the number of seconds
 in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used.
 .PP
-The \fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR functions compare
+The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare
 the two times represented by the time structure \fBs\fR and the time_t \fBt\fR.
 .PP
-The \fIASN1_TIME_compare()\fR function compares the two times represented by the
+The \fBASN1_TIME_compare()\fR function compares the two times represented by the
 time structures \fBa\fR and \fBb\fR.
 .PP
-The \fIASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an
+The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an
 \&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or
 \&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use.
 .SH "NOTES"
@@ -260,7 +264,7 @@ in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else
 GeneralizedTime is used.
 .PP
 The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented
-as an \s-1ASN1_STRING\s0 internally and can be freed up using \fIASN1_STRING_free()\fR.
+as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR.
 .PP
 The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt
 is made to correct ancient calendar changes (for example from Julian to
@@ -269,15 +273,15 @@ Gregorian calendars).
 \&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049.
 .PP
 Some applications add offset times directly to a time_t value and pass the
-results to \fIASN1_TIME_set()\fR (or equivalent). This can cause problems as the
+results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the
 time_t value can overflow on some systems resulting in unexpected results.
-New applications should use \fIASN1_TIME_adj()\fR instead and pass the offset value
+New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value
 in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly
 manipulating a time_t value.
 .PP
-\&\fIASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0
-or vice versa, based on the resulting year. The \fIASN1_GENERALIZEDTIME_adj()\fR and
-\&\fIASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure.
+\&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0
+or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and
+\&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure.
 .PP
 It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of
 those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions
@@ -286,11 +290,11 @@ time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either
 format.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR
+\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR
 do not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all
 certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway.
 .PP
-Use the \fIASN1_TIME_normalize()\fR function to normalize the time value before
+Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before
 printing to get \s-1GMT\s0 results.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
@@ -329,43 +333,43 @@ Determine if one time is later or sooner than the current time:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR, \fIASN1_GENERALIZEDTIME_set()\fR, \fIASN1_TIME_adj()\fR,
+\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR,
 ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure
 or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR, \fIASN1_GENERALIZEDTIME_set_string()\fR
-\&\fIASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise.
+\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR
+\&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise.
 .PP
-\&\fIASN1_TIME_normalize()\fR returns 1 on success, and 0 on error.
+\&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error.
 .PP
-\&\fIASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fIASN1_GENERALIZEDTIME_check()\fR return 1
+\&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1
 if the structure is syntactically correct and 0 otherwise.
 .PP
-\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR return 1
+\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1
 if the time is successfully printed out and 0 if an error occurred (I/O error or
 invalid time format).
 .PP
-\&\fIASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an
+\&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an
 error occurred (invalid time format).
 .PP
-\&\fIASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the
+\&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the
 passed-in time structure has invalid syntax, for example.
 .PP
-\&\fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is
+\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is
 before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned
 on error.
 .PP
-\&\fIASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error.
+\&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error.
 .PP
-\&\fIASN1_TIME_to_generalizedtime()\fR returns a pointer to
+\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to
 the appropriate time structure on success or \s-1NULL\s0 if an error occurred.
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1.
-The \fIASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1.
-The \fIASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1.
-The \fIASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1.
-The \fIASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1.
+The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1.
+The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1.
+The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1.
+The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1.
+The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/ASN1_TYPE_get.3
index 8fdf9ee50422a..aacace731a635 100644
--- a/secure/lib/libcrypto/man/ASN1_TYPE_get.3
+++ b/secure/lib/libcrypto/man/ASN1_TYPE_get.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_TYPE_GET 3"
-.TH ASN1_TYPE_GET 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_TYPE_GET 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,31 +160,31 @@ These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The
 \&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type
 such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type.
 .PP
-\&\fIASN1_TYPE_get()\fR returns the type of \fBa\fR.
+\&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR.
 .PP
-\&\fIASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This
+\&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This
 function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed
 up after the call.
 .PP
-\&\fIASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR.
+\&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR.
 .PP
-\&\fIASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if
+\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if
 they are identical and non-zero otherwise.
 .PP
-\&\fIASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in
+\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in
 \&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer
 to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the
 caller. If it fails it return \s-1NULL.\s0
 .PP
-\&\fIASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR
+\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR
 corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded
 \&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type
 is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0
 but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The type and meaning of the \fBvalue\fR parameter for \fIASN1_TYPE_set()\fR and
-\&\fIASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter.
+The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and
+\&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter.
 If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN
 then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is
 V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR
@@ -191,12 +195,12 @@ a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the
 \&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and
 length octets).
 .PP
-\&\fIASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have
+\&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have
 different encodings. For example the single content octet of the boolean \s-1TRUE\s0
-value under \s-1BER\s0 can have any non-zero encoding but \fIASN1_TYPE_cmp()\fR will
+value under \s-1BER\s0 can have any non-zero encoding but \fBASN1_TYPE_cmp()\fR will
 only return zero if the values are the same.
 .PP
-If either or both of the parameters passed to \fIASN1_TYPE_cmp()\fR is \s-1NULL\s0 the
+If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the
 return value is non-zero. Technically if both parameters are \s-1NULL\s0 the two
 types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing
 \&\s-1NULL\s0 values could also indicate a programming error (for example an
@@ -204,18 +208,18 @@ unparseable type which returns \s-1NULL\s0) for types which do \fBnot\fR match.
 applications should handle the case of two absent values separately.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument.
+\&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument.
 .PP
-\&\fIASN1_TYPE_set()\fR does not return a value.
+\&\fBASN1_TYPE_set()\fR does not return a value.
 .PP
-\&\fIASN1_TYPE_set1()\fR returns 1 for success and 0 for failure.
+\&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure.
 .PP
-\&\fIASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise.
+\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise.
 .PP
-\&\fIASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or
+\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or
 \&\s-1NULL\s0 on failure.
 .PP
-\&\fIASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or
+\&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or
 \&\s-1NULL\s0 on failure.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
index f4f64a5405f01..0a0afc8955da1 100644
--- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_GENERATE_NCONF 3"
-.TH ASN1_GENERATE_NCONF 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1_GENERATE_NCONF 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -360,13 +364,13 @@ structure:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded
+\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded
 data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-The error codes that can be obtained by \fIERR_get_error\fR\|(3).
+The error codes that can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
index b24f5c7e9d917..cb14f266a847e 100644
--- a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
+++ b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASYNC_WAIT_CTX_NEW 3"
-.TH ASYNC_WAIT_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASYNC_WAIT_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,25 +164,25 @@ ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 For an overview of how asynchronous operations are implemented in OpenSSL see
-\&\fIASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous
+\&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous
 \&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms
 this would have a one-to-one correspondence with an \s-1SSL\s0 connection.
 .PP
-Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fIASYNC_WAIT_CTX_new()\fR
-function prior to calling \fIASYNC_start_job()\fR (see \fIASYNC_start_job\fR\|(3)). When
+Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR
+function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When
 the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of
 that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one
 time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent
 \&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed),
-application code cleans up with \fIASYNC_WAIT_CTX_free()\fR.
+application code cleans up with \fBASYNC_WAIT_CTX_free()\fR.
 .PP
 ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling
-\&\fIASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in
+\&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in
 the \fBctx\fR parameter will return the wait file descriptors associated with that
 job in \fB*fd\fR. The number of file descriptors returned will be stored in
 \&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory
 has been allocated in \fB*fd\fR to receive all the file descriptors. Calling
-\&\fIASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file
+\&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file
 descriptors but will still populate \fB*numfds\fR. Therefore application code is
 typically expected to call this function twice: once to get the number of fds,
 and then again when sufficient memory has been allocated. If only one
@@ -186,13 +190,13 @@ asynchronous engine is being used then normally this call will only ever return
 one fd. If multiple asynchronous engines are being used then more could be
 returned.
 .PP
-The function \fIASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds
-have changed since the last call time \fIASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0
+The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds
+have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0
 result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has
 been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated
 with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR
 will be populated with the list of added and deleted fds respectively. Similarly
-to \fIASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not
+to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not
 \&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated.
 .PP
 Implementors of async aware code (e.g. engines) are encouraged to return a
@@ -207,25 +211,25 @@ application will have to periodically \*(L"poll\*(R" the job by attempting to re
 to see if it is ready to continue.
 .PP
 Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job
-via \fIASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting
-on by calling \fIASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an
-engine immediately prior to calling \fIASYNC_pause_job()\fR and not by end user code.
+via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting
+on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an
+engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code.
 An existing association with a file descriptor can be obtained using
-\&\fIASYNC_WAIT_CTX_get_fd()\fR and cleared using \fIASYNC_WAIT_CTX_clear_fd()\fR. Both of
+\&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of
 these functions requires a \fBkey\fR value which is unique to the async aware
 code.  This could be any unique value but a good candidate might be the
 \&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and
-will be returned in a subsequent call to \fIASYNC_WAIT_CTX_get_fd()\fR. The
-\&\fIASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R"
+will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The
+\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R"
 routine. This can be \s-1NULL\s0 but if provided will automatically get called when
 the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the
 fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if
-the fd is cleared directly via a call to \fIASYNC_WAIT_CTX_clear_fd()\fR.
+the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR.
 .PP
 An example of typical usage might be an async capable engine. User code would
 initiate cryptographic operations. The engine would initiate those operations
-asynchronously and then call \fIASYNC_WAIT_CTX_set_wait_fd()\fR followed by
-\&\fIASYNC_pause_job()\fR to return control to the user code. The user code can then
+asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by
+\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then
 perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other
 similar function on the wait file descriptor. The engine can signal to the user
 code that the job should be resumed by making the wait file descriptor
@@ -233,7 +237,7 @@ code that the job should be resumed by making the wait file descriptor
 file descriptor.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or
+\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or
 \&\s-1NULL\s0 on error.
 .PP
 ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
@@ -249,13 +253,13 @@ it is defined as an application developer's responsibility to include
 windows.h prior to async.h.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIASYNC_start_job\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd,
-ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
-ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to
-OpenSSL 1.1.0.
+\&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR,
+\&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR,
+\&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR
+were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ASYNC_start_job.3 b/secure/lib/libcrypto/man/ASYNC_start_job.3
index 2d3a7ebe3a5f0..241224ba8b93d 100644
--- a/secure/lib/libcrypto/man/ASYNC_start_job.3
+++ b/secure/lib/libcrypto/man/ASYNC_start_job.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASYNC_START_JOB 3"
-.TH ASYNC_START_JOB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASYNC_START_JOB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -166,12 +170,12 @@ The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefo
 efficiency reasons, jobs can be created up front and reused many times. They are
 held in a pool until they are needed, at which point they are removed from the
 pool, used, and then returned to the pool when the job completes. If the user
-application is multi-threaded, then \fIASYNC_init_thread()\fR may be called for each
+application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each
 thread that will initiate asynchronous jobs. Before
 user code exits per-thread resources need to be cleaned up. This will normally
-occur automatically (see \fIOPENSSL_init_crypto\fR\|(3)) but may be explicitly
-initiated by using \fIASYNC_cleanup_thread()\fR. No asynchronous jobs must be
-outstanding for the thread when \fIASYNC_cleanup_thread()\fR is called. Failing to
+occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly
+initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be
+outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to
 ensure this will result in memory leaks.
 .PP
 The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in
@@ -179,14 +183,14 @@ the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an
 \&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one
 will be automatically created, as long as the total of ASYNC_JOBs managed by the
 pool does not exceed \fBmax_size\fR. When the pool is first initialised
-\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fIASYNC_init_thread()\fR is
+\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is
 not called before the pool is first used then it will be called automatically
 with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs
 created up front).
 .PP
-An asynchronous job is started by calling the \fIASYNC_start_job()\fR function.
+An asynchronous job is started by calling the \fBASYNC_start_job()\fR function.
 Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0
-object created through the \fIASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should
+object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should
 point to a location where the return value of the asynchronous function should
 be stored on completion of the job. \fBfunc\fR represents the function that should
 be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR
@@ -195,7 +199,7 @@ ASYNC_start_job will return one of the following values:
 .IP "\fB\s-1ASYNC_ERR\s0\fR" 4
 .IX Item "ASYNC_ERR"
 An error occurred trying to start the job. Check the OpenSSL error queue (e.g.
-see \fIERR_print_errors\fR\|(3)) for more details.
+see \fBERR_print_errors\fR\|(3)) for more details.
 .IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4
 .IX Item "ASYNC_NO_JOBS"
 There are no jobs currently available in the pool. This call can be retried
@@ -203,11 +207,11 @@ again at a later time.
 .IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4
 .IX Item "ASYNC_PAUSE"
 The job was successfully started but was \*(L"paused\*(R" before it completed (see
-\&\fIASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work
+\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work
 can be performed (if desired) and the job restarted at a later time. To restart
-a job call \fIASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The
+a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The
 \&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job.
-When restarting a job \fIASYNC_start_job()\fR \fBmust\fR be called from the same thread
+When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread
 that the job was originally started from.
 .IP "\fB\s-1ASYNC_FINISH\s0\fR" 4
 .IX Item "ASYNC_FINISH"
@@ -215,20 +219,20 @@ The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBf
 be placed in \fB*ret\fR.
 .PP
 At any one time there can be a maximum of one job actively running per thread
-(you can have many that are paused). \fIASYNC_get_current_job()\fR can be used to get
+(you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get
 a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing
 then this will return \s-1NULL.\s0
 .PP
 If executing within the context of a job (i.e. having been called directly or
-indirectly by the function \*(L"func\*(R" passed as an argument to \fIASYNC_start_job()\fR)
-then \fIASYNC_pause_job()\fR will immediately return control to the calling
-application with \s-1ASYNC_PAUSE\s0 returned from the \fIASYNC_start_job()\fR call. A
+indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR)
+then \fBASYNC_pause_job()\fR will immediately return control to the calling
+application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A
 subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the
-\&\fB*job\fR parameter will resume execution from the \fIASYNC_pause_job()\fR call. If
-\&\fIASYNC_pause_job()\fR is called whilst not within the context of a job then no
-action is taken and \fIASYNC_pause_job()\fR returns immediately.
+\&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If
+\&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no
+action is taken and \fBASYNC_pause_job()\fR returns immediately.
 .PP
-\&\fIASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0
+\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0
 for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated
 with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R"
 using a system function call such as select or poll (being ready for \*(L"read\*(R"
@@ -238,30 +242,30 @@ attempting to restart it to see if it is ready to continue.
 .PP
 An example of typical usage might be an async capable engine. User code would
 initiate cryptographic operations. The engine would initiate those operations
-asynchronously and then call \fIASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by
-\&\fIASYNC_pause_job()\fR to return control to the user code. The user code can then
+asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by
+\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then
 perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other
 similar function on the wait file descriptor. The engine can signal to the user
 code that the job should be resumed by making the wait file descriptor
 \&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait
 file descriptor.
 .PP
-The \fIASYNC_block_pause()\fR function will prevent the currently active job from
+The \fBASYNC_block_pause()\fR function will prevent the currently active job from
 pausing. The block will remain in place until a subsequent call to
-\&\fIASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call
-\&\fIASYNC_block_pause()\fR twice then you must call \fIASYNC_unblock_pause()\fR twice in
+\&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call
+\&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in
 order to re-enable pausing. If these functions are called while there is no
 currently active job then they have no effect. This functionality can be useful
 to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an
 application acquires a lock. It then calls some cryptographic function which
-invokes \fIASYNC_pause_job()\fR. This returns control back to the code that created
+invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created
 the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before
 resuming the original job then a deadlock can occur. By calling
-\&\fIASYNC_block_pause()\fR immediately after acquiring the lock and
-\&\fIASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot
+\&\fBASYNC_block_pause()\fR immediately after acquiring the lock and
+\&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot
 occur.
 .PP
-Some platforms cannot support async operations. The \fIASYNC_is_capable()\fR function
+Some platforms cannot support async operations. The \fBASYNC_is_capable()\fR function
 can be used to detect whether the current platform is async capable or not.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -277,9 +281,9 @@ returned.
 ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or
 \&\s-1NULL\s0 if not within the context of a job.
 .PP
-\&\fIASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job.
+\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job.
 .PP
-\&\fIASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0
+\&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0
 otherwise.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -432,13 +436,13 @@ The expected output from executing the above example program is:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIERR_print_errors\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 ASYNC_init_thread, ASYNC_cleanup_thread,
-ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fIASYNC_get_wait_ctx()\fR,
-\&\fIASYNC_block_pause()\fR, \fIASYNC_unblock_pause()\fR and \fIASYNC_is_capable()\fR were first
-added to OpenSSL 1.1.0.
+ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR,
+\&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first
+added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BF_encrypt.3 b/secure/lib/libcrypto/man/BF_encrypt.3
index 59228ee4e8514..8065aa3939ae7 100644
--- a/secure/lib/libcrypto/man/BF_encrypt.3
+++ b/secure/lib/libcrypto/man/BF_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BF_ENCRYPT 3"
-.TH BF_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BF_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,59 +171,59 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ).
 Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
 It uses a variable size key, but typically, 128 bit (16 byte) keys are
 considered good for strong encryption.  Blowfish can be used in the same
-modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)).  Blowfish is currently one
+modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)).  Blowfish is currently one
 of the faster block ciphers.  It is quite a bit faster than \s-1DES,\s0 and much
 faster than \s-1IDEA\s0 or \s-1RC2.\s0
 .PP
 Blowfish consists of a key setup phase and the actual encryption or decryption
 phase.
 .PP
-\&\fIBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key
+\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key
 at \fBdata\fR.
 .PP
-\&\fIBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function.
+\&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function.
 It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR,
 putting the result in \fBout\fR.  \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR)
 or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed.  The vector pointed at by
 \&\fBin\fR and \fBout\fR must be 64 bits in length, no less.  If they are larger,
 everything after the first 64 bits is ignored.
 .PP
-The mode functions \fIBF_cbc_encrypt()\fR, \fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR
+The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR
 all operate on variable length data.  They all take an initialization vector
 \&\fBivec\fR which needs to be passed along into the next call of the same function
 for the same message.  \fBivec\fR may be initialized with anything, but the
 recipient needs to know what it was initialized with, or it won't be able
 to decrypt.  Some programs and protocols simplify this, like \s-1SSH,\s0 where
 \&\fBivec\fR is simply initialized to zero.
-\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while
-\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable
+\&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while
+\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable
 number of bytes (the amount does not have to be an exact multiple of 8).  The
 purpose of the latter two is to simulate stream ciphers, and therefore, they
 need the parameter \fBnum\fR, which is a pointer to an integer where the current
 offset in \fBivec\fR is stored between calls.  This integer must be initialized
 to zero when \fBivec\fR is initialized.
 .PP
-\&\fIBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish.  It
+\&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish.  It
 encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR,
 putting the result in \fBout\fR.  \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or
 decryption (\s-1BF_DECRYPT\s0) shall be performed.  \fBivec\fR must point at an 8 byte
 long initialization vector.
 .PP
-\&\fIBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback.
+\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback.
 It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR,
 putting the result in \fBout\fR.  \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR)
 or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed.  \fBivec\fR must point at an
 8 byte long initialization vector. \fBnum\fR must point at an integer which must
 be initially zero.
 .PP
-\&\fIBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback.
-It uses the same parameters as \fIBF_cfb64_encrypt()\fR, which must be initialized
+\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback.
+It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized
 the same way.
 .PP
-\&\fIBF_encrypt()\fR and \fIBF_decrypt()\fR are the lowest level functions for Blowfish
+\&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish
 encryption.  They encrypt/decrypt the first 64 bits of the vector pointed by
 \&\fBdata\fR, using the key \fBkey\fR.  These functions should not be used unless you
-implement 'modes' of Blowfish.  The alternative is to use \fIBF_ecb_encrypt()\fR.
+implement 'modes' of Blowfish.  The alternative is to use \fBBF_ecb_encrypt()\fR.
 If you still want to use these functions, you should be aware that they take
 each 32\-bit chunk in host-byte order, which is little-endian on little-endian
 platforms and big-endian on big-endian ones.
@@ -229,12 +233,12 @@ None of the functions presented here return any value.
 .SH "NOTE"
 .IX Header "NOTE"
 Applications should use the higher level functions
-\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these
+\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these
 functions directly.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIdes_modes\fR\|(7)
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBdes_modes\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_ADDR.3 b/secure/lib/libcrypto/man/BIO_ADDR.3
index cc36a3cc8506e..f6571c41d30ea 100644
--- a/secure/lib/libcrypto/man/BIO_ADDR.3
+++ b/secure/lib/libcrypto/man/BIO_ADDR.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_ADDR 3"
-.TH BIO_ADDR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_ADDR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -163,31 +167,31 @@ addresses that OpenSSL deals with, currently transparently
 supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's
 available on the platform at hand.
 .PP
-\&\fIBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used
+\&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used
 with routines that will fill it with information, such as
-\&\fIBIO_accept_ex()\fR.
+\&\fBBIO_accept_ex()\fR.
 .PP
-\&\fIBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fIBIO_ADDR_new()\fR.
+\&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR.
 .PP
-\&\fIBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets
+\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets
 it back to an uninitialised state.
 .PP
-\&\fIBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of
+\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of
 size \fBwherelen\fR with an address in network byte order pointed at
 by \fBwhere\fR and a port number in network byte order in \fBport\fR (except
 for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and
 therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them.
 In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected
 to be the length of the path string (not including the terminating
-\&\s-1NUL,\s0 such as the result of a call to \fIstrlen()\fR).
+\&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR).
 \&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR.
 .PP
-\&\fIBIO_ADDR_family()\fR returns the protocol family of the given
+\&\fBBIO_ADDR_family()\fR returns the protocol family of the given
 \&\fB\s-1BIO_ADDR\s0\fR.  The possible non-error results are one of the
 constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the
 \&\s-1BIO_ADDR\s0 has not been initialised.
 .PP
-\&\fIBIO_ADDR_rawaddress()\fR will write the raw address of the given
+\&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given
 \&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL,
 and will set \fB*l\fR to be the amount of bytes the raw address
 takes up if \fBl\fR is non-NULL.
@@ -196,41 +200,41 @@ with \fBp\fR set to \fB\s-1NULL\s0\fR.  The raw address will be in network byte
 order, most significant byte first.
 In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the
 path string (not including the terminating \s-1NUL,\s0 such as the result of
-a call to \fIstrlen()\fR).
+a call to \fBstrlen()\fR).
 \&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR.
 .PP
-\&\fIBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR.
+\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR.
 The raw port will be in network byte order.
 .PP
-\&\fIBIO_ADDR_hostname_string()\fR returns a character string with the
+\&\fBBIO_ADDR_hostname_string()\fR returns a character string with the
 hostname of the given \fB\s-1BIO_ADDR\s0\fR.  If \fBnumeric\fR is 1, the string
 will contain the numerical form of the address.  This only works for
 \&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0  The
 returned string has been allocated on the heap and must be freed
-with \fIOPENSSL_free()\fR.
+with \fBOPENSSL_free()\fR.
 .PP
-\&\fIBIO_ADDR_service_string()\fR returns a character string with the
+\&\fBBIO_ADDR_service_string()\fR returns a character string with the
 service name of the port of the given \fB\s-1BIO_ADDR\s0\fR.  If \fBnumeric\fR
 is 1, the string will contain the port number.  This only works
 for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0  The
 returned string has been allocated on the heap and must be freed
-with \fIOPENSSL_free()\fR.
+with \fBOPENSSL_free()\fR.
 .PP
-\&\fIBIO_ADDR_path_string()\fR returns a character string with the path
+\&\fBBIO_ADDR_path_string()\fR returns a character string with the path
 of the given \fB\s-1BIO_ADDR\s0\fR.  This only works for \fB\s-1BIO_ADDR\s0\fR of the
 protocol family \s-1AF_UNIX.\s0  The returned string has been allocated
-on the heap and must be freed with \fIOPENSSL_free()\fR.
+on the heap and must be freed with \fBOPENSSL_free()\fR.
 .SH "RAW ADDRESSES"
 .IX Header "RAW ADDRESSES"
-Both \fIBIO_ADDR_rawmake()\fR and \fIBIO_ADDR_rawaddress()\fR take a pointer to a
+Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a
 network byte order address of a specific site.  Internally, those are
 treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct
 in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all
 depending on the protocol family the address is for.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The string producing functions \fIBIO_ADDR_hostname_string()\fR,
-\&\fIBIO_ADDR_service_string()\fR and \fIBIO_ADDR_path_string()\fR will
+The string producing functions \fBBIO_ADDR_hostname_string()\fR,
+\&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will
 return \fB\s-1NULL\s0\fR on error and leave an error indication on the
 OpenSSL error stack.
 .PP
@@ -238,7 +242,7 @@ All other functions described here return 0 or \fB\s-1NULL\s0\fR when the
 information they should return isn't available.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBIO_connect\fR\|(3), \fIBIO_s_connect\fR\|(3)
+\&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/BIO_ADDRINFO.3
index c53494d1afeb9..932e3c5e352bc 100644
--- a/secure/lib/libcrypto/man/BIO_ADDRINFO.3
+++ b/secure/lib/libcrypto/man/BIO_ADDRINFO.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_ADDRINFO 3"
-.TH BIO_ADDRINFO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_ADDRINFO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -169,7 +173,7 @@ types provided on your platform.
 \&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be
 picked at one by one.
 .PP
-\&\fIBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and
+\&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and
 uses \fBlookup_type\fR to determine what the default address should
 be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to
 determine what protocol family, socket type and protocol should be used for
@@ -180,36 +184,36 @@ indicates that any type can be used. \fBprotocol\fR specifies a protocol such as
 used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR
 chain.
 .PP
-For the family \fB\s-1AF_UNIX\s0\fR, \fIBIO_lookup_ex()\fR will ignore the \fBservice\fR
+For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR
 parameter and expects the \fBnode\fR parameter to hold the path to the
 socket file.
 .PP
-\&\fIBIO_lookup()\fR does the same as \fIBIO_lookup_ex()\fR but does not provide the ability
+\&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability
 to select based on the protocol (any protocol may be returned).
 .PP
-\&\fIBIO_ADDRINFO_family()\fR returns the family of the given
+\&\fBBIO_ADDRINFO_family()\fR returns the family of the given
 \&\fB\s-1BIO_ADDRINFO\s0\fR.  The result will be one of the constants
 \&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0
 .PP
-\&\fIBIO_ADDRINFO_socktype()\fR returns the socket type of the given
+\&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given
 \&\fB\s-1BIO_ADDRINFO\s0\fR.  The result will be one of the constants
 \&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0
 .PP
-\&\fIBIO_ADDRINFO_protocol()\fR returns the protocol id of the given
+\&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given
 \&\fB\s-1BIO_ADDRINFO\s0\fR.  The result will be one of the constants
 \&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0
 .PP
-\&\fIBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR
+\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR
 of the given \fB\s-1BIO_ADDRINFO\s0\fR.
 .PP
-\&\fIBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain
+\&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain
 from the given one.
 .PP
-\&\fIBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting
+\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting
 with the given one.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_lookup_ex()\fR and \fIBIO_lookup()\fR return 1 on success and 0 when an error
+\&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error
 occurred, and will leave an error indication on the OpenSSL error stack in that
 case.
 .PP
@@ -217,14 +221,14 @@ All other functions described here return 0 or \fB\s-1NULL\s0\fR when the
 information they should return isn't available.
 .SH "NOTES"
 .IX Header "NOTES"
-The \fIBIO_lookup_ex()\fR implementation uses the platform provided \fIgetaddrinfo()\fR
+The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR
 function. On Linux it is known that specifying 0 for the protocol will not
-return any \s-1SCTP\s0 based addresses when calling \fIgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0
-address is required then the \fBprotocol\fR parameter to \fIBIO_lookup_ex()\fR should be
+return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0
+address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be
 explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms.
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1.
+The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_connect.3 b/secure/lib/libcrypto/man/BIO_connect.3
index 6c7d42714b521..a1adc6e97defa 100644
--- a/secure/lib/libcrypto/man/BIO_connect.3
+++ b/secure/lib/libcrypto/man/BIO_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_CONNECT 3"
-.TH BIO_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_CONNECT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,32 +154,32 @@ BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \-
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type
+\&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type
 \&\fBsocktype\fR and \fBprotocol\fR.  Socket \fBoptions\fR are currently unused,
 but is present for future use.
 .PP
-\&\fIBIO_bind()\fR binds the source address and service to a socket and
-may be useful before calling \fIBIO_connect()\fR.  The options may include
+\&\fBBIO_bind()\fR binds the source address and service to a socket and
+may be useful before calling \fBBIO_connect()\fR.  The options may include
 \&\fB\s-1BIO_SOCK_REUSADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below.
 .PP
-\&\fIBIO_connect()\fR connects \fBsock\fR to the address and service given by
+\&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by
 \&\fBaddr\fR.  Connection \fBoptions\fR may be zero or any combination of
 \&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR.
 The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below.
 .PP
-\&\fIBIO_listen()\fR has \fBsock\fR start listening on the address and service
+\&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service
 given by \fBaddr\fR.  Connection \fBoptions\fR may be zero or any
 combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR,
 \&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR.
 The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below.
 .PP
-\&\fIBIO_accept_ex()\fR waits for an incoming connections on the given
+\&\fBBIO_accept_ex()\fR waits for an incoming connections on the given
 socket \fBaccept_sock\fR.  When it gets a connection, the address and
 port of the peer gets stored in \fBpeer\fR if that one is non-NULL.
 Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied
 on the accepted socket.  The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below.
 .PP
-\&\fIBIO_closesocket()\fR closes \fBsock\fR.
+\&\fBBIO_closesocket()\fR closes \fBsock\fR.
 .SH "FLAGS"
 .IX Header "FLAGS"
 .IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4
@@ -206,26 +210,26 @@ These flags are bit flags, so they are to be combined with the
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR
+\&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR
 (\-1) on error.  When an error has occurred, the OpenSSL error stack
 will hold the error data and errno has the system error.
 .PP
-\&\fIBIO_bind()\fR, \fIBIO_connect()\fR and \fIBIO_listen()\fR return 1 on success or 0 on error.
+\&\fBBIO_bind()\fR, \fBBIO_connect()\fR and \fBBIO_listen()\fR return 1 on success or 0 on error.
 When an error has occurred, the OpenSSL error stack will hold the error
 data and errno has the system error.
 .PP
-\&\fIBIO_accept_ex()\fR returns the accepted socket on success or
+\&\fBBIO_accept_ex()\fR returns the accepted socket on success or
 \&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error.  When an error has occurred, the
 OpenSSL error stack will hold the error data and errno has the system
 error.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBIO_gethostname()\fR, \fIBIO_get_port()\fR, \fIBIO_get_host_ip()\fR,
-\&\fIBIO_get_accept_socket()\fR and \fIBIO_accept()\fR were deprecated in
+\&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR,
+\&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in
 OpenSSL 1.1.0.  Use the functions described above instead.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIBIO_ADDR\s0\fR\|(3)
+\&\s-1\fBBIO_ADDR\s0\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index ae20965da287a..5c0091d90b09c 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_CTRL 3"
-.TH BIO_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_CTRL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,7 +169,7 @@ BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BI
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR
+\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR
 are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types.
 These functions are not normally called directly, various macros
 are used instead. The standard macros are described below, macros
@@ -173,82 +177,82 @@ specific to a particular type of \s-1BIO\s0 are described in the specific
 BIOs manual page as well as any special features of the standard
 calls.
 .PP
-\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case
+\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case
 of file related BIOs for example it rewinds the file pointer to the
 start of the file.
 .PP
-\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and
+\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and
 \&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file.
 .PP
-\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0
+\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0
 .PP
-\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some
+\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some
 cases it is used to signal \s-1EOF\s0 and that no more data will be written.
 .PP
-\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of
+\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of
 \&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type.
 .PP
-\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
+\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
 take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used
 in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should
 be closed when the \s-1BIO\s0 is freed.
 .PP
-\&\fIBIO_get_close()\fR returns the BIOs close flag.
+\&\fBBIO_get_close()\fR returns the BIOs close flag.
 .PP
-\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
+\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR
 return the number of pending characters in the BIOs read and write buffers.
-Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR
-return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are
-macros which call \fIBIO_ctrl()\fR.
+Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR
+return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are
+macros which call \fBBIO_ctrl()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File
+\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File
 BIOs are an exception, they return 0 for success and \-1 for failure.
 .PP
-\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success
-and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0
+\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success
+and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0
 for success and \-1 for failure.
 .PP
-\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure.
+\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure.
 .PP
-\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise.
+\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise.
 .PP
-\&\fIBIO_set_close()\fR always returns 1.
+\&\fBBIO_set_close()\fR always returns 1.
 .PP
-\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
+\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
 .PP
-\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
+\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR
 return the amount of pending data.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating
-that the call should be retried later in a similar manner to \fIBIO_write_ex()\fR.
-The \fIBIO_should_retry()\fR call should be used and appropriate action taken
+\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating
+that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR.
+The \fBBIO_should_retry()\fR call should be used and appropriate action taken
 is the call fails.
 .PP
-The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably
+The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably
 determine the amount of pending data in all cases. For example in the
 case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures
 internal buffers but it is not possible to determine this in a
 portably way. For other types of \s-1BIO\s0 they may not be supported.
 .PP
-Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR
+Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR
 operation usually pass the operation to the next \s-1BIO\s0 in the chain.
 This often means there is no need to locate the required \s-1BIO\s0 for
 a particular operation, it can be called on a chain and it will
 be automatically passed to the relevant \s-1BIO.\s0 However this can cause
 unexpected results: for example no current filter BIOs implement
-\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0
+\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0
 or file descriptor \s-1BIO.\s0
 .PP
-Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR
+Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR
 operation.
 .SH "BUGS"
 .IX Header "BUGS"
 Some of the return values are ambiguous and care should be taken. In
 particular a return value of 0 can be returned if an operation is not
 supported, if an error occurred, if \s-1EOF\s0 has not been reached and in
-the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation.
+the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index d8c7dd82beb4d..b55b5f5eeec37 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_F_BASE64 3"
-.TH BIO_F_BASE64 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_F_BASE64 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,17 +150,17 @@ BIO_f_base64 \- base64 BIO filter
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter
+\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter
 \&\s-1BIO\s0 that base64 encodes any data written through it and decodes
 any data read through it.
 .PP
-Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
+Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR.
 .PP
-\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is
+\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is
 used to signal that no more data is to be encoded: this is used
 to flush the final block through the \s-1BIO.\s0
 .PP
-The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR
+The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR
 to encode the data all on one line or expect the data to be all
 on one line.
 .SH "NOTES"
@@ -165,7 +169,7 @@ Because of the format of base64 encoding the end of the encoded
 block cannot always be reliably determined.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method.
+\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 Base64 encode the string \*(L"Hello World\en\*(R" and write the result
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index fd6d4dbe1e8ec..cdf8cb39bf538 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_F_BUFFER 3"
-.TH BIO_F_BUFFER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_F_BUFFER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,58 +155,58 @@ BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, B
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
+\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
 .PP
 Data written to a buffering \s-1BIO\s0 is buffered and periodically written
 to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from
 an internal buffer which is filled from the next \s-1BIO\s0 in the chain.
-Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported.
+Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported.
 .PP
-Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data.
+Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data.
 .PP
-\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered.
+\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered.
 .PP
-\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
+\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR
 set the read, write or both read and write buffer sizes to \fBsize\fR. The initial
 buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the
 buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared
 when the buffer is resized.
 .PP
-\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR
+\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR
 bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer
 is expanded.
 .SH "NOTES"
 .IX Header "NOTES"
-These functions, other than \fIBIO_f_buffer()\fR, are implemented as macros.
+These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros.
 .PP
-Buffering BIOs implement \fIBIO_gets()\fR by using \fIBIO_read_ex()\fR operations on the
+Buffering BIOs implement \fBBIO_gets()\fR by using \fBBIO_read_ex()\fR operations on the
 next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore
-possible to provide \fIBIO_gets()\fR functionality if the following BIOs do not
+possible to provide \fBBIO_gets()\fR functionality if the following BIOs do not
 support it (for example \s-1SSL\s0 BIOs).
 .PP
 Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills
-or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR
+or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR
 whenever any pending data should be written such as when removing a buffering
-\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate
+\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate
 source/sink \s-1BIO\s0 is non blocking.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
+\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
 .PP
-\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0).
+\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0).
 .PP
-\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
+\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR
 return 1 if the buffer was successfully resized or 0 for failure.
 .PP
-\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if
+\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if
 there was an error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIbio\fR\|(7),
-\&\fIBIO_reset\fR\|(3),
-\&\fIBIO_flush\fR\|(3),
-\&\fIBIO_pop\fR\|(3),
-\&\fIBIO_ctrl\fR\|(3).
+\&\fBbio\fR\|(7),
+\&\fBBIO_reset\fR\|(3),
+\&\fBBIO_flush\fR\|(3),
+\&\fBBIO_pop\fR\|(3),
+\&\fBBIO_ctrl\fR\|(3).
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index b823f52d71fae..9686467d8dc74 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_F_CIPHER 3"
-.TH BIO_F_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_F_CIPHER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,53 +154,53 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- ciphe
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter
+\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter
 \&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data
 read from it. It is a \s-1BIO\s0 wrapper for the cipher routines
-\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR.
+\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR.
 .PP
-Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
+Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR.
 .PP
-\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is
+\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is
 used to signal that no more data is to be encrypted: this is used
 to flush and possibly pad the final block through the \s-1BIO.\s0
 .PP
-\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
+\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
 and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
 decryption.
 .PP
 When reading from an encryption \s-1BIO\s0 the final block is automatically
-decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR
-is a \fIBIO_ctrl()\fR macro which can be called to determine whether the
+decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR
+is a \fBBIO_ctrl()\fR macro which can be called to determine whether the
 decryption operation was successful.
 .PP
-\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal
+\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal
 \&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction
 with the standard cipher routines to set it up. This is useful when
-\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs.
+\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs.
 .SH "NOTES"
 .IX Header "NOTES"
-When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block
+When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block
 through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent
 decrypt.
 .PP
 When decrypting an error on the final block is signaled by a zero
 return value from the read operation. A successful decrypt followed
-by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR
+by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR
 should be called to determine if the decrypt was successful.
 .PP
-As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can
+As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can
 be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method.
+\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method.
 .PP
-\&\fIBIO_set_cipher()\fR does not return a value.
+\&\fBBIO_set_cipher()\fR does not return a value.
 .PP
-\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0
+\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0
 for failure.
 .PP
-\&\fIBIO_get_cipher_ctx()\fR currently always returns 1.
+\&\fBBIO_get_cipher_ctx()\fR currently always returns 1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index 44da6c6d9fa73..f6a97e88337d3 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_F_MD 3"
-.TH BIO_F_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_F_MD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,55 +153,55 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter
+\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter
 \&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper
-for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR
-and \fIEVP_DigestFinal()\fR.
+for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR
+and \fBEVP_DigestFinal()\fR.
 .PP
-Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read_ex()\fR and
-\&\fIBIO_write_ex()\fR is digested.
+Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and
+\&\fBBIO_write_ex()\fR is digested.
 .PP
-\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the
-digest calculation and returns the digest value. \fIBIO_puts()\fR is
+\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the
+digest calculation and returns the digest value. \fBBIO_puts()\fR is
 not supported.
 .PP
-\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0
+\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0
 .PP
-\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
+\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
 must be called to initialize a digest \s-1BIO\s0 before any data is
-passed through it. It is a \fIBIO_ctrl()\fR macro.
+passed through it. It is a \fBBIO_ctrl()\fR macro.
 .PP
-\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method
-in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro.
+\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method
+in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro.
 .PP
-\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR.
+\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The context returned by \fIBIO_get_md_ctx()\fR can be used in calls
-to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR
-and \fIEVP_VerifyFinal()\fR.
+The context returned by \fBBIO_get_md_ctx()\fR can be used in calls
+to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR
+and \fBEVP_VerifyFinal()\fR.
 .PP
-The context returned by \fIBIO_get_md_ctx()\fR is an internal context
+The context returned by \fBBIO_get_md_ctx()\fR is an internal context
 structure. Changes made to this context will affect the digest
 \&\s-1BIO\s0 itself and the context pointer will become invalid when the digest
 \&\s-1BIO\s0 is freed.
 .PP
 After the digest has been retrieved from a digest \s-1BIO\s0 it must be
-reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more
+reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more
 data is passed through it.
 .PP
-If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through
+If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through
 a chain containing digest BIOs then this can be done by prepending
 a buffering \s-1BIO.\s0
 .PP
-Calling \fIBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0
+Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0
 state. This allows applications to initialize the context externally
-if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible.
+if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method.
+\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method.
 .PP
-\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and
+\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and
 0 for failure.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
@@ -272,14 +276,14 @@ outputs them. This could be used with the examples above.
 .Ve
 .SH "BUGS"
 .IX Header "BUGS"
-The lack of support for \fIBIO_puts()\fR and the non standard behaviour of
-\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR
-and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest
+The lack of support for \fBBIO_puts()\fR and the non standard behaviour of
+\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR
+and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest
 the data passed through and that digests should be retrieved using a
-separate \fIBIO_ctrl()\fR call.
+separate \fBBIO_ctrl()\fR call.
 .SH "HISTORY"
 .IX Header "HISTORY"
-Before OpenSSL 1.0.0., the call to \fIBIO_get_md_ctx()\fR would only work if the
+Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the
 \&\s-1BIO\s0 was initialized first.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index acdcc779a1884..5f70deea14f5e 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_F_NULL 3"
-.TH BIO_F_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_F_NULL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ BIO_f_null \- null filter
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0
+\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0
 that does nothing.
 .PP
 All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in
@@ -156,7 +160,7 @@ behaves just as though the \s-1BIO\s0 was not there.
 As may be apparent a null filter \s-1BIO\s0 is not particularly useful.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method.
+\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index 161b72258c693..9027d5191dd8e 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_F_SSL 3"
-.TH BIO_F_SSL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_F_SSL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,7 +165,7 @@ BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
+\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
 is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
 \&\s-1SSL I/O.\s0
 .PP
@@ -169,63 +173,63 @@ I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol wi
 the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established
 then an attempt is made to establish one on the first I/O call.
 .PP
-If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically
+If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically
 used as the \s-1SSL\s0 BIOs read and write BIOs.
 .PP
-Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection
-by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
+Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection
+by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
 the chain: this will typically disconnect the underlying transport.
 The \s-1SSL BIO\s0 is then reset to the initial accept or connect state.
 .PP
 If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal
-\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR.
+\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR.
 .PP
-\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
+\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
 the close flag \fBc\fR.
 .PP
-\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
+\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
 manipulated using the standard \s-1SSL\s0 library functions.
 .PP
-\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
+\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
 is 1 client mode is set. If \fBclient\fR is 0 server mode is set.
 .PP
-\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
+\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
 to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write)
 the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at
 least 512 bytes.
 .PP
-\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to
+\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to
 \&\fBseconds\fR. When the renegotiate timeout elapses the session is
 automatically renegotiated.
 .PP
-\&\fIBIO_get_num_renegotiates()\fR returns the total number of session
+\&\fBBIO_get_num_renegotiates()\fR returns the total number of session
 renegotiations due to I/O or timeout.
 .PP
-\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
+\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
 client mode if \fBclient\fR is non zero.
 .PP
-\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
+\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
 \&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0
 .PP
-\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
+\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
 of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect
 \&\s-1BIO.\s0
 .PP
-\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
+\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
 \&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the
-\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on
+\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on
 the internal \s-1SSL\s0 pointer.
 .PP
-\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
+\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
 chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the
-chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0
+chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0
 pointer.
 .PP
-\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the
+\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the
 supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1
 if the connection was established successfully. A zero or negative
 value is returned if the connection could not be established, the
-call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
+call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs
 to determine if the call should be retried. If an \s-1SSL\s0 connection has
 already been established this call has no effect.
 .SH "NOTES"
@@ -233,7 +237,7 @@ already been established this call has no effect.
 \&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport
 is non blocking they can still request a retry in exceptional
 circumstances. Specifically this will happen if a session
-renegotiation takes place during a \fIBIO_read_ex()\fR operation, one
+renegotiation takes place during a \fBBIO_read_ex()\fR operation, one
 case where this happens is when step up occurs.
 .PP
 The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be
@@ -241,23 +245,23 @@ set to disable this behaviour. That is when this flag is set
 an \s-1SSL BIO\s0 using a blocking transport will never request a
 retry.
 .PP
-Since unknown \fIBIO_ctrl()\fR operations are sent through filter
-BIOs the servers name and port can be set using \fIBIO_set_host()\fR
-on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having
+Since unknown \fBBIO_ctrl()\fR operations are sent through filter
+BIOs the servers name and port can be set using \fBBIO_set_host()\fR
+on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having
 to locate the connect \s-1BIO\s0 first.
 .PP
-Applications do not have to call \fIBIO_do_handshake()\fR but may wish
+Applications do not have to call \fBBIO_do_handshake()\fR but may wish
 to do so to separate the handshake process from other I/O
 processing.
 .PP
-\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR,
-\&\fIBIO_set_ssl_renegotiate_bytes()\fR, \fIBIO_set_ssl_renegotiate_timeout()\fR,
-\&\fIBIO_get_num_renegotiates()\fR, and \fIBIO_do_handshake()\fR are implemented as macros.
+\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR,
+\&\fBBIO_set_ssl_renegotiate_bytes()\fR, \fBBIO_set_ssl_renegotiate_timeout()\fR,
+\&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an
 \&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the
-unencrypted example in \fIBIO_s_connect\fR\|(3).
+unencrypted example in \fBBIO_s_connect\fR\|(3).
 .PP
 .Vb 5
 \& BIO *sbio, *out;
@@ -400,22 +404,22 @@ a client and also echoes the request to standard output.
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure.
+\&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure.
 .PP
-\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR, \fIBIO_set_ssl_renegotiate_bytes()\fR,
-\&\fIBIO_set_ssl_renegotiate_timeout()\fR and \fIBIO_get_num_renegotiates()\fR return 1 on
+\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR,
+\&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on
 success or a value which is less than or equal to 0 if an error occurred.
 .PP
-\&\fIBIO_new_ssl()\fR, \fIBIO_new_ssl_connect()\fR and \fIBIO_new_buffer_ssl_connect()\fR return
+\&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return
 a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error.
+\&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIBIO_do_handshake()\fR returns 1 if the connection was established successfully.
+\&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully.
 A zero or negative value is returned if the connection could not be established.
 .SH "HISTORY"
 .IX Header "HISTORY"
-In OpenSSL before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly,
+In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly,
 the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of
 decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not
 explicitly being popped (e.g. a pop higher up the chain). Applications which
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index fa8a342ca89eb..98556b3c3cad1 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_FIND_TYPE 3"
-.TH BIO_FIND_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_FIND_TYPE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,11 +151,11 @@ BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
+The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
 at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search
 is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as
 \&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is
-searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
+searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
 found.
 .PP
 The following general types are defined:
@@ -159,18 +163,18 @@ The following general types are defined:
 .PP
 For a list of the specific types, see the \fBopenssl/bio.h\fR header file.
 .PP
-\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs
-in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a
+\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs
+in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a
 certain type.
 .PP
-\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0
+\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match.
+\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match.
 .PP
-\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
+\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
 .PP
-\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
+\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 Traverse a chain looking for digest BIOs:
diff --git a/secure/lib/libcrypto/man/BIO_get_data.3 b/secure/lib/libcrypto/man/BIO_get_data.3
index 7c4c2e020142a..4b2fefffe2554 100644
--- a/secure/lib/libcrypto/man/BIO_get_data.3
+++ b/secure/lib/libcrypto/man/BIO_get_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_GET_DATA 3"
-.TH BIO_GET_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_GET_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,29 +156,29 @@ BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_ge
 .IX Header "DESCRIPTION"
 These functions are mainly useful when implementing a custom \s-1BIO.\s0
 .PP
-The \fIBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with
-the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fIBIO_get_data()\fR.
+The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with
+the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR.
 This can be used by custom BIOs for storing implementation specific information.
 .PP
-The \fIBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate
+The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate
 whether initialisation has been completed for this \s-1BIO\s0 or not. A non-zero value
 indicates that initialisation is complete, whilst zero indicates that it is not.
 Often initialisation will complete during initial construction of the \s-1BIO.\s0 For
 some BIOs however, initialisation may not complete until after additional steps
-have occurred (for example through calling custom ctrls). The \fIBIO_get_init()\fR
+have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR
 function returns the value of the \*(L"init\*(R" flag.
 .PP
-The \fIBIO_set_shutdown()\fR and \fIBIO_get_shutdown()\fR functions set and get the state of
+The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of
 this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource
 is also closed when the \s-1BIO\s0 is freed.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_get_data()\fR returns a pointer to the implementation specific custom data
+\&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data
 associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set.
 .PP
-\&\fIBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag.
+\&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag.
 .PP
-\&\fIBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag.
+\&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 bio, BIO_meth_new
diff --git a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
index 3f7bcb0482894..eba80b6b04250 100644
--- a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_GET_EX_NEW_INDEX 3"
-.TH BIO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_GET_EX_NEW_INDEX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,29 +158,29 @@ BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index,
 .IX Header "DESCRIPTION"
 In the description here, \fI\s-1TYPE\s0\fR is used a placeholder
 for any of the OpenSSL datatypes listed in
-\&\fICRYPTO_get_ex_new_index\fR\|(3).
+\&\fBCRYPTO_get_ex_new_index\fR\|(3).
 .PP
 These functions handle application-specific data for OpenSSL data
 structures.
 .PP
-\&\fITYPE_get_new_ex_index()\fR is a macro that calls \fICRYPTO_get_ex_new_index()\fR
+\&\fBTYPE_get_new_ex_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR
 with the correct \fBindex\fR value.
 .PP
-\&\fITYPE_set_ex_data()\fR is a function that calls \fICRYPTO_set_ex_data()\fR with
+\&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with
 an offset into the opaque exdata part of the \s-1TYPE\s0 object.
 .PP
-\&\fITYPE_get_ex_data()\fR is a function that calls \fICRYPTO_get_ex_data()\fR with
+\&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with
 an offset into the opaque exdata part of the \s-1TYPE\s0 object.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fITYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error.
+\&\fBTYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error.
 .PP
-\&\fITYPE_set_ex_data()\fR returns 1 on success or 0 on error.
+\&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error.
 .PP
-\&\fITYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred.
+\&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fICRYPTO_get_ex_new_index\fR\|(3).
+\&\fBCRYPTO_get_ex_new_index\fR\|(3).
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_meth_new.3 b/secure/lib/libcrypto/man/BIO_meth_new.3
index 8143095162f86..1c6d3c205915c 100644
--- a/secure/lib/libcrypto/man/BIO_meth_new.3
+++ b/secure/lib/libcrypto/man/BIO_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_METH_NEW 3"
-.TH BIO_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -188,9 +192,9 @@ The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of n
 types. It provides a set of functions used by OpenSSL for the implementation
 of the various \s-1BIO\s0 capabilities. See the bio page for more information.
 .PP
-\&\fIBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a
+\&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a
 unique integer \fBtype\fR and a string that represents its \fBname\fR.
-Use \fIBIO_get_new_index()\fR to get the value for \fBtype\fR.
+Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR.
 .PP
 The set of
 standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples
@@ -201,66 +205,66 @@ based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the
 \&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for
 more information.
 .PP
-\&\fIBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory
+\&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory
 associated with it.
 .PP
-\&\fIBIO_meth_get_write_ex()\fR and \fIBIO_meth_set_write_ex()\fR get and set the function
+\&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function
 used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function
-will be called in response to the application calling \fIBIO_write_ex()\fR or
-\&\fIBIO_write()\fR. The parameters for the function have the same meaning as for
-\&\fIBIO_write_ex()\fR. Older code may call \fIBIO_meth_get_write()\fR and
-\&\fIBIO_meth_set_write()\fR instead. Applications should not call both
-\&\fIBIO_meth_set_write_ex()\fR and \fIBIO_meth_set_write()\fR or call \fIBIO_meth_get_write()\fR
-when the function was set with \fIBIO_meth_set_write_ex()\fR.
+will be called in response to the application calling \fBBIO_write_ex()\fR or
+\&\fBBIO_write()\fR. The parameters for the function have the same meaning as for
+\&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and
+\&\fBBIO_meth_set_write()\fR instead. Applications should not call both
+\&\fBBIO_meth_set_write_ex()\fR and \fBBIO_meth_set_write()\fR or call \fBBIO_meth_get_write()\fR
+when the function was set with \fBBIO_meth_set_write_ex()\fR.
 .PP
-\&\fIBIO_meth_get_read_ex()\fR and \fIBIO_meth_set_read_ex()\fR get and set the function used
+\&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used
 for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will
-be called in response to the application calling \fIBIO_read_ex()\fR or \fIBIO_read()\fR.
-The parameters for the function have the same meaning as for \fIBIO_read_ex()\fR.
-Older code may call \fIBIO_meth_get_read()\fR and \fIBIO_meth_set_read()\fR instead.
-Applications should not call both \fIBIO_meth_set_read_ex()\fR and \fIBIO_meth_set_read()\fR
-or call \fIBIO_meth_get_read()\fR when the function was set with
-\&\fIBIO_meth_set_read_ex()\fR.
+be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR.
+The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR.
+Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead.
+Applications should not call both \fBBIO_meth_set_read_ex()\fR and \fBBIO_meth_set_read()\fR
+or call \fBBIO_meth_get_read()\fR when the function was set with
+\&\fBBIO_meth_set_read_ex()\fR.
 .PP
-\&\fIBIO_meth_get_puts()\fR and \fIBIO_meth_set_puts()\fR get and set the function used for
+\&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for
 writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be
-called in response to the application calling \fIBIO_puts()\fR. The parameters for
-the function have the same meaning as for \fIBIO_puts()\fR.
+called in response to the application calling \fBBIO_puts()\fR. The parameters for
+the function have the same meaning as for \fBBIO_puts()\fR.
 .PP
-\&\fIBIO_meth_get_gets()\fR and \fIBIO_meth_set_gets()\fR get and set the function typically
-used for reading a line of data from the \s-1BIO\s0 respectively (see the \fIBIO_gets\fR\|(3)
+\&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically
+used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3)
 page for more information). This function will be called in response to the
-application calling \fIBIO_gets()\fR. The parameters for the function have the same
-meaning as for \fIBIO_gets()\fR.
+application calling \fBBIO_gets()\fR. The parameters for the function have the same
+meaning as for \fBBIO_gets()\fR.
 .PP
-\&\fIBIO_meth_get_ctrl()\fR and \fIBIO_meth_set_ctrl()\fR get and set the function used for
+\&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for
 processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for
 more information. This function will be called in response to the application
-calling \fIBIO_ctrl()\fR. The parameters for the function have the same meaning as for
-\&\fIBIO_ctrl()\fR.
+calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for
+\&\fBBIO_ctrl()\fR.
 .PP
-\&\fIBIO_meth_get_create()\fR and \fIBIO_meth_set_create()\fR get and set the function used
+\&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used
 for creating a new instance of the \s-1BIO\s0 respectively. This function will be
-called in response to the application calling \fIBIO_new()\fR and passing
-in a pointer to the current \s-1BIO_METHOD.\s0 The \fIBIO_new()\fR function will allocate the
+called in response to the application calling \fBBIO_new()\fR and passing
+in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the
 memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will
 be passed as a parameter to the function.
 .PP
-\&\fIBIO_meth_get_destroy()\fR and \fIBIO_meth_set_destroy()\fR get and set the function used
+\&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used
 for destroying an instance of a \s-1BIO\s0 respectively. This function will be
-called in response to the application calling \fIBIO_free()\fR. A pointer to the \s-1BIO\s0
+called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0
 to be destroyed is passed as a parameter. The destroy function should be used
 for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by
 this function.
 .PP
-\&\fIBIO_meth_get_callback_ctrl()\fR and \fIBIO_meth_set_callback_ctrl()\fR get and set the
+\&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the
 function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See
-the \fIBIO_callback_ctrl\fR\|(3) page for more information. This function will be called
-in response to the application calling \fIBIO_callback_ctrl()\fR. The parameters for
-the function have the same meaning as for \fIBIO_callback_ctrl()\fR.
+the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called
+in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for
+the function have the same meaning as for \fBBIO_callback_ctrl()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred.
+\&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred.
 .PP
 BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0
 if an error occurred.
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index 9ce06a5f167e6..5df1ed610ba46 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_NEW 3"
-.TH BIO_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,38 +153,38 @@ BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and f
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR.
+The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR.
 .PP
-\&\fIBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object.
+\&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object.
 .PP
-\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0
+\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0
 but it does not return a value.
 If \fBa\fR is \s-1NULL\s0 nothing is done.
-Calling \fIBIO_free()\fR may also have some effect
+Calling \fBBIO_free()\fR may also have some effect
 on the underlying I/O structure, for example it may close the file being
 referred to under certain circumstances. For more details see the individual
 \&\s-1BIO_METHOD\s0 descriptions.
 .PP
-\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error
+\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error
 occurs freeing up an individual \s-1BIO\s0 in the chain.
 If \fBa\fR is \s-1NULL\s0 nothing is done.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails.
+\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails.
 .PP
-\&\fIBIO_up_ref()\fR and \fIBIO_free()\fR return 1 for success and 0 for failure.
+\&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure.
 .PP
-\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values.
+\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values.
 .SH "NOTES"
 .IX Header "NOTES"
-If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting
+If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting
 in a memory leak.
 .PP
-Calling \fIBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR
+Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR
 on it other than the discarded return value.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque.
+\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 Create a memory \s-1BIO:\s0
diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3
index ca5447bb3e8d9..245ef4ae68b88 100644
--- a/secure/lib/libcrypto/man/BIO_new_CMS.3
+++ b/secure/lib/libcrypto/man/BIO_new_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_NEW_CMS 3"
-.TH BIO_NEW_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_NEW_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ BIO_new_CMS \- CMS streaming filter BIO
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output
+\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output
 of the filter is written to \fBout\fR. Any data written to the chain is
 automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type.
 .SH "NOTES"
@@ -153,15 +157,15 @@ automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appr
 The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It
 supports non blocking I/O. Content is processed and streamed on the fly and not
 all held in memory at once: so it is possible to encode very large structures.
-After all content has been written through the chain \fIBIO_flush()\fR must be called
+After all content has been written through the chain \fBBIO_flush()\fR must be called
 to finalise the structure.
 .PP
 The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR
 parameter of the \fBcms\fR creation function.
 .PP
 If an application wishes to write additional data to \fBout\fR BIOs should be
-removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR
-is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be
+removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR
+is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be
 called to free up the whole chain.
 .PP
 Any content written through the filter is used verbatim: no canonical
@@ -174,22 +178,22 @@ structures.
 .PP
 Large numbers of small writes through the chain should be avoided as this will
 produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending
-a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this.
+a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this.
 .SH "BUGS"
 .IX Header "BUGS"
 There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode
 a \s-1CMS\s0 structure on the fly.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_encrypt\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBIO_new_CMS()\fR was added to OpenSSL 1.0.0
+The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/BIO_parse_hostserv.3
index 098bdd163034d..d6ca29a490646 100644
--- a/secure/lib/libcrypto/man/BIO_parse_hostserv.3
+++ b/secure/lib/libcrypto/man/BIO_parse_hostserv.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_PARSE_HOSTSERV 3"
-.TH BIO_PARSE_HOSTSERV 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_PARSE_HOSTSERV 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,14 +153,14 @@ BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a sta
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR,
+\&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR,
 create strings with the host name and service name and give those
 back via \fBhost\fR and \fBservice\fR.  Those will need to be freed after
 they are used.  \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall
 be interpreted primarily as a host name or a service name in ambiguous
 cases.
 .PP
-The syntax the \fIBIO_parse_hostserv()\fR recognises is:
+The syntax the \fBBIO_parse_hostserv()\fR recognises is:
 .PP
 .Vb 7
 \& host + \*(Aq:\*(Aq + service
@@ -194,10 +198,10 @@ and \fBhostserv_prio\fR, as follows:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_parse_hostserv()\fR returns 1 on success or 0 on error.
+\&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIBIO_ADDRINFO\s0\fR\|(3)
+\&\s-1\fBBIO_ADDRINFO\s0\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_printf.3 b/secure/lib/libcrypto/man/BIO_printf.3
index 9a583b97db13d..fc39afb2c2e5a 100644
--- a/secure/lib/libcrypto/man/BIO_printf.3
+++ b/secure/lib/libcrypto/man/BIO_printf.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_PRINTF 3"
-.TH BIO_PRINTF 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_PRINTF 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,24 +153,24 @@ BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_printf()\fR is similar to the standard C \fIprintf()\fR function, except that
+\&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that
 the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard
 output.  All common format specifiers are supported.
 .PP
-\&\fIBIO_vprintf()\fR is similar to the \fIvprintf()\fR function found on many platforms,
+\&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms,
 the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard
 output.  All common format specifiers are supported. The argument
 list \fBargs\fR is a stdarg argument list.
 .PP
-\&\fIBIO_snprintf()\fR is for platforms that do not have the common \fIsnprintf()\fR
-function. It is like \fIsprintf()\fR except that the size parameter, \fBn\fR,
+\&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR
+function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR,
 specifies the size of the output buffer.
 .PP
-\&\fIBIO_vsnprintf()\fR is to \fIBIO_snprintf()\fR as \fIBIO_vprintf()\fR is to \fIBIO_printf()\fR.
+\&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 All functions return the number of bytes written, or \-1 on error.
-For \fIBIO_snprintf()\fR and \fIBIO_vsnprintf()\fR this includes when the output
+For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output
 buffer is too small.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index 59ad305882e15..954142d674725 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_PUSH 3"
-.TH BIO_PUSH 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_PUSH 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,24 +151,24 @@ BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
+The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
 \&\fBb\fR.
 .PP
-\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
+\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
 in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then
 becomes a single \s-1BIO\s0 with no association with the original chain,
 it can thus be freed or attached to a different chain.
 .PP
-\&\fIBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to
+\&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to
 by \fBnext\fR. The new chain may include some of the same BIOs from the old chain
 or it may be completely different.
 .SH "NOTES"
 .IX Header "NOTES"
-The names of these functions are perhaps a little misleading. \fIBIO_push()\fR
-joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain,
+The names of these functions are perhaps a little misleading. \fBBIO_push()\fR
+joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain,
 the deleted \s-1BIO\s0 does not need to be at the end of a chain.
 .PP
-The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional
+The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional
 consequences (a control call is made to the affected BIOs) any effects will
 be noted in the descriptions of individual BIOs.
 .SH "EXAMPLES"
@@ -200,16 +204,16 @@ The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data
 be written to \fBmd1\fR as before.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR.
+\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR.
 .PP
-\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next
+\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next
 \&\s-1BIO.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 bio
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIBIO_set_next()\fR function was added in OpenSSL 1.1.0.
+The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index a18f78da4392b..c490e4d58103e 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_READ 3"
-.TH BIO_READ 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_READ 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,37 +155,37 @@ BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data
+\&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data
 in \fBdata\fR. If any bytes were successfully read then the number of bytes read is
 stored in \fB*readbytes\fR.
 .PP
-\&\fIBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If
+\&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If
 successful then the number of bytes written is stored in \fB*written\fR.
 .PP
-\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
+\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
 the data in \fBbuf\fR.
 .PP
-\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
+\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
 in \fBbuf\fR. Usually this operation will attempt to read a line of data
 from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this,
-however; for example, \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
-return the digest and other BIOs may not support \fIBIO_gets()\fR at all.
+however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
+return the digest and other BIOs may not support \fBBIO_gets()\fR at all.
 The returned string is always NUL-terminated and the '\en' is preserved
 if present in the input data.
 .PP
-\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
+\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
 .PP
-\&\fIBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
+\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR return 1 if data was successfully read or
+\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or
 written, and 0 otherwise.
 .PP
 All other functions return either the amount of data successfully read or
 written (if the return value is positive) or that no data was successfully
 read or written if the result is 0 or \-1. If the return value is \-2 then
 the operation is not implemented in the specific \s-1BIO\s0 type.  The trailing
-\&\s-1NUL\s0 is not included in the length returned by \fIBIO_gets()\fR.
+\&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 A 0 or \-1 return is not necessarily an indication of an error. In
@@ -190,27 +194,27 @@ it may merely be an indication that no data is currently available and that
 the application should retry the operation later.
 .PP
 One technique sometimes used with blocking sockets is to use a system call
-(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available
-and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call
-\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to
-read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR
+(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available
+and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call
+\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to
+read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR
 can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying
-I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent)
+I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent)
 should be combined with non blocking I/O so successive reads will request
 a retry instead of blocking.
 .PP
-See \fIBIO_should_retry\fR\|(3) for details of how to
+See \fBBIO_should_retry\fR\|(3) for details of how to
 determine the cause of a retry and other I/O issues.
 .PP
-If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
-work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3)
+If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
+work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3)
 to the chain.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBIO_should_retry\fR\|(3)
+\&\fBBIO_should_retry\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBIO_gets()\fR on 1.1.0 and older when called on \fIBIO_fd()\fR based \s-1BIO\s0 does not
+\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not
 keep the '\en' at the end of the line in the buffer.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index f916bea479e68..d79a964012612 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_ACCEPT 3"
-.TH BIO_S_ACCEPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_ACCEPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -166,7 +170,7 @@ BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper
+\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper
 round the platform's \s-1TCP/IP\s0 socket accept routines.
 .PP
 Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data
@@ -178,50 +182,50 @@ on the underlying connection. If no connection is established
 and the port (see below) is set up properly then the \s-1BIO\s0
 waits for an incoming connection.
 .PP
-Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR.
+Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR.
 .PP
 If the close flag is set on an accept \s-1BIO\s0 then any active
 connection on that chain is shutdown and the socket closed when
 the \s-1BIO\s0 is freed.
 .PP
-Calling \fIBIO_reset()\fR on an accept \s-1BIO\s0 will close any active
+Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active
 connection and reset the \s-1BIO\s0 into a state where it awaits another
 incoming connection.
 .PP
-\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set
-the accept socket. See \fIBIO_s_fd\fR\|(3)
+\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set
+the accept socket. See \fBBIO_s_fd\fR\|(3)
 .PP
-\&\fIBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept
+\&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept
 name. The name is represented as a string of the form \*(L"host:port\*(R",
 where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port.
 The host can be \*(L"*\*(R" or empty which is interpreted as meaning
 any interface.  If the host is an IPv6 address, it has to be
 enclosed in brackets, for example \*(L"[::1]:https\*(R".  \*(L"port\*(R" has the
-same syntax as the port specified in \fIBIO_set_conn_port()\fR for
+same syntax as the port specified in \fBBIO_set_conn_port()\fR for
 connect BIOs, that is it can be a numerical port string or a
-string to lookup using \fIgetservbyname()\fR and a string table.
+string to lookup using \fBgetservbyname()\fR and a string table.
 .PP
-\&\fIBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept
+\&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept
 port.  \*(L"port\*(R" has the same syntax as the port specified in
-\&\fIBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical
-port string or a string to lookup using \fIgetservbyname()\fR and a string
+\&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical
+port string or a string to lookup using \fBgetservbyname()\fR and a string
 table.
 .PP
-\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_name()\fR into
+\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into
 a single call: that is it creates a new accept \s-1BIO\s0 with port
 \&\fBhost_port\fR.
 .PP
-\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode
+\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode
 (the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1.
 .PP
-\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which
+\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which
 will be duplicated and prepended to the chain when an incoming
 connection is received. This is useful if, for example, a
 buffering or \s-1SSL BIO\s0 is required for each connection. The
 chain of BIOs must not be freed after this call, they will
 be automatically freed when the accept \s-1BIO\s0 is freed.
 .PP
-\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve
+\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve
 the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set
 then another socket cannot be bound to the same port. If
 \&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the
@@ -230,10 +234,10 @@ attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails
 and the port is not in use then a second attempt is made
 using \fB\s-1BIO_BIND_REUSEADDR\s0\fR.
 .PP
-\&\fIBIO_do_accept()\fR serves two functions. When it is first
+\&\fBBIO_do_accept()\fR serves two functions. When it is first
 called, after the accept \s-1BIO\s0 has been setup, it will attempt
 to create the accept socket and bind an address to it. Second
-and subsequent calls to \fIBIO_do_accept()\fR will await an incoming
+and subsequent calls to \fBBIO_do_accept()\fR will await an incoming
 connection, or request a retry in non blocking mode.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -248,7 +252,7 @@ accept\->socket. This effectively means that attempting I/O on
 an initial accept socket will await an incoming connection then
 perform I/O on it.
 .PP
-If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR
+If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR
 then they are placed between the socket and the accept \s-1BIO,\s0
 that is the chain will be accept\->otherbios\->socket.
 .PP
@@ -265,43 +269,43 @@ After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently
 established connection and \fBaccept\fR will now be a single \s-1BIO\s0
 again which can be used to await further incoming connections.
 If no further connections will be accepted the \fBaccept\fR can
-be freed using \fIBIO_free()\fR.
+be freed using \fBBIO_free()\fR.
 .PP
 If only a single connection will be processed it is possible to
 perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable
 however because the accept \s-1BIO\s0 will still accept additional incoming
-connections. This can be resolved by using \fIBIO_pop()\fR (see above)
+connections. This can be resolved by using \fBBIO_pop()\fR (see above)
 and freeing up the accept \s-1BIO\s0 after the initial connection.
 .PP
-If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is
+If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is
 called to await an incoming connection it is possible for
-\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens
+\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens
 then it is an indication that an accept attempt would block: the application
 should take appropriate action to wait until the underlying socket has
 accepted a connection and retry the call.
 .PP
-\&\fIBIO_set_accept_name()\fR, \fIBIO_get_accept_name()\fR, \fIBIO_set_accept_port()\fR,
-\&\fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, \fIBIO_set_accept_bios()\fR,
-\&\fIBIO_get_peer_name()\fR, \fIBIO_get_peer_port()\fR,
-\&\fIBIO_get_accept_ip_family()\fR, \fIBIO_set_accept_ip_family()\fR,
-\&\fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and \fIBIO_do_accept()\fR are macros.
+\&\fBBIO_set_accept_name()\fR, \fBBIO_get_accept_name()\fR, \fBBIO_set_accept_port()\fR,
+\&\fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \fBBIO_set_accept_bios()\fR,
+\&\fBBIO_get_peer_name()\fR, \fBBIO_get_peer_port()\fR,
+\&\fBBIO_get_accept_ip_family()\fR, \fBBIO_set_accept_ip_family()\fR,
+\&\fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and \fBBIO_do_accept()\fR are macros.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_do_accept()\fR,
-\&\fIBIO_set_accept_name()\fR, \fIBIO_set_accept_port()\fR, \fIBIO_set_nbio_accept()\fR,
-\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_accept_ip_family()\fR, and \fIBIO_set_bind_mode()\fR
+\&\fBBIO_do_accept()\fR,
+\&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR,
+\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR
 return 1 for success and 0 or \-1 for failure.
 .PP
-\&\fIBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error.
-\&\fIBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error.
+\&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error.
+\&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error.
 .PP
-\&\fIBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error.
-\&\fIBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error.
-\&\fIBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error.
+\&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error.
+\&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error.
+\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error.
 .PP
-\&\fIBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure.
+\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure.
 .PP
-\&\fIBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error.
+\&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 This example accepts two connections on port 4444, sends messages
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index 61175dbc874d8..976cc3cfb3c67 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_BIO 3"
-.TH BIO_S_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,7 +164,7 @@ BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_wri
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink
+\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink
 BIOs where data written to either half of the pair is buffered and can be read from
 the other half. Both halves must usually by handled by the same application thread
 since no locking is done on the internal data structures.
@@ -173,47 +177,47 @@ One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under applica
 can be used when the application wishes to use a non standard transport for
 \&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate.
 .PP
-Calls to \fIBIO_read_ex()\fR will read data from the buffer or request a retry if no
+Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no
 data is available.
 .PP
-Calls to \fIBIO_write_ex()\fR will place data in the buffer or request a retry if the
+Calls to \fBBIO_write_ex()\fR will place data in the buffer or request a retry if the
 buffer is full.
 .PP
-The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to
+The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to
 determine the amount of pending data in the read or write buffer.
 .PP
-\&\fIBIO_reset()\fR clears any data in the write buffer.
+\&\fBBIO_reset()\fR clears any data in the write buffer.
 .PP
-\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair.
+\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair.
 .PP
-\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
+\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
 up any half of the pair will automatically destroy the association.
 .PP
-\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
+\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
 writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other
 half of the pair will return any pending data or \s-1EOF\s0 when all pending data has
 been read.
 .PP
-\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
+\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
 If the size is not initialized a default value is used. This is currently
 17K, sufficient for a maximum size \s-1TLS\s0 record.
 .PP
-\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer.
+\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer.
 .PP
-\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and
-\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
+\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and
+\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
 with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is
-zero then the default size is used.  \fIBIO_new_bio_pair()\fR does not check whether
+zero then the default size is used.  \fBBIO_new_bio_pair()\fR does not check whether
 \&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten,
-\&\fIBIO_free()\fR is not called.
+\&\fBBIO_free()\fR is not called.
 .PP
-\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum
+\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum
 length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this
-value will return a value from \fIBIO_write_ex()\fR less than the amount requested or
-if the buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a
-function whereas \fIBIO_get_write_guarantee()\fR is a macro.
+value will return a value from \fBBIO_write_ex()\fR less than the amount requested or
+if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a
+function whereas \fBBIO_get_write_guarantee()\fR is a macro.
 .PP
-\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the
+\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the
 amount of data requested, or the buffer size if it is less, if the
 last read attempt at the other half of the \s-1BIO\s0 pair failed due to an
 empty buffer.  This can be used to determine how much data should be
@@ -222,40 +226,40 @@ in \s-1TLS/SSL\s0 applications where the amount of data read is usually
 meaningful rather than just a buffer size. After a successful read
 this call will return zero.  It also will return zero once new data
 has been written satisfying the read request or part of it.
-Note that \fIBIO_get_read_request()\fR never returns an amount larger
-than that returned by \fIBIO_get_write_guarantee()\fR.
+Note that \fBBIO_get_read_request()\fR never returns an amount larger
+than that returned by \fBBIO_get_write_guarantee()\fR.
 .PP
-\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by
-\&\fIBIO_get_read_request()\fR to zero.
+\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by
+\&\fBBIO_get_read_request()\fR to zero.
 .SH "NOTES"
 .IX Header "NOTES"
 Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit
-freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed.
+freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed.
 .PP
 When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to
-flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR
+flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR
 on the other half of the pair and, if any data is pending, reading it and sending
 it to the underlying transport. This must be done before any normal processing
-(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true.
+(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true.
 .PP
 To see why this is important consider a case where a request is sent using
-\&\fIBIO_write_ex()\fR and a response read with \fIBIO_read_ex()\fR, this can occur during an
-\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write_ex()\fR will succeed and place data in the
-write buffer. \fIBIO_read_ex()\fR will initially fail and \fIBIO_should_read()\fR will be
+\&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an
+\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the
+write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be
 true. If the application then waits for data to be available on the underlying
 transport before flushing the write buffer it will never succeed because the
 request was never sent!
 .PP
-\&\fIBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been
+\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been
 shutdown.
 .PP
-\&\fIBIO_make_bio_pair()\fR, \fIBIO_destroy_bio_pair()\fR, \fIBIO_shutdown_wr()\fR,
-\&\fIBIO_set_write_buf_size()\fR, \fIBIO_get_write_buf_size()\fR,
-\&\fIBIO_get_write_guarantee()\fR, and \fIBIO_get_read_request()\fR are implemented
+\&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR,
+\&\fBBIO_set_write_buf_size()\fR, \fBBIO_get_write_buf_size()\fR,
+\&\fBBIO_get_write_guarantee()\fR, and \fBBIO_get_read_request()\fR are implemented
 as macros.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in
+\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in
 \&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the
 locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information.
 .PP
@@ -263,7 +267,7 @@ locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more informat
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 The \s-1BIO\s0 pair can be used to have full control over the network access of an
-application. The application can call \fIselect()\fR on the socket as required
+application. The application can call \fBselect()\fR on the socket as required
 without having to go through the SSL-interface.
 .PP
 .Vb 1
@@ -300,21 +304,21 @@ connection, it behaves non-blocking and will return as soon as the write
 buffer is full or the read buffer is drained. Then the application has to
 flush the write buffer and/or fill the read buffer.
 .PP
-Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0
-and must be transferred to the network. Use \fIBIO_ctrl_get_read_request()\fR to
+Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0
+and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to
 find out, how many bytes must be written into the buffer before the
-\&\fISSL_operation()\fR can successfully be continued.
+\&\fBSSL_operation()\fR can successfully be continued.
 .SH "WARNING"
 .IX Header "WARNING"
-As the data is buffered, \fISSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0
+As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0
 condition, but there is still data in the write buffer. An application must
-not rely on the error value of \fISSL_operation()\fR but must assure that the
+not rely on the error value of \fBSSL_operation()\fR but must assure that the
 write buffer is always flushed first. Otherwise a deadlock may occur as
 the peer might be waiting for the data before being able to continue.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7),
-\&\fIBIO_should_retry\fR\|(3), \fIBIO_read_ex\fR\|(3)
+\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7),
+\&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index b46212f081746..a847ffca26700 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_CONNECT 3"
-.TH BIO_S_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_CONNECT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,7 +164,7 @@ BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper
+\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper
 round the platform's \s-1TCP/IP\s0 socket connection routines.
 .PP
 Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data
@@ -172,61 +176,61 @@ on the underlying connection. If no connection is established
 and the port and hostname (see below) is set up properly then
 a connection is established first.
 .PP
-Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR.
+Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR.
 .PP
 If the close flag is set on a connect \s-1BIO\s0 then any active
 connection is shutdown and the socket closed when the \s-1BIO\s0
 is freed.
 .PP
-Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active
+Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active
 connection and reset the \s-1BIO\s0 into a state where it can connect
 to the same host again.
 .PP
-\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0
+\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0
 it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of
 type (int *).
 .PP
-\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname.
+\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname.
 The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it
 must be enclosed with brackets. The hostname can also include the
 port in the form hostname:port.
 .PP
-\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the
+\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the
 numerical form or a string such as \*(L"http\*(R". A string will be looked
-up first using \fIgetservbyname()\fR on the host platform but if that
+up first using \fBgetservbyname()\fR on the host platform but if that
 fails a standard table of port names will be used. This internal
 list is http, telnet, socks, https, ssl, ftp, and gopher.
 .PP
-\&\fIBIO_set_conn_address()\fR sets the address and port information using
-a \s-1\fIBIO_ADDR\s0\fR\|(3ssl).
+\&\fBBIO_set_conn_address()\fR sets the address and port information using
+a \s-1\fBBIO_ADDR\s0\fR\|(3ssl).
 .PP
-\&\fIBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family.
+\&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family.
 .PP
-\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or
+\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or
 \&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set.
 This return value is an internal pointer which should not be modified.
 .PP
-\&\fIBIO_get_conn_port()\fR returns the port as a string.
+\&\fBBIO_get_conn_port()\fR returns the port as a string.
 This return value is an internal pointer which should not be modified.
 .PP
-\&\fIBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0
+\&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0
 This return value is an internal pointer which should not be modified.
 .PP
-\&\fIBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0
+\&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0
 .PP
-\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is
+\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is
 zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O
-is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR
+is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR
 should be made before the connection is established because
 non blocking I/O is set during the connect process.
 .PP
-\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into
+\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into
 a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR.
 .PP
-\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1
+\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1
 if the connection was established successfully. A zero or negative
 value is returned if the connection could not be established, the
-call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
+call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs
 to determine if the call should be retried.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -235,59 +239,59 @@ I/O call is caused by an error condition, although a zero return
 will normally mean that the connection was closed.
 .PP
 If the port name is supplied as part of the host name then this will
-override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable
+override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable
 if the application does not wish to allow connection to arbitrary
 ports. This can be avoided by checking for the presence of the ':'
 character in the passed hostname and either indicating an error or
 truncating the string at that point.
 .PP
-The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_address()\fR,
-and \fIBIO_get_conn_port()\fR are updated when a connection attempt is made.
+The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_address()\fR,
+and \fBBIO_get_conn_port()\fR are updated when a connection attempt is made.
 Before any connection attempt the values returned are those set by the
 application itself.
 .PP
-Applications do not have to call \fIBIO_do_connect()\fR but may wish to do
+Applications do not have to call \fBBIO_do_connect()\fR but may wish to do
 so to separate the connection process from other I/O processing.
 .PP
 If non blocking I/O is set then retries will be requested as appropriate.
 .PP
-It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also
-possible for \fIBIO_should_io_special()\fR to be true during the initial
+It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also
+possible for \fBBIO_should_io_special()\fR to be true during the initial
 connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned
 then this is an indication that a connection attempt would block,
 the application should then take appropriate action to wait until
 the underlying socket has connected and retry the call.
 .PP
-\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_get_conn_hostname()\fR,
-\&\fIBIO_set_conn_address()\fR, \fIBIO_get_conn_port()\fR, \fIBIO_get_conn_address()\fR,
-\&\fIBIO_set_conn_ip_family()\fR, \fIBIO_get_conn_ip_family()\fR,
-\&\fIBIO_set_nbio()\fR, and \fIBIO_do_connect()\fR are macros.
+\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_get_conn_hostname()\fR,
+\&\fBBIO_set_conn_address()\fR, \fBBIO_get_conn_port()\fR, \fBBIO_get_conn_address()\fR,
+\&\fBBIO_set_conn_ip_family()\fR, \fBBIO_get_conn_ip_family()\fR,
+\&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method.
+\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method.
 .PP
-\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not
+\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not
 been initialized.
 .PP
-\&\fIBIO_set_conn_address()\fR, \fIBIO_set_conn_port()\fR, and \fIBIO_set_conn_ip_family()\fR
+\&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR
 always return 1.
 .PP
-\&\fIBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure.
+\&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure.
 .PP
-\&\fIBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none
+\&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none
 was set.
 .PP
-\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if
+\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if
 none was set.
 .PP
-\&\fIBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set.
+\&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set.
 .PP
-\&\fIBIO_get_conn_port()\fR returns a string representing the connected
+\&\fBBIO_get_conn_port()\fR returns a string representing the connected
 port or \s-1NULL\s0 if not set.
 .PP
-\&\fIBIO_set_nbio()\fR always returns 1.
+\&\fBBIO_set_nbio()\fR always returns 1.
 .PP
-\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully
+\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully
 established and 0 or \-1 if the connection failed.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
@@ -318,12 +322,12 @@ to retrieve a page and copy the result to standard output.
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIBIO_ADDR\s0\fR\|(3)
+\&\s-1\fBBIO_ADDR\s0\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_conn_ip()\fR, and \fIBIO_get_conn_ip()\fR
+\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR
 were removed in OpenSSL 1.1.0.
-Use \fIBIO_set_conn_address()\fR and \fIBIO_get_conn_address()\fR instead.
+Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index 3a7f9689de773..52a33b3db1a99 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_FD 3"
-.TH BIO_S_FD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_FD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,53 +154,53 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper
-round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR.
+\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper
+round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR.
 .PP
-\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying descriptor.
-\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not.
+\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor.
+\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not.
 .PP
-If the close flag is set then \fIclose()\fR is called on the underlying
+If the close flag is set then \fBclose()\fR is called on the underlying
 file descriptor when the \s-1BIO\s0 is freed.
 .PP
-\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file
+\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file
 such as by using \fBlseek(fd, 0, 0)\fR.
 .PP
-\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
+\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
 such as by using \fBlseek(fd, ofs, 0)\fR.
 .PP
-\&\fIBIO_tell()\fR returns the current file position such as by calling
+\&\fBBIO_tell()\fR returns the current file position such as by calling
 \&\fBlseek(fd, 0, 1)\fR.
 .PP
-\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
 flag to \fBc\fR.
 .PP
-\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also
+\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also
 returns the file descriptor.
 .PP
-\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR.
+\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The behaviour of \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR depends on the behavior of the
-platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying
+The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the
+platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying
 file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the
-manner described in the \fIBIO_read_ex\fR\|(3) and \fIBIO_should_retry\fR\|(3)
+manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3)
 manual pages.
 .PP
 File descriptor BIOs should not be used for socket I/O. Use socket BIOs
 instead.
 .PP
-\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are implemented as macros.
+\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method.
+\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method.
 .PP
-\&\fIBIO_set_fd()\fR always returns 1.
+\&\fBBIO_set_fd()\fR always returns 1.
 .PP
-\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not
+\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not
 been initialized.
 .PP
-\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
+\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
 occurred.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
@@ -211,11 +215,11 @@ This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R":
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3),
-\&\fIBIO_reset\fR\|(3), \fIBIO_read_ex\fR\|(3),
-\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3),
-\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3),
-\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3)
+\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3),
+\&\fBBIO_reset\fR\|(3), \fBBIO_read_ex\fR\|(3),
+\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3),
+\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3),
+\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index a9cdb3570df49..9132f7f98be22 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_FILE 3"
-.TH BIO_S_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,48 +159,48 @@ BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it
+\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it
 is a wrapper round the stdio \s-1FILE\s0 structure and it is a
 source/sink \s-1BIO.\s0
 .PP
-Calls to \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read and write data to the
-underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs.
+Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the
+underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs.
 .PP
-\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped
+\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped
 stream.
 .PP
-\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file
+\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file
 using fseek(stream, 0, 0).
 .PP
-\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
+\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
 using fseek(stream, ofs, 0).
 .PP
-\&\fIBIO_eof()\fR calls \fIfeof()\fR.
+\&\fBBIO_eof()\fR calls \fBfeof()\fR.
 .PP
-Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0
+Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0
 is freed.
 .PP
-\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning
-of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0
+\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning
+of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0
 flag is set on the returned \s-1BIO.\s0
 .PP
-\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
+\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
 \&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying
 stream to text mode, default is binary: this only has any effect under
 Win32).
 .PP
-\&\fIBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same
-meaning as in \fIBIO_new_fp()\fR, it is a macro.
+\&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same
+meaning as in \fBBIO_new_fp()\fR, it is a macro.
 .PP
-\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro.
+\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro.
 .PP
-\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes
+\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes
 from the start of file.
 .PP
-\&\fIBIO_tell()\fR returns the value of the position pointer.
+\&\fBBIO_tell()\fR returns the value of the position pointer.
 .PP
-\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
-\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
+\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and
+\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
 reading, writing, append or read write respectively.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -260,35 +264,35 @@ Alternative technique:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method.
+\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method.
 .PP
-\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error
+\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error
 occurred.
 .PP
-\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure
+\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure
 (although the current implementation never return 0).
 .PP
-\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function:
+\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function:
 0 for success or \-1 for failure.
 .PP
-\&\fIBIO_tell()\fR returns the current file position.
+\&\fBBIO_tell()\fR returns the current file position.
 .PP
-\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
-\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure.
+\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and
+\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying
-stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error
+\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying
+stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error
 occurred this differs from other types of \s-1BIO\s0 which will typically return
 1 for success and a non positive value if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3),
-\&\fIBIO_reset\fR\|(3), \fIBIO_flush\fR\|(3),
-\&\fIBIO_read_ex\fR\|(3),
-\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3),
-\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3),
-\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3)
+\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3),
+\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3),
+\&\fBBIO_read_ex\fR\|(3),
+\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3),
+\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3),
+\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index 43c18c6f44508..0c6e88a06320b 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_MEM 3"
-.TH BIO_S_MEM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_MEM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,51 +157,51 @@ BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_b
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function.
+\&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function.
 .PP
 A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data
 written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended
 as appropriate to accommodate the stored data.
 .PP
-\&\fIBIO_s_secmem()\fR is like \fIBIO_s_mem()\fR except that the secure heap is used
+\&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used
 for buffer storage.
 .PP
 Any data written to a memory \s-1BIO\s0 can be recalled by reading from it.
 Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from
 the \s-1BIO.\s0
 .PP
-Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR.
+Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR.
 .PP
 If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying
 \&\s-1BUF_MEM\s0 structure is also freed.
 .PP
-Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the
+Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the
 flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set. On a read only \s-1BIO\s0 or if the flag
 \&\s-1BIO_FLAGS_NONCLEAR_RST\s0 is set it restores the \s-1BIO\s0 to its original state and
 the data can be read again.
 .PP
-\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0
+\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0
 .PP
-\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored.
+\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored.
 .PP
-\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
+\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
 empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is
 it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non
 zero then it will return \fBv\fR when it is empty and it will set the read retry
 flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
 positive return value \fBv\fR should be set to a negative value, typically \-1.
 .PP
-\&\fIBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data
+\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data
 and returns the total amount of data available. It is implemented as a macro.
 .PP
-\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
+\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
 close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
 It is a macro.
 .PP
-\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is
+\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is
 a macro.
 .PP
-\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR,
+\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR,
 if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its
 length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and
 as a result cannot be written to. This is useful when some data needs to be
@@ -215,7 +219,7 @@ read in small chunks the operation can be very slow. The use of a read only
 memory \s-1BIO\s0 avoids this problem. If the \s-1BIO\s0 must be read write then adding
 a buffering \s-1BIO\s0 to the chain will speed up the process.
 .PP
-Calling \fIBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fIBIO_new_secmem()\fR will
+Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will
 give undefined results, including perhaps a program crash.
 .SH "BUGS"
 .IX Header "BUGS"
@@ -248,12 +252,12 @@ Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up t
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_s_mem()\fR and \fIBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure.
+\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure.
 .PP
-\&\fIBIO_set_mem_eof_return()\fR, \fIBIO_get_mem_data()\fR, \fIBIO_set_mem_buf()\fR and \fIBIO_get_mem_ptr()\fR
+\&\fBBIO_set_mem_eof_return()\fR, \fBBIO_get_mem_data()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR
 return 1 on success or a value which is less than or equal to 0 if an error occurred.
 .PP
-\&\fIBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error.
+\&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index 87ecfc2c1cdfc..abf5045a1e901 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_NULL 3"
-.TH BIO_S_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_NULL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ BIO_s_null \- null data sink
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to
+\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to
 the null sink is discarded, reads return \s-1EOF.\s0
 .SH "NOTES"
 .IX Header "NOTES"
@@ -161,7 +165,7 @@ Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can
 by adding a null sink \s-1BIO\s0 to the end of the chain
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method.
+\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index 689201382d1bc..e960407b9f823 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_S_SOCKET 3"
-.TH BIO_S_SOCKET 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_S_SOCKET 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,16 +151,16 @@ BIO_s_socket, BIO_new_socket \- socket BIO
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper
+\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper
 round the platform's socket routines.
 .PP
-\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying socket.
-\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not.
+\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket.
+\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not.
 .PP
 If the close flag is set then the socket is shut down and closed
 when the \s-1BIO\s0 is freed.
 .PP
-\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
+\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Socket BIOs also support any relevant functionality of file descriptor
@@ -168,9 +172,9 @@ Windows is one such platform. Any code mixing the two will not work on
 all platforms.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method.
+\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method.
 .PP
-\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
+\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
 occurred.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index 347f585e943de..1d62b22819af6 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_SET_CALLBACK 3"
-.TH BIO_SET_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_SET_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,25 +164,25 @@ BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BI
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBIO_set_callback_ex()\fR and \fIBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0
+\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0
 callback. The callback is called during most high level \s-1BIO\s0 operations. It can
 be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its
 operation.
 .PP
-\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0
+\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0
 callback. New code should not use these functions, but they are retained for
-backwards compatibility. Any callback set via \fIBIO_set_callback_ex()\fR will get
-called in preference to any set by \fIBIO_set_callback()\fR.
+backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get
+called in preference to any set by \fBBIO_set_callback()\fR.
 .PP
-\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be
+\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be
 used to set and retrieve an argument for use in the callback.
 .PP
-\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints
+\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints
 out information relating to each \s-1BIO\s0 operation. If the callback
 argument is set it is interpreted as a \s-1BIO\s0 to send the information
 to, otherwise stderr is used.
 .PP
-\&\fIBIO_callback_fn_ex()\fR is the type of the callback function and \fIBIO_callback_fn()\fR
+\&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR
 is the type of the old format callback function. The meaning of each argument
 is described below:
 .IP "\fBb\fR" 4
@@ -365,18 +369,18 @@ argument of type \fBBIO_info_cb\fR itself.  In this case \fBparg\fR is a pointer
 the actual call parameter, see \fBBIO_callback_ctrl\fR.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
-The \fIBIO_debug_callback()\fR function is a good example, its source is
+The \fBBIO_debug_callback()\fR function is a good example, its source is
 in crypto/bio/bio_cb.c
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_get_callback_ex()\fR and \fIBIO_get_callback()\fR return the callback function
-previously set by a call to \fIBIO_set_callback_ex()\fR and \fIBIO_set_callback()\fR
+\&\fBBIO_get_callback_ex()\fR and \fBBIO_get_callback()\fR return the callback function
+previously set by a call to \fBBIO_set_callback_ex()\fR and \fBBIO_set_callback()\fR
 respectively.
 .PP
-\&\fIBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set
-via a call to \fIBIO_set_callback_arg()\fR.
+\&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set
+via a call to \fBBIO_set_callback_arg()\fR.
 .PP
-\&\fIBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0
+\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0
 operations.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index c58a4844ba111..0621cc9deda11 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_SHOULD_RETRY 3"
-.TH BIO_SHOULD_RETRY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BIO_SHOULD_RETRY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,50 +158,50 @@ BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_sh
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 These functions determine why a \s-1BIO\s0 is not able to read or write data.
-They will typically be called after a failed \fIBIO_read_ex()\fR or \fIBIO_write_ex()\fR
+They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR
 call.
 .PP
-\&\fIBIO_should_retry()\fR is true if the call that produced this condition
+\&\fBBIO_should_retry()\fR is true if the call that produced this condition
 should then be retried at a later time.
 .PP
-If \fIBIO_should_retry()\fR is false then the cause is an error condition.
+If \fBBIO_should_retry()\fR is false then the cause is an error condition.
 .PP
-\&\fIBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0
+\&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0
 has insufficient data to return. Check for readability and/or retry the
 last operation.
 .PP
-\&\fIBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0
+\&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0
 has pending data to write. Check for writability and/or retry the
 last operation.
 .PP
-\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a
+\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a
 reason other than reading or writing is the cause of the condition.
 .PP
-\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition
+\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition
 consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR,
 \&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of
 these.
 .PP
-\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special
+\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special
 condition, it returns the \s-1BIO\s0 that caused this condition and if
 \&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of
 the reason code and the action that should be taken depends on
 the type of \s-1BIO\s0 that resulted in this condition.
 .PP
-\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if
-passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR.
+\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if
+passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR.
 .PP
-\&\fIBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given
+\&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given
 \&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR,
-\&\fIBIO_retry_type()\fR, and \fIBIO_should_retry()\fR, are implemented as macros.
+\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR,
+\&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros.
 .PP
-If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R"
+If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R"
 depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0
-operation. For example if a call to \fIBIO_read_ex()\fR on a socket \s-1BIO\s0 returns
-0 and \fIBIO_should_retry()\fR is false then the cause will be that the
+operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns
+0 and \fBBIO_should_retry()\fR is false then the cause will be that the
 connection closed. A similar condition on a file \s-1BIO\s0 will mean that it
 has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on
 the error queue. For more details see the individual \s-1BIO\s0 type manual
@@ -206,12 +210,12 @@ pages.
 If the underlying I/O structure is in a blocking mode almost all current
 \&\s-1BIO\s0 types will not request a retry, because the underlying I/O
 calls will not. If the application knows that the \s-1BIO\s0 type will never
-signal a retry then it need not call \fIBIO_should_retry()\fR after a failed
+signal a retry then it need not call \fBBIO_should_retry()\fR after a failed
 \&\s-1BIO I/O\s0 call. This is typically done with file BIOs.
 .PP
 \&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a
 retry even if the underlying I/O structure is blocking, if a handshake
-occurs during a call to \fIBIO_read()\fR. An application can retry the failed
+occurs during a call to \fBBIO_read()\fR. An application can retry the failed
 call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0
 on the underlying \s-1SSL\s0 structure.
 .PP
@@ -221,10 +225,10 @@ repeatedly until data can be processed or is available. An application
 will normally wait until the necessary condition is satisfied. How
 this is done depends on the underlying I/O structure.
 .PP
-For example if the cause is ultimately a socket and \fIBIO_should_read()\fR
-is true then a call to \fIselect()\fR may be made to wait until data is
+For example if the cause is ultimately a socket and \fBBIO_should_read()\fR
+is true then a call to \fBselect()\fR may be made to wait until data is
 available and then retry the \s-1BIO\s0 operation. By combining the retry
-conditions of several non blocking BIOs in a single \fIselect()\fR call
+conditions of several non blocking BIOs in a single \fBselect()\fR call
 it is possible to service several BIOs in a single thread, though
 the performance may be poor if \s-1SSL\s0 BIOs are present because long delays
 can occur during the initial handshake process.
@@ -232,7 +236,7 @@ can occur during the initial handshake process.
 It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O
 structure cannot process or return any data. This depends on the behaviour of
 the platforms I/O functions. This is often not desirable: one solution
-is to use non blocking I/O and use a timeout on the \fIselect()\fR (or
+is to use non blocking I/O and use a timeout on the \fBselect()\fR (or
 equivalent) call.
 .SH "BUGS"
 .IX Header "BUGS"
@@ -242,22 +246,22 @@ worked around by only passing the relevant data to \s-1ASN1\s0 functions when
 the entire structure can be read or written.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR, and
-\&\fIBIO_should_retry()\fR return either 1 or 0 based on the actual conditions
+\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and
+\&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions
 of the \fB\s-1BIO\s0\fR.
 .PP
-\&\fIBIO_retry_type()\fR returns a flag combination presenting the cause of a retry
+\&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry
 condition or false if there is no retry condition.
 .PP
-\&\fIBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure.
+\&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure.
 .PP
-\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition.
+\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 bio
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIBIO_get_retry_reason()\fR and \fIBIO_set_retry_reason()\fR functions were added in
+The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in
 OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
index ac9569420e6a4..c547650b23eec 100644
--- a/secure/lib/libcrypto/man/BN_BLINDING_new.3
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_BLINDING_NEW 3"
-.TH BN_BLINDING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_BLINDING_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -169,77 +173,77 @@ BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_B
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies
+\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies
 the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object.
 .PP
-\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure.
+\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure.
 If \fBb\fR is \s-1NULL,\s0 nothing is done.
 .PP
-\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring
+\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring
 the \fBA\fR and \fBAi\fR or, after specific number of uses and if the
 necessary parameters are set, by re-creating the blinding parameters.
 .PP
-\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR.
+\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR.
 If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be
 returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among
-several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the
+several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the
 inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as
 the inverse blinding.
 .PP
-\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper
-functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR
+\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper
+functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR
 with \fBr\fR set to \s-1NULL.\s0
 .PP
-\&\fIBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR
+\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR
 structure is owned by the current thread. This is to help users
 provide proper locking if needed for multi-threaded use.
 .PP
-\&\fIBN_BLINDING_set_current_thread()\fR sets the current thread as the
+\&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the
 owner of the \fB\s-1BN_BLINDING\s0\fR structure.
 .PP
-\&\fIBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure.
+\&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure.
 .PP
-\&\fIBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure.
+\&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure.
 .PP
-\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently
+\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently
 there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and
 \&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the
 automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use
 and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation
 of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently
 32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set.
-\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags.
+\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags.
 .PP
-\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters
+\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters
 using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and
 \&\fBm_ctx\fR can be used to pass special functions for exponentiation
-(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR).
+(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure
+\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure
 or \s-1NULL\s0 in case of an error.
 .PP
-\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR,
-\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on
+\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR,
+\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on
 success and 0 if an error occurred.
 .PP
-\&\fIBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns
+\&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns
 the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise.
 .PP
-\&\fIBN_BLINDING_set_current_thread()\fR doesn't return anything.
+\&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything.
 .PP
-\&\fIBN_BLINDING_lock()\fR, \fIBN_BLINDING_unlock()\fR return 1 if the operation
+\&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation
 succeeded or 0 on error.
 .PP
-\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags
+\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags
 (a \fBunsigned long\fR value).
 .PP
-\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR
+\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR
 parameters or \s-1NULL\s0 on error.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it
-deprecates \fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR.
+\&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it
+deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index 03e5260901254..7059888e4dddc 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_CTX_NEW 3"
-.TH BN_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,34 +158,34 @@ library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fR
 is rather expensive when used in conjunction with repeated subroutine
 calls, the \fB\s-1BN_CTX\s0\fR structure is used.
 .PP
-\&\fIBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure.
-\&\fIBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure
-but uses the secure heap (see \fICRYPTO_secure_malloc\fR\|(3)) to hold the
+\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure.
+\&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure
+but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the
 \&\fB\s-1BIGNUM\s0\fRs.
 .PP
-\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself.
-Since \fIBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the
-\&\fB\s-1BN_CTX\s0\fR, in most cases \fIBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may
-be freed by \fIBN_CTX_free()\fR.  If \fBc\fR is \s-1NULL,\s0 nothing is done.
+\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself.
+Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the
+\&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may
+be freed by \fBBN_CTX_free()\fR.  If \fBc\fR is \s-1NULL,\s0 nothing is done.
 .PP
 A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution.  No
 locking is performed, and the internal pool allocator will not properly handle
 multiple threads of execution.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_CTX_new()\fR and \fIBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR.
+\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR.
 If the allocation fails,
 they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by
-\&\fIERR_get_error\fR\|(3).
+\&\fBERR_get_error\fR\|(3).
 .PP
-\&\fIBN_CTX_free()\fR has no return values.
+\&\fBBN_CTX_free()\fR has no return values.
 .SH "REMOVED FUNCTIONALITY"
 .IX Header "REMOVED FUNCTIONALITY"
 .Vb 1
 \& void BN_CTX_init(BN_CTX *c);
 .Ve
 .PP
-\&\fIBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should
+\&\fBBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should
 replace use of BN_CTX_init with BN_CTX_new instead:
 .PP
 .Vb 6
@@ -194,11 +198,11 @@ replace use of BN_CTX_init with BN_CTX_new instead:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
-\&\fIBN_CTX_start\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3),
+\&\fBBN_CTX_start\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBN_CTX_init()\fR was removed in OpenSSL 1.1.0.
+\&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index 292aa1d1b0e2a..b2a7c9d547358 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_CTX_START 3"
-.TH BN_CTX_START 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_CTX_START 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,30 +154,30 @@ BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from
-a \fB\s-1BN_CTX\s0\fR (which can been created by using \fIBN_CTX_new\fR\|(3))
+a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3))
 in order to save the overhead of repeatedly creating and
 freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop.
 .PP
-A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be
-called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR
+A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be
+called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR
 calls must be made before calling any other functions that use the
 \&\fBctx\fR as an argument.
 .PP
-Finally, \fIBN_CTX_end()\fR must be called before returning from the function.
-When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from
-\&\fIBN_CTX_get()\fR become invalid.
+Finally, \fBBN_CTX_end()\fR must be called before returning from the function.
+When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from
+\&\fBBN_CTX_get()\fR become invalid.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values.
+\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values.
 .PP
-\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error.
-Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR
+\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error.
+Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR
 as well, so it is sufficient to check the return value of the last
-\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which
-can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which
+can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBN_CTX_new\fR\|(3)
+\&\fBBN_CTX_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index a8ada76444352..e3929129db9de 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_ADD 3"
-.TH BN_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -176,63 +180,63 @@ BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR).
+\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR).
 \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
 .PP
-\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR).
+\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR).
 \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
 .PP
-\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR).
+\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR).
 \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
-For multiplication by powers of 2, use \fIBN_lshift\fR\|(3).
+For multiplication by powers of 2, use \fBBN_lshift\fR\|(3).
 .PP
-\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR
+\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR
 (\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR.
 This function is faster than BN_mul(r,a,a).
 .PP
-\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the
+\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the
 remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may
 be \fB\s-1NULL\s0\fR, in which case the respective value is not returned.
 The result is rounded towards zero; thus if \fIa\fR is negative, the
 remainder will be zero or negative.
-For division by powers of 2, use \fIBN_rshift\fR\|(3).
+For division by powers of 2, use \fBBN_rshift\fR\|(3).
 .PP
-\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR.
+\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR.
 .PP
-\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative
+\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative
 remainder in \fIr\fR.
 .PP
-\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative
+\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative
 result in \fIr\fR.
 .PP
-\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the
+\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the
 non-negative result in \fIr\fR.
 .PP
-\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative
+\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative
 remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be
 the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for
 repeated computations using the same modulus, see
-\&\fIBN_mod_mul_montgomery\fR\|(3) and
-\&\fIBN_mod_mul_reciprocal\fR\|(3).
+\&\fBBN_mod_mul_montgomery\fR\|(3) and
+\&\fBBN_mod_mul_reciprocal\fR\|(3).
 .PP
-\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the
+\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the
 result in \fIr\fR.
 .PP
-\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR
+\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR
 (\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of
-\&\fIBN_mul()\fR.
+\&\fBBN_mul()\fR.
 .PP
-\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p %
-m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. Do not call this
+\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p %
+m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this
 function when \fBm\fR is even and any of the parameters have the
 \&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set.
 .PP
-\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and
+\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and
 places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or
 \&\fIb\fR.
 .PP
 For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
-temporary variables; see \fIBN_CTX_new\fR\|(3).
+temporary variables; see \fBBN_CTX_new\fR\|(3).
 .PP
 Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from
 the arguments.
@@ -240,11 +244,11 @@ the arguments.
 .IX Header "RETURN VALUES"
 For all functions, 1 is returned for success, 0 on error. The return
 value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR).
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIBN_CTX_new\fR\|(3),
-\&\fIBN_add_word\fR\|(3), \fIBN_set_bit\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3),
+\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index efdba7606f8bb..c27d0b5a5c194 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_ADD_WORD 3"
-.TH BN_ADD_WORD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_ADD_WORD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,27 +161,27 @@ These functions perform arithmetic operations on BIGNUMs with unsigned
 integers. They are much more efficient than the normal \s-1BIGNUM\s0
 arithmetic operations.
 .PP
-\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR).
+\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR).
 .PP
-\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR).
+\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR).
 .PP
-\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR).
+\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR).
 .PP
-\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder.
+\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder.
 .PP
-\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR).
+\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR).
 .PP
-For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0.
+For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0
-on error. The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0
+on error. The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .PP
-\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and
+\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and
 \&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index da4d59360c794..6a138a9db335d 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_BN2BIN 3"
-.TH BN_BN2BIN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_BN2BIN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,76 +165,76 @@ BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_b
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form
+\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form
 and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of
 memory.
 .PP
-\&\fIBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form
+\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form
 and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer
 \&\fBto\fR. The result is padded with zeroes if necessary. If \fBtolen\fR is less than
 BN_num_bytes(\fBa\fR) an error is returned.
 .PP
-\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length
+\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length
 \&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is
 \&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created.
 .PP
-\&\fIBN_bn2lebinpad()\fR and \fIBN_lebin2bn()\fR are identical to \fIBN_bn2binpad()\fR and
-\&\fIBN_bin2bn()\fR except the buffer is in little-endian format.
+\&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and
+\&\fBBN_bin2bn()\fR except the buffer is in little-endian format.
 .PP
-\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the
+\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the
 hexadecimal and decimal encoding of \fBa\fR respectively. For negative
 numbers, the string is prefaced with a leading '\-'. The string must be
-freed later using \fIOPENSSL_free()\fR.
+freed later using \fBOPENSSL_free()\fR.
 .PP
-\&\fIBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR,
+\&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR,
 including the leading character '\-' which means negative, to form a valid
 hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and
 stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If
 \&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation.
 A \*(L"negative zero\*(R" is converted to zero.
-\&\fIBN_dec2bn()\fR is the same using the decimal system.
+\&\fBBN_dec2bn()\fR is the same using the decimal system.
 .PP
-\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR,
+\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR,
 with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR
 \&\fBfp\fR.
 .PP
-\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format
+\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format
 that consists of the number's length in bytes represented as a 4\-byte
 big-endian number, and the number itself in big-endian format, where
 the most significant bit signals a negative number (the representation
 of numbers with the \s-1MSB\s0 set is prefixed with null byte).
 .PP
-\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR
+\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR
 must be large enough to hold the result. The size can be determined by
 calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0).
 .PP
-\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to
+\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to
 a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR
 if \fBret\fR is \s-1NULL.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR.
-\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error.
+\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR.
+\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error.
 .PP
-\&\fIBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied
+\&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied
 buffer is too small.
 .PP
-\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0
-on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number of characters
+\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0
+on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters
 used in parsing, or 0 on error, in which
 case no new \fB\s-1BIGNUM\s0\fR will be created.
 .PP
-\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors.
+\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors.
 .PP
-\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR
+\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR
 returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIBN_zero\fR\|(3),
-\&\fIASN1_INTEGER_to_BN\fR\|(3),
-\&\fIBN_num_bytes\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3),
+\&\fBASN1_INTEGER_to_BN\fR\|(3),
+\&\fBBN_num_bytes\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index 5fe1492d11f59..7922205c464f5 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_CMP 3"
-.TH BN_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_CMP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,20 +155,20 @@ BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparis
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their
+\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their
 absolute values.
 .PP
-\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1,
-or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd.
+\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1,
+or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd.
 .PP
-\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros.
+\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if
-\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values
+\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if
+\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values
 of \fBa\fR and \fBb\fR.
 .PP
-\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if
+\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if
 the condition is true, 0 otherwise.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index 58b4d69630597..30a490f64bb58 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_COPY 3"
-.TH BN_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_COPY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,7 +153,7 @@ BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR
+\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR
 containing the value \fBfrom\fR.
 .PP
 BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places
@@ -162,7 +166,7 @@ might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the
 \&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following
 restrictions apply to the use of \fBdest\fR:
 .IP "\(bu" 2
-\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fIBN_new()\fR. It
+\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It
 should not have been used for other purposes or initialised in any way.
 .IP "\(bu" 2
 \&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those
@@ -171,12 +175,12 @@ functions where the relevant parameter is declared \*(L"const\*(R".
 \&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns
+\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns
 the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained
-by \fIERR_get_error\fR\|(3).
+by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index ddca791ee0471..105a105816958 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_GENERATE_PRIME 3"
-.TH BN_GENERATE_PRIME 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_GENERATE_PRIME 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -182,7 +186,7 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_generate_prime_ex()\fR generates a pseudo-random prime number of
+\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of
 at least bit length \fBbits\fR.
 If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number.
 .PP
@@ -196,7 +200,7 @@ While the number is being tested for primality,
 .IP "\(bu" 2
 When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called.
 .IP "\(bu" 2
-The callers of \fIBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with
+The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with
 other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0.
 .PP
 The prime may have to fulfill additional requirements for use in
@@ -209,21 +213,21 @@ generator.
 If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so
 that (p\-1)/2 is also prime).
 .PP
-The \s-1PRNG\s0 must be seeded prior to calling \fIBN_generate_prime_ex()\fR.
+The \s-1PRNG\s0 must be seeded prior to calling \fBBN_generate_prime_ex()\fR.
 The prime number generation has a negligible error probability.
 .PP
-\&\fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is
+\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is
 prime.  The following tests are performed until one of them shows that
 \&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered
 prime.
 .PP
-\&\fIBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR,
+\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR,
 first attempts trial division by a number of small primes;
 if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR,
 \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called.
 If \fBdo_trial_division == 0\fR, this test is skipped.
 .PP
-Both \fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin
+Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin
 probabilistic primality test with \fBnchecks\fR iterations. If
 \&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that
 yields a false positive rate of at most 2^\-64 for random input.
@@ -243,20 +247,20 @@ after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a
 pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and
 freeing the structure in a loop), or \fB\s-1NULL\s0\fR.
 .PP
-\&\fIBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure
+\&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure
 and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of
 \&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New
 programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided
 for backwards compatibility purposes.
 .PP
-A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fIBN_GENCB_new()\fR,
-and freed through a call to \fIBN_GENCB_free()\fR.
+A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR,
+and freed through a call to \fBBN_GENCB_free()\fR.
 .PP
 For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a
-call to \fIBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of
+call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of
 type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR.
 \&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call
-to \fIBN_GENCB_set_old()\fR and \fBcallback\fR is of type
+to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type
 \&\fBvoid (*callback)(int, int, void *)\fR.
 .PP
 A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check
@@ -266,22 +270,22 @@ style callbacks or \fBcallback(a, b, cb_arg)\fR for old style.
 It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure
 (set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg.
 .PP
-\&\fIBN_generate_prime()\fR (deprecated) works in the same way as
-\&\fIBN_generate_prime_ex()\fR but expects an old-style callback function
+\&\fBBN_generate_prime()\fR (deprecated) works in the same way as
+\&\fBBN_generate_prime_ex()\fR but expects an old-style callback function
 directly in the \fBcallback\fR parameter, and an argument to pass to it in
-the \fBcb_arg\fR. \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR
-can similarly be compared to \fIBN_is_prime_ex()\fR and
-\&\fIBN_is_prime_fasttest_ex()\fR, respectively.
+the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR
+can similarly be compared to \fBBN_is_prime_ex()\fR and
+\&\fBBN_is_prime_fasttest_ex()\fR, respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_generate_prime_ex()\fR return 1 on success or 0 on error.
+\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error.
 .PP
-\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR and
-\&\fIBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is
+\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and
+\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is
 prime with an error probability of less than 0.25^\fBnchecks\fR, and
 \&\-1 on error.
 .PP
-\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise.
+\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise.
 .PP
 BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR
 otherwise.
@@ -291,7 +295,7 @@ structure.
 .PP
 Callback functions should return 1 on success or 0 on error.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "REMOVED FUNCTIONALITY"
 .IX Header "REMOVED FUNCTIONALITY"
 As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure
@@ -313,12 +317,12 @@ Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_ne
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_generate_parameters\fR\|(3), \fIDSA_generate_parameters\fR\|(3),
-\&\fIRSA_generate_key\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3)
+\&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3),
+\&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBN_GENCB_new()\fR, \fIBN_GENCB_free()\fR,
-and \fIBN_GENCB_get_arg()\fR were added in OpenSSL 1.1.0
+The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR,
+and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index 5e54711e3b32e..e2adea6b318c0 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_MOD_INVERSE 3"
-.TH BN_MOD_INVERSE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_MOD_INVERSE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ BN_mod_inverse \- compute inverse modulo n
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR
+\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR
 places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0
 a new \fB\s-1BIGNUM\s0\fR is created.
 .PP
@@ -154,11 +158,11 @@ a new \fB\s-1BIGNUM\s0\fR is created.
 variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and
-\&\s-1NULL\s0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and
+\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index fe0ad15327b8e..10b395b215d1f 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_MOD_MUL_MONTGOMERY 3"
-.TH BN_MOD_MUL_MONTGOMERY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_MOD_MUL_MONTGOMERY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,51 +163,51 @@ BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MO
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 These functions implement Montgomery multiplication. They are used
-automatically when \fIBN_mod_exp\fR\|(3) is called with suitable input,
+automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input,
 but they may be useful when several operations are to be performed
 using the same modulus.
 .PP
-\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure.
+\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure.
 .PP
-\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR
+\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR
 by precomputing its inverse and a value R.
 .PP
-\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR.
+\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR.
 .PP
-\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if
-it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself.
+\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if
+it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself.
 If \fBmont\fR is \s-1NULL,\s0 nothing is done.
 .PP
-\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places
+\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places
 the result in \fIr\fR.
 .PP
-\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1.
+\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1.
 .PP
-\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R.
+\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R.
 Note that \fIa\fR must be non-negative and smaller than the modulus.
 .PP
 For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
 temporary variables.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0
+\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0
 on error.
 .PP
-\&\fIBN_MONT_CTX_free()\fR has no return value.
+\&\fBBN_MONT_CTX_free()\fR has no return value.
 .PP
 For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "WARNING"
 .IX Header "WARNING"
 The inputs must be reduced modulo \fBm\fR, otherwise the result will be
 outside the expected range.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
-\&\fIBN_CTX_new\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3),
+\&\fBBN_CTX_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0
+\&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index 6e1392c8255a9..ea3587aca439a 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_MOD_MUL_RECIPROCAL 3"
-.TH BN_MOD_MUL_RECIPROCAL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_MOD_MUL_RECIPROCAL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,43 +158,43 @@ BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_C
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient
-\&\fIBN_mod_mul\fR\|(3) operation when the operation will be performed
+\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient
+\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed
 repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR
 using \fBrecp\fR=1/\fBm\fR, which is set as described below.  \fBctx\fR is a
 previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables.
 .PP
-\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure.
+\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure.
 .PP
-\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it
-was created by \fIBN_RECP_CTX_new()\fR, also the structure itself.
+\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it
+was created by \fBBN_RECP_CTX_new()\fR, also the structure itself.
 If \fBrecp\fR is \s-1NULL,\s0 nothing is done.
 .PP
-\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing
+\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing
 1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an
 integer. The result and the number of bits it was shifted left will
 later be stored in \fBrecp\fR.
 .PP
-\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient
+\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient
 in \fBdv\fR and the remainder in \fBrem\fR.
 .PP
 The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0
+\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0
 on error.
 .PP
-\&\fIBN_RECP_CTX_free()\fR has no return value.
+\&\fBBN_RECP_CTX_free()\fR has no return value.
 .PP
 For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
-\&\fIBN_CTX_new\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3),
+\&\fBBN_CTX_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0
+\&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index 62a640928f18f..7d260e5efd158 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_NEW 3"
-.TH BN_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,33 +157,33 @@ BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIG
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure.
-\&\fIBN_secure_new()\fR does the same except that the secure heap
-\&\fIOPENSSL_secure_malloc\fR\|(3) is used to store the value.
+\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure.
+\&\fBBN_secure_new()\fR does the same except that the secure heap
+\&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value.
 .PP
-\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they
+\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they
 are no longer needed. It erases the memory used by \fBa\fR and sets it
 to the value 0.
 .PP
-\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created
-by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally
+\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created
+by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally
 overwrites the data before the memory is returned to the system.
 If \fBa\fR is \s-1NULL,\s0 nothing is done.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_new()\fR and \fIBN_secure_new()\fR
+\&\fBBN_new()\fR and \fBBN_secure_new()\fR
 return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0.
 If the allocation fails,
 they return \fB\s-1NULL\s0\fR and set an error code that can be obtained
-by \fIERR_get_error\fR\|(3).
+by \fBERR_get_error\fR\|(3).
 .PP
-\&\fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return values.
+\&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBN_init()\fR was removed in OpenSSL 1.1.0; use \fIBN_new()\fR instead.
+\&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index 6ef112c3be093..4740a575937db 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_NUM_BYTES 3"
-.TH BN_NUM_BYTES 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_NUM_BYTES 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,35 +153,35 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes.
+\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes.
 .PP
-\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word.
+\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word.
 If we take 0x00000432 as an example, it returns 11, not 16, not 32.
 Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR.
 .PP
-\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR,
-following the same principle as \fIBN_num_bits_word()\fR.
+\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR,
+following the same principle as \fBBN_num_bits_word()\fR.
 .PP
-\&\fIBN_num_bytes()\fR is a macro.
+\&\fBBN_num_bytes()\fR is a macro.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The size.
 .SH "NOTES"
 .IX Header "NOTES"
-Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys,
+Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys,
 \&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with
 the number of bits they expected (something like 512, 1024, 2048,
 \&...).  This is because generating a number with some specific number
 of bits doesn't always set the highest bits, thereby making the number
 of \fIsignificant\fR bits a little lower.  If you want to know the \*(L"key
-size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR
-and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although
+size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR
+and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although
 there's no real guarantee that will match the \*(L"key size\*(R", just a lot
 more probability).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_size\fR\|(3), \fIDSA_size\fR\|(3),
-\&\fIRSA_size\fR\|(3)
+\&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3),
+\&\fBRSA_size\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index ceb927e954019..a5ebda0da489f 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_RAND 3"
-.TH BN_RAND 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_RAND 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,7 +159,7 @@ BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pse
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_rand()\fR generates a cryptographically strong pseudo-random number of
+\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of
 \&\fBbits\fR in length and stores it in \fBrnd\fR.
 If \fBbits\fR is less than zero, or too small to
 accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR
@@ -171,13 +175,13 @@ If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if i
 is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even.
 If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR.
 .PP
-\&\fIBN_rand_range()\fR generates a cryptographically strong pseudo-random
+\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random
 number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR.
 .PP
-\&\fIBN_priv_rand()\fR and \fIBN_priv_rand_range()\fR have the same semantics as
-\&\fIBN_rand()\fR and \fIBN_rand_range()\fR respectively.  They are intended to be
+\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as
+\&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively.  They are intended to be
 used for generating values that should remain private, and mirror the
-same difference between \fIRAND_bytes\fR\|(3) and \fIRAND_priv_bytes\fR\|(3).
+same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 Always check the error return value of these functions and do not take
@@ -186,25 +190,26 @@ seeded with enough randomness to ensure an unpredictable byte sequence.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The functions return 1 on success, 0 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "HISTORY"
 .IX Header "HISTORY"
 .IP "\(bu" 2
-Starting with OpenSSL release 1.1.0, \fIBN_pseudo_rand()\fR has been identical
-to \fIBN_rand()\fR and \fIBN_pseudo_rand_range()\fR has been identical to
-\&\fIBN_rand_range()\fR.
+Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical
+to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to
+\&\fBBN_rand_range()\fR.
 The \*(L"pseudo\*(R" functions should not be used and may be deprecated in
 a future release.
 .IP "\(bu" 2
-\&\fIBN_priv_rand()\fR and \fIBN_priv_rand_range()\fR were added in OpenSSL 1.1.1.
+The
+\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fIRAND_add\fR\|(3),
-\&\fIRAND_bytes\fR\|(3),
-\&\fIRAND_priv_bytes\fR\|(3),
-\&\s-1\fIRAND\s0\fR\|(7),
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBERR_get_error\fR\|(3),
+\&\fBRAND_add\fR\|(3),
+\&\fBRAND_bytes\fR\|(3),
+\&\fBRAND_priv_bytes\fR\|(3),
+\&\s-1\fBRAND\s0\fR\|(7),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_security_bits.3 b/secure/lib/libcrypto/man/BN_security_bits.3
index 4bf266b1bebe7..735c9b26cc53f 100644
--- a/secure/lib/libcrypto/man/BN_security_bits.3
+++ b/secure/lib/libcrypto/man/BN_security_bits.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_SECURITY_BITS 3"
-.TH BN_SECURITY_BITS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_SECURITY_BITS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,9 +149,9 @@ BN_security_bits \- returns bits of security based on given numbers
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_security_bits()\fR returns the number of bits of security provided by a
+\&\fBBN_security_bits()\fR returns the number of bits of security provided by a
 specific algorithm and a particular key size. The bits of security is
-defined in \s-1NIST SP800\-57.\s0 Currently, \fIBN_security_bits()\fR support two types
+defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types
 of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0
 (Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both
 parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where
@@ -159,14 +163,14 @@ to be the key size (modulus).
 Number of security bits.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fIBN_security_bits()\fR
+\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR
 function. The symmetric algorithms are not covered neither.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBN_security_bits()\fR was added in OpenSSL 1.1.0.
+The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_security_bits\fR\|(3), \fIDSA_security_bits\fR\|(3), \fIRSA_security_bits\fR\|(3)
+\&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index 915cfa20f4423..0cb207ce961f1 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_SET_BIT 3"
-.TH BN_SET_BIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_SET_BIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,36 +160,36 @@ BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The
+\&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The
 number is expanded if necessary.
 .PP
-\&\fIBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An
+\&\fBBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An
 error occurs if \fBa\fR is shorter than \fBn\fR bits.
 .PP
-\&\fIBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set.
+\&\fBBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set.
 .PP
-\&\fIBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number
+\&\fBBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number
 (\f(CW\*(C`a&=~((~0)>>n)\*(C'\fR).  An error occurs if \fBa\fR already is
 shorter than \fBn\fR bits.
 .PP
-\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in
-\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_lshift1()\fR shifts
+\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in
+\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts
 \&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR).
 .PP
-\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in
-\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_rshift1()\fR shifts
+\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in
+\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts
 \&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR).
 .PP
 For the shift functions, \fBr\fR and \fBa\fR may be the same variable.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise.
+\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise.
 .PP
 All other functions return 1 for success, 0 on error. The error codes
-can be obtained by \fIERR_get_error\fR\|(3).
+can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBN_num_bytes\fR\|(3), \fIBN_add\fR\|(3)
+\&\fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
index 04fed56410b50..4adf66813bd30 100644
--- a/secure/lib/libcrypto/man/BN_swap.3
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_SWAP 3"
-.TH BN_SWAP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_SWAP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,10 +149,10 @@ BN_swap \- exchange BIGNUMs
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR.
+\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_swap()\fR does not return a value.
+\&\fBBN_swap()\fR does not return a value.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index 0a07d8b50e85c..a592b748a7b3d 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_ZERO 3"
-.TH BN_ZERO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BN_ZERO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,34 +158,34 @@ BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment ope
 \&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized
 for the most efficient implementation on the local platform.
 .PP
-\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and
-\&\fBw\fR respectively.  \fIBN_zero()\fR and \fIBN_one()\fR are macros.
+\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and
+\&\fBw\fR respectively.  \fBBN_zero()\fR and \fBBN_one()\fR are macros.
 .PP
-\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant
+\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant
 is useful for use in comparisons and assignment.
 .PP
-\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR.
+\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot
+\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot
 be represented as a single integer.
 .PP
-\&\fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise.
-\&\fIBN_value_one()\fR returns the constant.
-\&\fIBN_zero()\fR never fails and returns no value.
+\&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise.
+\&\fBBN_value_one()\fR returns the constant.
+\&\fBBN_zero()\fR never fails and returns no value.
 .SH "BUGS"
 .IX Header "BUGS"
 If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide
-with the error condition returned by \fIBN_get_word()\fR which uses that
+with the error condition returned by \fBBN_get_word()\fR which uses that
 as an error value.
 .PP
 \&\fB\s-1BN_ULONG\s0\fR should probably be a typedef.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBN_bn2bin\fR\|(3)
+\&\fBBN_bn2bin\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-In OpenSSL 0.9.8, \fIBN_zero()\fR was changed to not return a value; previous
+In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous
 versions returned an int.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/BUF_MEM_new.3 b/secure/lib/libcrypto/man/BUF_MEM_new.3
index b9016c9e35866..9c6b59ce0dac9 100644
--- a/secure/lib/libcrypto/man/BUF_MEM_new.3
+++ b/secure/lib/libcrypto/man/BUF_MEM_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BUF_MEM_NEW 3"
-.TH BUF_MEM_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH BUF_MEM_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,39 +161,39 @@ BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF
 The buffer library handles simple character arrays. Buffers are used for
 various purposes in the library, most notably memory BIOs.
 .PP
-\&\fIBUF_MEM_new()\fR allocates a new buffer of zero size.
+\&\fBBUF_MEM_new()\fR allocates a new buffer of zero size.
 .PP
-\&\fIBUF_MEM_new_ex()\fR allocates a buffer with the specified flags.
+\&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags.
 The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer
-should be allocated on the secure heap; see \fICRYPTO_secure_malloc\fR\|(3).
+should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3).
 .PP
-\&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed
+\&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed
 before freeing up in case the buffer contains sensitive data.
 .PP
-\&\fIBUF_MEM_grow()\fR changes the size of an already existing buffer to
+\&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to
 \&\fBlen\fR. Any data already in the buffer is preserved if it increases in
 size.
 .PP
-\&\fIBUF_MEM_grow_clean()\fR is similar to \fIBUF_MEM_grow()\fR but it sets any free'd
+\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd
 or additionally-allocated memory to zero.
 .PP
-\&\fIBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR.  If \fBin\fR
+\&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR.  If \fBin\fR
 is \s-1NULL,\s0 the array is reversed in-place.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error.
+\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error.
 .PP
-\&\fIBUF_MEM_free()\fR has no return value.
+\&\fBBUF_MEM_free()\fR has no return value.
 .PP
-\&\fIBUF_MEM_grow()\fR and \fIBUF_MEM_grow_clean()\fR return
+\&\fBBUF_MEM_grow()\fR and \fBBUF_MEM_grow_clean()\fR return
 zero on error or the new size (i.e., \fBlen\fR).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIbio\fR\|(7),
-\&\fICRYPTO_secure_malloc\fR\|(3).
+\&\fBbio\fR\|(7),
+\&\fBCRYPTO_secure_malloc\fR\|(3).
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIBUF_MEM_new_ex()\fR was added in OpenSSL 1.1.0.
+The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3
index 18210d30aad8d..810ad33f7ffc6 100644
--- a/secure/lib/libcrypto/man/CMS_add0_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add0_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_ADD0_CERT 3"
-.TH CMS_ADD0_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_ADD0_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,12 +155,12 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR.
+\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR.
 must be of type signed data or enveloped data.
 .PP
-\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR.
+\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR.
 .PP
-\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR
+\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR
 returns any CRLs in \fBcms\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -167,25 +171,25 @@ For signed data certificates and CRLs are added to the \fBcertificates\fR and
 \&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to
 \&\fBOriginatorInfo\fR.
 .PP
-As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it
-must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR
+As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it
+must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR
 must be freed up.
 .PP
 The same certificate or \s-1CRL\s0 must not be added to the same cms structure more
 than once.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return
+\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return
 1 for success and 0 for failure.
 .PP
-\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs
+\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs
 or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur
 in practice is if the \fBcms\fR type is invalid.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fICMS_sign\fR\|(3),
-\&\fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBCMS_sign\fR\|(3),
+\&\fBCMS_encrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
index 3007120e83df2..7d68d3c48956f 100644
--- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_ADD1_RECIPIENT_CERT 3"
-.TH CMS_ADD1_RECIPIENT_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_ADD1_RECIPIENT_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,20 +157,20 @@ CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS envel
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped
+\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped
 data structure \fBcms\fR as a KeyTransRecipientInfo structure.
 .PP
-\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using
+\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using
 wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional
 values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped
 data structure \fBcms\fR as a KEKRecipientInfo structure.
 .PP
 The CMS_ContentInfo structure should be obtained from an initial call to
-\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set.
+\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set.
 .SH "NOTES"
 .IX Header "NOTES"
 The main purpose of this function is to provide finer control over a \s-1CMS\s0
-enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are
+enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are
 not appropriate. For example if one or more KEKRecipientInfo structures
 need to be added. New attributes can also be added using the returned
 CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions.
@@ -182,13 +186,13 @@ If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be
 consistent with \fBkeylen\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal
+\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal
 pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error
 occurs.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3),
-\&\fICMS_final\fR\|(3),
+\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3),
+\&\fBCMS_final\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3
index 513f8233ba352..e651e222d2914 100644
--- a/secure/lib/libcrypto/man/CMS_add1_signer.3
+++ b/secure/lib/libcrypto/man/CMS_add1_signer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_ADD1_SIGNER 3"
-.TH CMS_ADD1_SIGNER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_ADD1_SIGNER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,12 +153,12 @@ CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private
+\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private
 key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData
 structure \fBcms\fR.
 .PP
 The CMS_ContentInfo structure should be obtained from an initial call to
-\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a
+\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a
 valid CMS_ContentInfo SignedData structure.
 .PP
 If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public
@@ -162,15 +166,15 @@ key algorithm will be used.
 .PP
 Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo
 structure is not complete and must be finalized either by streaming (if
-applicable) or a call to \fICMS_final()\fR.
+applicable) or a call to \fBCMS_final()\fR.
 .PP
-The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo
+The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo
 structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags
 are both set.
 .SH "NOTES"
 .IX Header "NOTES"
-The main purpose of \fICMS_add1_signer()\fR is to provide finer control
-over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults
+The main purpose of \fBCMS_add1_signer()\fR is to provide finer control
+over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults
 are not appropriate. For example if multiple signers or non default digest
 algorithms are needed. New attributes can also be added using the returned
 CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the
@@ -187,7 +191,7 @@ flag is set.
 .PP
 If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the
 CMS_SignerInfo structure will not be finalized so additional attributes
-can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is
+can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is
 needed to finalize it.
 .PP
 If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the
@@ -213,17 +217,17 @@ bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bi
 If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is
 not loaded.
 .PP
-\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
+\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
 structure just added, this can be used to set additional attributes
 before it is finalized.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
+\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
 structure just added or \s-1NULL\s0 if an error occurs.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_final\fR\|(3),
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_final\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3
index 86a03c0e4d37d..c895e59cf6264 100644
--- a/secure/lib/libcrypto/man/CMS_compress.3
+++ b/secure/lib/libcrypto/man/CMS_compress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_COMPRESS 3"
-.TH CMS_COMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_COMPRESS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ CMS_compress \- create a CMS CompressedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR
+\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR
 is the compression algorithm to use or \fBNID_undef\fR to use the default
 algorithm (zlib compression). \fBin\fR is the content to be compressed.
 \&\fBflags\fR is an optional set of flags.
@@ -154,7 +158,7 @@ algorithm (zlib compression). \fBin\fR is the content to be compressed.
 The only currently supported compression algorithm is zlib using the \s-1NID\s0
 NID_zlib_compression.
 .PP
-If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return
+If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return
 an error.
 .PP
 If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are
@@ -171,7 +175,7 @@ returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\f
 .PP
 The compressed data is included in the CMS_ContentInfo structure, unless
 \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
-practice and is not supported by \fISMIME_write_CMS()\fR.
+practice and is not supported by \fBSMIME_write_CMS()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is
@@ -179,20 +183,20 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st
 properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
 results.
 .PP
-Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
-\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR,
+\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
 can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_CMS()\fR.
+\&\fBBIO_new_CMS()\fR.
 .PP
 Additional compression parameters such as the zlib compression level cannot
 currently be set.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3
index 97f0c97948ac3..67856b18a1849 100644
--- a/secure/lib/libcrypto/man/CMS_decrypt.3
+++ b/secure/lib/libcrypto/man/CMS_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_DECRYPT 3"
-.TH CMS_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_DECRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ CMS_decrypt \- decrypt content from a CMS envelopedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData
+\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData
 structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the
 recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and
 \&\fBflags\fR is an optional set of flags.
@@ -164,7 +168,7 @@ is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on
 \&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or
 not. If no recipient succeeds then a random symmetric key is used to decrypt
 the content: this will typically output garbage and may (but is not guaranteed
-to) ultimately return a padding error only. If \fICMS_decrypt()\fR just returned an
+to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an
 error when all recipient encrypted keys failed to decrypt an attacker could
 use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set
 then the above behaviour is modified and an error \fBis\fR returned if no
@@ -175,11 +179,11 @@ open to attack.
 .PP
 It is possible to determine the correct recipient key by other means (for
 example looking them up in a database) and setting them in the \s-1CMS\s0 structure
-in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this
+in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this
 case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0
 .PP
-To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR
-and \fICMS_RecipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and
+To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR
+and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and
 \&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0
 .PP
 The following flags can be passed in the \fBflags\fR parameter.
@@ -189,15 +193,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i
 returned.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure.
-The error can be obtained from \fIERR_get_error\fR\|(3)
+\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure.
+The error can be obtained from \fBERR_get_error\fR\|(3)
 .SH "BUGS"
 .IX Header "BUGS"
 The lack of single pass processing and the need to hold all data in memory as
-mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR.
+mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3
index 65c1547f62ab7..ba62161af1271 100644
--- a/secure/lib/libcrypto/man/CMS_encrypt.3
+++ b/secure/lib/libcrypto/man/CMS_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_ENCRYPT 3"
-.TH CMS_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ CMS_encrypt \- create a CMS envelopedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR
+\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR
 is a list of recipient certificates. \fBin\fR is the content to be encrypted.
 \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
 .SH "NOTES"
@@ -154,7 +158,7 @@ is a list of recipient certificates. \fBin\fR is the content to be encrypted.
 Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this
 function.
 .PP
-\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
+\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
 because most clients will support it.
 .PP
 The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of
@@ -163,7 +167,7 @@ its parameters.
 Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
 by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
-\&\fICMS_encrypt()\fR.
+\&\fBCMS_encrypt()\fR.
 .PP
 The following flags can be passed in the \fBflags\fR parameter.
 .PP
@@ -190,7 +194,7 @@ finalization.
 .PP
 The data being encrypted is included in the CMS_ContentInfo structure, unless
 \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
-practice and is not supported by \fISMIME_write_CMS()\fR.
+practice and is not supported by \fBSMIME_write_CMS()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is
@@ -198,24 +202,24 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st
 properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
 results.
 .PP
-Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
-\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR,
+\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
 can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_CMS()\fR.
+\&\fBBIO_new_CMS()\fR.
 .PP
 The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info
 structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR
-and \fICMS_add0_recipient_key()\fR.
+and \fBCMS_add0_recipient_key()\fR.
 .PP
 The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients
-added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR.
+added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3
index 28e3db23eb414..9aa9f0ba695c4 100644
--- a/secure/lib/libcrypto/man/CMS_final.3
+++ b/secure/lib/libcrypto/man/CMS_final.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_FINAL 3"
-.TH CMS_FINAL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_FINAL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ CMS_final \- finalise a CMS_ContentInfo structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any
+\&\fBCMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any
 operations necessary on \fBcms\fR (digest computation for example) and set the
 appropriate fields. The parameter \fBdata\fR contains the content to be
 processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after
@@ -158,11 +162,11 @@ should only be used when streaming is not performed because the streaming
 I/O functions perform finalisation operations internally.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_final()\fR returns 1 for success or 0 for failure.
+\&\fBCMS_final()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_encrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index 24cfdf9796acc..580e7d43e8ae7 100644
--- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_GET0_RECIPIENTINFOS 3"
-.TH CMS_GET0_RECIPIENTINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_GET0_RECIPIENTINFOS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -166,27 +170,27 @@ CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_sig
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo
+The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo
 structures associated with a \s-1CMS\s0 EnvelopedData structure.
 .PP
-\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR.
+\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR.
 It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE,
 CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0
 .PP
-\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient
+\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient
 identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which
 must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in
 \&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR.
 .PP
-\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the
+\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the
 CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0
 It returns zero if the comparison is successful and non zero if not.
 .PP
-\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with
+\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with
 the CMS_RecipientInfo structure \fBri\fR, which must be of type
 \&\s-1CMS_RECIPINFO_TRANS.\s0
 .PP
-\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the
+\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the
 CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0  Any
 of the remaining parameters can be \s-1NULL\s0 if the application is not interested in
 the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written
@@ -196,61 +200,61 @@ present is written to \fBpdate\fR, if the \fBother\fR field is present the compo
 \&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and
 \&\fBpothertype\fR.
 .PP
-\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR
+\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR
 parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR,
 which must be of type \s-1CMS_RECIPINFO_KEK.\s0  It returns zero if the comparison is
 successful and non zero if not.
 .PP
-\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length
+\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length
 \&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type
 \&\s-1CMS_RECIPINFO_KEK.\s0
 .PP
-\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure
+\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure
 \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure
 first.
 .PP
-\&\fICMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure
+\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure
 \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure
 first and the content encryption key must be available: for example by a
-previous call to \fICMS_RecipientInfo_decrypt()\fR.
+previous call to \fBCMS_RecipientInfo_decrypt()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The main purpose of these functions is to enable an application to lookup
 recipient keys using any appropriate technique when the simpler method
-of \fICMS_decrypt()\fR is not appropriate.
+of \fBCMS_decrypt()\fR is not appropriate.
 .PP
 In typical usage and application will retrieve all CMS_RecipientInfo structures
-using \fICMS_get0_RecipientInfos()\fR and check the type of each using
-\&\fICMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure
+using \fBCMS_get0_RecipientInfos()\fR and check the type of each using
+\&\fBCMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure
 can be ignored or its key identifier data retrieved using an appropriate
 function. Then if the corresponding secret or private key can be obtained by
 any appropriate means it can then associated with the structure and
-\&\fICMS_RecipientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called
+\&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called
 with a \s-1NULL\s0 key to decrypt the enveloped content.
 .PP
-The \fICMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an
+The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an
 existing enveloped data structure. Typically an application will first decrypt
 an appropriate CMS_RecipientInfo structure to make the content encrypt key
 available, it will then add a new recipient using a function such as
-\&\fICMS_add1_recipient_cert()\fR and finally encrypt the content encryption key
-using \fICMS_RecipientInfo_encrypt()\fR.
+\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key
+using \fBCMS_RecipientInfo_encrypt()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if
+\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if
 an error occurs.
 .PP
-\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR,
-\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and
-\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs.
-\&\fICMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs.
+\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR,
+\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and
+\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs.
+\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs.
 .PP
-\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0
+\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0
 for a successful comparison and non zero otherwise.
 .PP
-Any error can be obtained from \fIERR_get_error\fR\|(3).
+Any error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
index db2a6123dcfb8..99e65095d05ce 100644
--- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_GET0_SIGNERINFOS 3"
-.TH CMS_GET0_SIGNERINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_GET0_SIGNERINFOS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,59 +155,59 @@ CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signe
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures
+The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures
 associated with a \s-1CMS\s0 signedData structure.
 .PP
-\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier
+\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier
 associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the
 keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number
 in \fBissuer\fR and \fBsno\fR.
 .PP
-\&\fICMS_SignerInfo_get0_signature()\fR retrieves the signature associated with
+\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with
 \&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned
 corresponds to the internal signature value if \fBsi\fR so it may be read or
 modified.
 .PP
-\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer
+\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer
 identifier \fBsi\fR. It returns zero if the comparison is successful and non zero
 if not.
 .PP
-\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to
+\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to
 \&\fBsigner\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The main purpose of these functions is to enable an application to lookup
 signers certificates using any appropriate technique when the simpler method
-of \fICMS_verify()\fR is not appropriate.
+of \fBCMS_verify()\fR is not appropriate.
 .PP
 In typical usage and application will retrieve all CMS_SignerInfo structures
-using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using
+using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using
 \&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means
 (or return and error if it cannot be found) and set it using
-\&\fICMS_SignerInfo_set1_signer_cert()\fR.
+\&\fBCMS_SignerInfo_set1_signer_cert()\fR.
 .PP
-Once all signer certificates have been set \fICMS_verify()\fR can be used.
+Once all signer certificates have been set \fBCMS_verify()\fR can be used.
 .PP
-Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if
+Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if
 there are no signers this is not a problem in practice because the only
 error which can occur is if the \fBcms\fR structure is not of type signedData
 due to application error.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there
+\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there
 are no signers or an error occurs.
 .PP
-\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure.
+\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure.
 .PP
-\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non
+\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non
 zero otherwise.
 .PP
-\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value.
+\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value.
 .PP
-Any error can be obtained from \fIERR_get_error\fR\|(3)
+Any error can be obtained from \fBERR_get_error\fR\|(3)
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3
index 9adeddc37807a..71f7de5eccf42 100644
--- a/secure/lib/libcrypto/man/CMS_get0_type.3
+++ b/secure/lib/libcrypto/man/CMS_get0_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_GET0_TYPE 3"
-.TH CMS_GET0_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_GET0_TYPE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,29 +152,30 @@ CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \-
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as
-and \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the
+\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as
+an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the
 CMS_ContentInfo structure based on this value.
 .PP
-\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo
-structure. It should be called with \s-1CMS\s0 functions with the \fB\s-1CMS_PARTIAL\s0\fR
+\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo
+structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt)
+with the \fB\s-1CMS_PARTIAL\s0\fR
 flag and \fBbefore\fR the structure is finalised, otherwise the results are
 undefined.
 .PP
-\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded
+\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded
 content type.
 .PP
-\&\fICMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer
+\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer
 containing the embedded content.
 .SH "NOTES"
 .IX Header "NOTES"
-As the \fB0\fR implies \fICMS_get0_type()\fR, \fICMS_get0_eContentType()\fR and
-\&\fICMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up.
-\&\fICMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up
+As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and
+\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up.
+\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up
 after use.
 .PP
 The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value
-using \fIOBJ_obj2nid()\fR. For the currently supported content types the following
+using \fBOBJ_obj2nid()\fR. For the currently supported content types the following
 values are returned:
 .PP
 .Vb 6
@@ -182,7 +187,7 @@ values are returned:
 \& NID_pkcs7_enveloped
 .Ve
 .PP
-The return value of \fICMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR
+The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR
 content pointer. That means that for example:
 .PP
 .Vb 1
@@ -195,16 +200,16 @@ using this function. Applications usually will not need to modify the
 embedded content as it is normally set by higher level functions.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure.
+\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure.
 .PP
-\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred.  The
-error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred.  The
+error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
index 9e8c9788771ac..6a9d9659cc5b8 100644
--- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
+++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_GET1_RECEIPTREQUEST 3"
-.TH CMS_GET1_RECEIPTREQUEST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_GET1_RECEIPTREQUEST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,7 +158,7 @@ CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CM
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The
+\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The
 \&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set
 to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0
 the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of
@@ -162,13 +166,13 @@ the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBr
 option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the
 \&\fBreceiptsTo\fR field value.
 .PP
-The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR
+The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR
 to SignerInfo structure \fBsi\fR.
 .PP
-int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if
+int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if
 any is found it is decoded and written to \fBprr\fR.
 .PP
-\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request.
+\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request.
 The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR
 option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR
 otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR
@@ -179,22 +183,22 @@ For more details of the meaning of the fields see \s-1RFC2634.\s0
 .PP
 The contents of a signed receipt should only be considered meaningful if the
 corresponding CMS_ContentInfo structure can be successfully verified using
-\&\fICMS_verify()\fR.
+\&\fBCMS_verify()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or
+\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or
 \&\s-1NULL\s0 if an error occurred.
 .PP
-\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred.
+\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred.
 .PP
-\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and
+\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and
 decoded. It returns 0 if a signed receipt request is not present and \-1 if
 it is present but malformed.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3)
-\&\fICMS_verify_receipt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3)
+\&\fBCMS_verify_receipt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3
index d86d1f0e8e828..2c4457980f38c 100644
--- a/secure/lib/libcrypto/man/CMS_sign.3
+++ b/secure/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_SIGN 3"
-.TH CMS_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ CMS_sign \- create a CMS SignedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is
+\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is
 the certificate to sign with, \fBpkey\fR is the corresponding private key.
 \&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0
 structure (for example any intermediate CAs in the chain). Any or all of
@@ -212,10 +216,10 @@ If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR st
 properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
 results.
 .PP
-Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
-\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR,
+\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
 can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_CMS()\fR.
+\&\fBBIO_new_CMS()\fR.
 .PP
 If a signer is specified it will use the default digest for the signing
 algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.
@@ -223,23 +227,23 @@ algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.
 If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is
 output.
 .PP
-The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be
+The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be
 suitable for many purposes. For finer control of the output format the
 \&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the
 \&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the
-function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom
-attributes added. \fICMS_final()\fR must then be called to finalize the
+function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom
+attributes added. \fBCMS_final()\fR must then be called to finalize the
 structure if streaming is not enabled.
 .SH "BUGS"
 .IX Header "BUGS"
 Some attributes such as counter signatures are not supported.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error
-occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8,
diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3
index 41f3b77648f4b..74471cc90dc9e 100644
--- a/secure/lib/libcrypto/man/CMS_sign_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_SIGN_RECEIPT 3"
-.TH CMS_SIGN_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_SIGN_RECEIPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ CMS_sign_receipt \- create a CMS signed receipt
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is
+\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is
 the \fBCMS_SignerInfo\fR structure containing the signed receipt request.
 \&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding
 private key.  \fBcerts\fR is an optional additional set of certificates to include
@@ -156,19 +160,19 @@ in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain).
 \&\fBflags\fR is an optional set of flags.
 .SH "NOTES"
 .IX Header "NOTES"
-This functions behaves in a similar way to \fICMS_sign()\fR except the flag values
+This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values
 \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR
 are not supported since they do not make sense in the context of signed
 receipts.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if
-an error occurred.  The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if
+an error occurred.  The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fICMS_verify_receipt\fR\|(3),
-\&\fICMS_sign\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBCMS_verify_receipt\fR\|(3),
+\&\fBCMS_sign\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3
index fac85d450c5d4..38b46ad5f23e1 100644
--- a/secure/lib/libcrypto/man/CMS_uncompress.3
+++ b/secure/lib/libcrypto/man/CMS_uncompress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_UNCOMPRESS 3"
-.TH CMS_UNCOMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_UNCOMPRESS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ CMS_uncompress \- uncompress a CMS CompressedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0
+\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0
 CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and
 \&\fBflags\fR is an optional set of flags.
 .PP
@@ -156,7 +160,7 @@ is detached. It will normally be set to \s-1NULL.\s0
 The only currently supported compression algorithm is zlib: if the structure
 indicates the use of any other algorithm an error is returned.
 .PP
-If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always
+If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always
 return an error.
 .PP
 The following flags can be passed in the \fBflags\fR parameter.
@@ -166,15 +170,15 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i
 returned.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can
-be obtained from \fIERR_get_error\fR\|(3)
+\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can
+be obtained from \fBERR_get_error\fR\|(3)
 .SH "BUGS"
 .IX Header "BUGS"
 The lack of single pass processing and the need to hold all data in memory as
-mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR.
+mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3
index 46604b02a4425..a2e57fc526f7c 100644
--- a/secure/lib/libcrypto/man/CMS_verify.3
+++ b/secure/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_VERIFY 3"
-.TH CMS_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,7 +152,7 @@ CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo
+\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo
 structure to verify. \fBcerts\fR is a set of certificates in which to search for
 the signing certificate(s). \fBstore\fR is a trusted certificate store used for
 chain verification. \fBindata\fR is the detached content if the content is not
@@ -157,8 +161,8 @@ present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.
 \&\fBflags\fR is an optional set of flags, which can be used to modify the verify
 operation.
 .PP
-\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must
-be called after a successful \fICMS_verify()\fR operation.
+\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must
+be called after a successful \fBCMS_verify()\fR operation.
 .SH "VERIFY PROCESS"
 .IX Header "VERIFY PROCESS"
 Normally the verify process proceeds as follows.
@@ -230,12 +234,12 @@ signer it cannot be trusted without additional evidence (such as a trusted
 timestamp).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error
+\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error
 occurred.
 .PP
-\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred.
+\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred.
 .PP
-The error can be obtained from \fIERR_get_error\fR\|(3)
+The error can be obtained from \fBERR_get_error\fR\|(3)
 .SH "BUGS"
 .IX Header "BUGS"
 The trusted certificate store is not searched for the signing certificate,
@@ -246,7 +250,7 @@ The lack of single pass processing means that the signed content must all
 be held in memory if it is not detached.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3
index cdb1d7a18a80f..c9e1ec7e9c5d3 100644
--- a/secure/lib/libcrypto/man/CMS_verify_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_VERIFY_RECEIPT 3"
-.TH CMS_VERIFY_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS_VERIFY_RECEIPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ CMS_verify_receipt \- verify a CMS signed receipt
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed
+\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed
 receipt to verify. \fBocms\fR is the original SignedData structure containing the
 receipt request. \fBcerts\fR is a set of certificates in which to search for the
 signing certificate. \fBstore\fR is a trusted certificate store (used for chain
@@ -157,20 +161,20 @@ verification).
 operation.
 .SH "NOTES"
 .IX Header "NOTES"
-This functions behaves in a similar way to \fICMS_verify()\fR except the flag values
+This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values
 \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not
 supported since they do not make sense in the context of signed receipts.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an
+\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an
 error occurred.
 .PP
-The error can be obtained from \fIERR_get_error\fR\|(3)
+The error can be obtained from \fBERR_get_error\fR\|(3)
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fICMS_sign_receipt\fR\|(3),
-\&\fICMS_verify\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBCMS_sign_receipt\fR\|(3),
+\&\fBCMS_verify\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
index 89b34363e82a4..c98977dd088f3 100644
--- a/secure/lib/libcrypto/man/CONF_modules_free.3
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CONF_MODULES_FREE 3"
-.TH CONF_MODULES_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CONF_MODULES_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,15 +158,15 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICONF_modules_free()\fR closes down and frees up all memory allocated by all
+\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all
 configuration modules.  Normally, in versions of OpenSSL prior to 1.1.0,
 applications called
-\&\fICONF_modules_free()\fR at exit to tidy up any configuration performed.
+\&\fBCONF_modules_free()\fR at exit to tidy up any configuration performed.
 .PP
-\&\fICONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler
+\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler
 to free up any configuration that module may have performed.
 .PP
-\&\fICONF_modules_unload()\fR finishes and unloads configuration modules. If
+\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If
 \&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If
 \&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded.
 .SH "RETURN VALUES"
@@ -170,12 +174,12 @@ to free up any configuration that module may have performed.
 None of the functions return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3),
-\&\fICONF_modules_load_file\fR\|(3)
+\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3),
+\&\fBCONF_modules_load_file\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fICONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it.
-For more information see \fIOPENSSL_init_crypto\fR\|(3).
+\&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it.
+For more information see \fBOPENSSL_init_crypto\fR\|(3).
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
index 70f49cebb66bb..2d5816eac1796 100644
--- a/secure/lib/libcrypto/man/CONF_modules_load_file.3
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CONF_MODULES_LOAD_FILE 3"
-.TH CONF_MODULES_LOAD_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CONF_MODULES_LOAD_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,36 +152,44 @@ CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fICONF_modules_load_file()\fR configures OpenSSL using file
+The function \fBCONF_modules_load_file()\fR configures OpenSSL using file
 \&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0
 the standard OpenSSL configuration file is used. If \fBappname\fR is
 \&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used.
 The behaviour can be customized using \fBflags\fR.
 .PP
-\&\fICONF_modules_load()\fR is identical to \fICONF_modules_load_file()\fR except it
+\&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it
 reads configuration information from \fBcnf\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The following \fBflags\fR are currently recognized:
 .PP
-\&\fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR if set errors returned by individual
+If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual
 configuration modules are ignored. If not set the first module error is
 considered fatal and no further modules are loaded.
 .PP
 Normally any modules errors will add error information to the error queue. If
 \&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added.
 .PP
+If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally
+returns success.
+This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in
+the default system-wide configuration file, as having all OpenSSL applications
+fail to start when there are potentially minor issues in the file is too risky.
+Applications calling \fBCONF_modules_load_file\fR explicitly should not generally
+set this flag.
+.PP
 If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is
 disabled.
 .PP
-\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fICONF_load_modules_file()\fR
+\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR
 ignore missing configuration files. Normally a missing configuration file
 return an error.
 .PP
 \&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the
 default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist.
 .PP
-By using \fICONF_modules_load_file()\fR with appropriate flags an application can
+By using \fBCONF_modules_load_file()\fR with appropriate flags an application can
 customise application configuration to best suit its needs. In some cases the
 use of a configuration file is optional and its absence is not an error: in
 this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set.
@@ -187,7 +199,7 @@ applications. For example in some cases an error may simply print out a warning
 message and the application continue. In other cases an application might
 consider a configuration file error as fatal and exit immediately.
 .PP
-Applications can use the \fICONF_modules_load()\fR function if they wish to load a
+Applications can use the \fBCONF_modules_load()\fR function if they wish to load a
 configuration file themselves and have finer control over how errors are
 treated.
 .SH "EXAMPLES"
@@ -259,10 +271,10 @@ failure. If module errors are not ignored the return code will reflect the
 return value of the failing module (this will always be zero or negative).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3)
+\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2004\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
index e3bd897ddb187..57d48de90cf79 100644
--- a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
+++ b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CRYPTO_THREAD_RUN_ONCE 3"
-.TH CRYPTO_THREAD_RUN_ONCE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CRYPTO_THREAD_RUN_ONCE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -163,7 +167,7 @@ supported by OpenSSL.
 .PP
 The following multi-threading function are provided:
 .IP "\(bu" 2
-\&\fICRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization.
+\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization.
 The \fBonce\fR argument must be a pointer to a static object of type
 \&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value
 \&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR.
@@ -172,29 +176,29 @@ exactly once initialization.
 In particular, this can be used to allocate locks in a thread-safe manner,
 which can then be used with the locking functions below.
 .IP "\(bu" 2
-\&\fICRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write
+\&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write
 lock.
 .IP "\(bu" 2
-\&\fICRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading.
+\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading.
 .IP "\(bu" 2
-\&\fICRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing.
+\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing.
 .IP "\(bu" 2
-\&\fICRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR.
+\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR.
 .IP "\(bu" 2
-\&\fICRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR.
+\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR.
 .IP "\(bu" 2
-\&\fICRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the
+\&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the
 result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic
 operations are supported on the specific platform. Because of this, if a
-variable is modified by \fICRYPTO_atomic_add()\fR then \fICRYPTO_atomic_add()\fR must
+variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must
 be the only way that the variable is modified.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error.
+\&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error.
 .PP
-\&\fICRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error.
+\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error.
 .PP
-\&\fICRYPTO_THREAD_lock_free()\fR returns no value.
+\&\fBCRYPTO_THREAD_lock_free()\fR returns no value.
 .PP
 The other functions return 1 on success, or 0 on error.
 .SH "NOTES"
@@ -268,7 +272,7 @@ You can find out if OpenSSL was configured with thread support:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7)
+\&\fBcrypto\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
index dc2f41c13aada..a746b61035742 100644
--- a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CRYPTO_GET_EX_NEW_INDEX 3"
-.TH CRYPTO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CRYPTO_GET_EX_NEW_INDEX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -198,7 +202,7 @@ structures.  Since the application data can be anything at all it is passed
 and retrieved as a \fBvoid *\fR type.
 .PP
 The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque.  To initialize the exdata part of
-a structure, call \fICRYPTO_new_ex_data()\fR. This is only necessary for
+a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for
 \&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects.
 .PP
 Exdata types are identified by an \fBindex\fR, an integer guaranteed to be
@@ -214,7 +218,7 @@ semantics of those callbacks are described below.
 When copying or releasing objects with exdata, the callback functions
 are called in increasing order of their \fBindex\fR value.
 .PP
-If a dynamic library can be unloaded, it should call \fICRYPTO_free_ex_index()\fR
+If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR
 when this is done.
 This will replace the callbacks with no-ops
 so that applications don't crash.  Any existing exdata will be leaked.
@@ -232,7 +236,7 @@ to avoid likely double-free crashes.
 The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached
 to a structure. The appropriate type-specific routine must be used.
 The \fBclass_index\fR identifies the structure type, the \fBobj\fR is
-be the pointer to the actual structure, and \fBr\fR is a pointer to the
+a pointer to the actual structure, and \fBr\fR is a pointer to the
 structure's exdata field.
 .SS "Callback Functions"
 .IX Subsection "Callback Functions"
@@ -240,53 +244,53 @@ This section describes how the callback functions are used. Applications
 that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must
 call them as described here.
 .PP
-When a structure is initially allocated (such as \fIRSA_new()\fR) then the
-\&\fInew_func()\fR is called for every defined index. There is no requirement
+When a structure is initially allocated (such as \fBRSA_new()\fR) then the
+\&\fBnew_func()\fR is called for every defined index. There is no requirement
 that the entire parent, or containing, structure has been set up.
-The \fInew_func()\fR is typically used only to allocate memory to store the
+The \fBnew_func()\fR is typically used only to allocate memory to store the
 exdata, and perhaps an \*(L"initialized\*(R" flag within that memory.
-The exdata value should be set by calling \fICRYPTO_set_ex_data()\fR.
+The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR.
 .PP
-When a structure is free'd (such as \fISSL_CTX_free()\fR) then the
-\&\fIfree_func()\fR is called for every defined index.  Again, the state of the
-parent structure is not guaranteed.  The \fIfree_func()\fR may be called with a
+When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the
+\&\fBfree_func()\fR is called for every defined index.  Again, the state of the
+parent structure is not guaranteed.  The \fBfree_func()\fR may be called with a
 \&\s-1NULL\s0 pointer.
 .PP
-Both \fInew_func()\fR and \fIfree_func()\fR take the same parameters.
+Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters.
 The \fBparent\fR is the pointer to the structure that contains the exdata.
-The \fBptr\fR is the current exdata item; for \fInew_func()\fR this will typically
+The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically
 be \s-1NULL.\s0  The \fBr\fR parameter is a pointer to the exdata field of the object.
 The \fBidx\fR is the index and is the value returned when the callbacks were
-initially registered via \fICRYPTO_get_ex_new_index()\fR and can be used if
+initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if
 the same callback handles different types of exdata.
 .PP
-\&\fIdup_func()\fR is called when a structure is being copied.  This is only done
+\&\fBdup_func()\fR is called when a structure is being copied.  This is only done
 for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via
-\&\fIBIO_dup_chain()\fR.  The \fBto\fR and \fBfrom\fR parameters
+\&\fBBIO_dup_chain()\fR.  The \fBto\fR and \fBfrom\fR parameters
 are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures,
 respectively.  The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR
 as the \s-1API\s0 has currently the wrong signature; that will be changed in a
 future version.  The \fB*pptr\fR is a pointer to the source exdata.
-When the \fIdup_func()\fR returns, the value in \fB*pptr\fR is copied to the
+When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the
 destination ex_data.  If the pointer contained in \fB*pptr\fR is not modified
-by the \fIdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data.
+by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data.
 The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other
-two callbacks.  If the \fIdup_func()\fR returns \fB0\fR the whole \fICRYPTO_dup_ex_data()\fR
+two callbacks.  If the \fBdup_func()\fR returns \fB0\fR the whole \fBCRYPTO_dup_ex_data()\fR
 will fail.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure.
+\&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure.
 .PP
-\&\fICRYPTO_free_ex_index()\fR and
-\&\fICRYPTO_set_ex_data()\fR return 1 on success or 0 on failure.
+\&\fBCRYPTO_free_ex_index()\fR and
+\&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure.
 .PP
-\&\fICRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure;
+\&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure;
 note that \s-1NULL\s0 may be a valid value.
 .PP
-\&\fIdup_func()\fR should return 0 for failure and 1 for success.
+\&\fBdup_func()\fR should return 0 for failure and 1 for success.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
index 9bb35424c9e72..5334d645f1d2b 100644
--- a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
+++ b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3"
-.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,7 +156,7 @@ A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transpare
 Therefore, it is useful to be able to look up more information about a log
 (e.g. its public key) using this LogID.
 .PP
-\&\fICTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0
+\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0
 in a \s-1CTLOG_STORE\s0 that has a given LogID.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -160,11 +164,11 @@ in a \s-1CTLOG_STORE\s0 that has a given LogID.
 exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7),
-\&\fICTLOG_STORE_new\fR\|(3)
+\&\fBct\fR\|(7),
+\&\fBCTLOG_STORE_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-This function was added in OpenSSL 1.1.0.
+The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/CTLOG_STORE_new.3
index e314e5eca93ff..e1a64dcaf7c92 100644
--- a/secure/lib/libcrypto/man/CTLOG_STORE_new.3
+++ b/secure/lib/libcrypto/man/CTLOG_STORE_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CTLOG_STORE_NEW 3"
-.TH CTLOG_STORE_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CTLOG_STORE_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,12 +157,12 @@ A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparen
 logs). The list can be loaded from one or more files and then searched by LogID
 (see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID).
 .PP
-\&\fICTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated
-by \fICTLOG_STORE_load_default_file()\fR or \fICTLOG_STORE_load_file()\fR.
-\&\fICTLOG_STORE_load_default_file()\fR loads from the default file, which is named
+\&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated
+by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR.
+\&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named
 \&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be
 overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0
-\&\fICTLOG_STORE_load_file()\fR loads from a caller-specified file path instead.
+\&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead.
 Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0
 .PP
 The expected format of the file is:
@@ -176,7 +180,7 @@ The expected format of the file is:
 .Ve
 .PP
 Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to
-\&\fICTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along
+\&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along
 with the \s-1CTLOG_STORE\s0 itself.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -189,9 +193,9 @@ Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return
 all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7),
-\&\fICTLOG_STORE_get0_log_by_id\fR\|(3),
-\&\fISSL_CTX_set_ctlog_list_file\fR\|(3)
+\&\fBct\fR\|(7),
+\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3),
+\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/CTLOG_new.3 b/secure/lib/libcrypto/man/CTLOG_new.3
index ca38aa135623f..43a4f33e5e9a5 100644
--- a/secure/lib/libcrypto/man/CTLOG_new.3
+++ b/secure/lib/libcrypto/man/CTLOG_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CTLOG_NEW 3"
-.TH CTLOG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CTLOG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,38 +156,38 @@ CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fICTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency
+\&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency
 (\s-1CT\s0) log with the given public key. A name must also be provided that can be
 used to help users identify this log. Ownership of the public key is
 transferred.
 .PP
-\&\fICTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in
+\&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in
 base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0
 The base64 will be decoded and the public key parsed.
 .PP
-Regardless of whether \fICTLOG_new()\fR or \fICTLOG_new_from_base64()\fR is used, it is the
-caller's responsibility to pass the \s-1CTLOG\s0 to \fICTLOG_free()\fR once it is no longer
-needed. This will delete it and, if created by \fICTLOG_new()\fR, the \s-1EVP_PKEY\s0 that
+Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the
+caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer
+needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that
 was passed to it.
 .PP
-\&\fICTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was
+\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was
 created. Ownership of the string remains with the \s-1CTLOG.\s0
 .PP
-\&\fICTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's
+\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's
 LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a
 v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of
 the string remains with the \s-1CTLOG.\s0
 .PP
-\&\fICTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the
+\&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the
 \&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICTLOG_new()\fR will return \s-1NULL\s0 if an error occurs.
+\&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs.
 .PP
-\&\fICTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise.
+\&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7)
+\&\fBct\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
index 4a677fd929d73..def5b1cd902ac 100644
--- a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
+++ b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CT_POLICY_EVAL_CTX_NEW 3"
-.TH CT_POLICY_EVAL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CT_POLICY_EVAL_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -171,35 +175,35 @@ the current time
 .PP
 The above requirements are met using the setters described below.
 .PP
-\&\fICT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This
+\&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This
 should then be populated using:
 .IP "\(bu" 2
-\&\fICT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for
+\&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for
 .Sp
 Increments the reference count of the certificate.
 .IP "\(bu" 2
-\&\fICT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate
+\&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate
 .Sp
 Increments the reference count of the certificate.
 .IP "\(bu" 2
-\&\fICT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs
+\&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs
 .Sp
 Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the
 \&\s-1CT_POLICY_EVAL_CTX.\s0
 .IP "\(bu" 2
-\&\fICT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid
+\&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid
 .Sp
 The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was
 issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose
 timestamp is in the future\*(R". By default, this will be set to 5 minutes in the
-future (e.g. (\fItime()\fR + 300) * 1000), to allow for clock drift.
+future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift.
 .Sp
 The time should be in milliseconds since the Unix epoch.
 .PP
 Each setter has a matching getter for accessing the current value.
 .PP
 When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to
-\&\fICT_POLICY_EVAL_CTX_free()\fR to delete it.
+\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it.
 .SH "NOTES"
 .IX Header "NOTES"
 The issuer certificate only needs to be provided if at least one of the SCTs
@@ -208,10 +212,10 @@ certificate (i.e. those in an X.509 extension), but may not be the case for SCTs
 found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails.
+\&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7)
+\&\fBct\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
index 98abe054a0275..f14c364f4ed10 100644
--- a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
+++ b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DEFINE_STACK_OF 3"
-.TH DEFINE_STACK_OF 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DEFINE_STACK_OF 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -187,8 +191,8 @@ functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0
 In the description here, \fI\s-1TYPE\s0\fR is used
 as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR.
 .PP
-\&\s-1\fISTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR.
-\&\s-1\fIDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This
+\&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR.
+\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This
 will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by
 \&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example:
 .PP
@@ -196,133 +200,133 @@ will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is refer
 \& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
 .Ve
 .PP
-\&\s-1\fIDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fIDEFINE_STACK_OF\s0()\fR except
+\&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except
 each element is constant. For example:
 .PP
 .Vb 1
 \& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
 .Ve
 .PP
-\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but
+\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but
 each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example:
 .PP
 .Vb 1
 \& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
 .Ve
 .PP
-\&\s-1\fIDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is
+\&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is
 constant:
 .PP
 .Vb 1
 \& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
 .Ve
 .PP
-\&\fIsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is
+\&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is
 \&\fB\s-1NULL\s0\fR.
 .PP
-\&\fIsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at
+\&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at
 zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned.
 .PP
-\&\fIsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR.
+\&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR.
 If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is
 equivalent to sk_TYPE_new_reserve(compare, 0).
 .PP
-\&\fIsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This
+\&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This
 function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0).
 .PP
-\&\fIsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure
-such that the next \fBn\fR calls to \fIsk_TYPE_insert()\fR, \fIsk_TYPE_push()\fR
-or \fIsk_TYPE_unshift()\fR will not fail or cause memory to be allocated
+\&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure
+such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR
+or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated
 or reallocated. If \fBn\fR is zero, any excess space allocated in the
 \&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged.
 .PP
-\&\fIsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional
+\&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional
 memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls
-to \fIsk_TYPE_insert()\fR, \fIsk_TYPE_push()\fR or \fIsk_TYPE_unshift()\fR will not fail or cause
+to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause
 memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no
-memory is allocated. \fIsk_TYPE_new_reserve()\fR also sets the comparison function
+memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function
 \&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no
 comparison function is used.
 .PP
-\&\fIsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR.
+\&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR.
 The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was
 no previous comparison function.
 .PP
-\&\fIsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any
+\&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any
 elements of \fBsk\fR. After this call \fBsk\fR is no longer valid.
 .PP
-\&\fIsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free
+\&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free
 \&\fBsk\fR so after this call \fBsk\fR is still valid.
 .PP
-\&\fIsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The
-free function \fIfreefunc()\fR is called on each element to free it.
+\&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The
+free function \fBfreefunc()\fR is called on each element to free it.
 .PP
-\&\fIsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted
+\&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted
 element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range.
 .PP
-\&\fIsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns
+\&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns
 the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found.
 .PP
-\&\fIsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing
+\&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing
 elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range
-the new element is appended to \fBsk\fR. \fIsk_TYPE_insert()\fR either returns the
+the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the
 number of elements in \fBsk\fR after the new element is inserted or zero if
 an error (such as memory allocation failure) occurred.
 .PP
-\&\fIsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to:
+\&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to:
 .PP
 .Vb 1
 \& sk_TYPE_insert(sk, ptr, \-1);
 .Ve
 .PP
-\&\fIsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to:
+\&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to:
 .PP
 .Vb 1
 \& sk_TYPE_insert(sk, ptr, 0);
 .Ve
 .PP
-\&\fIsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR.
+\&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR.
 .PP
-\&\fIsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR.
+\&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR.
 .PP
-\&\fIsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current
+\&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current
 element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred:
 this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range.
 .PP
-\&\fIsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR.  In the case
+\&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR.  In the case
 where no comparison function has been specified, the function performs
 a linear search for a pointer equal to \fBptr\fR. The index of the first
 matching element is returned or \fB\-1\fR if there is no match. In the case
 where a comparison function has been specified, \fBsk\fR is sorted then
-\&\fIsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there
+\&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there
 is no match. Note that, in this case, the matching element returned is
 not guaranteed to be the first; the comparison function will usually
 compare the values pointed to rather than the pointers themselves and
 the order of elements in \fBsk\fR could change.
 .PP
-\&\fIsk_TYPE_find_ex()\fR operates like \fIsk_TYPE_find()\fR except when a comparison
+\&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison
 function has been specified and no matching element is found. Instead
-of returning \fB\-1\fR, \fIsk_TYPE_find_ex()\fR returns the index of the element
+of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element
 either before or after the location where \fBptr\fR would be if it were
 present in \fBsk\fR.
 .PP
-\&\fIsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function.
+\&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function.
 .PP
-\&\fIsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise.
+\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise.
 .PP
-\&\fIsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy
+\&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy
 are identical to the original.
 .PP
-\&\fIsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied.
-Copying is performed by the supplied \fIcopyfunc()\fR and freeing by \fIfreefunc()\fR. The
-function \fIfreefunc()\fR is only called if an error occurs.
+\&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied.
+Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The
+function \fBfreefunc()\fR is only called if an error occurs.
 .SH "NOTES"
 .IX Header "NOTES"
 Care should be taken when accessing stacks in multi-threaded environments.
-Any operation which increases the size of a stack such as \fIsk_TYPE_insert()\fR or
-\&\fIsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions
+Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or
+\&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions
 if the same stack is accessed in a different thread. Operations such as
-\&\fIsk_find()\fR and \fIsk_sort()\fR can also reorder the stack.
+\&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack.
 .PP
 Any comparison function supplied should use a metric suitable
 for use in a binary search operation. That is it should return zero, a
@@ -330,66 +334,66 @@ positive or negative value if \fBa\fR is equal to, greater than
 or less than \fBb\fR respectively.
 .PP
 Care should be taken when checking the return values of the functions
-\&\fIsk_TYPE_find()\fR and \fIsk_TYPE_find_ex()\fR. They return an index to the
+\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the
 matching element. In particular \fB0\fR indicates a matching first element.
 A failed search is indicated by a \fB\-1\fR return value.
 .PP
-\&\s-1\fISTACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF_CONST\s0()\fR, and
-\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros.
+\&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and
+\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros.
 .PP
 The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly.
-It defines these functions: \fIOPENSSL_sk_deep_copy()\fR,
-\&\fIOPENSSL_sk_delete()\fR, \fIOPENSSL_sk_delete_ptr()\fR, \fIOPENSSL_sk_dup()\fR,
-\&\fIOPENSSL_sk_find()\fR, \fIOPENSSL_sk_find_ex()\fR, \fIOPENSSL_sk_free()\fR,
-\&\fIOPENSSL_sk_insert()\fR, \fIOPENSSL_sk_is_sorted()\fR, \fIOPENSSL_sk_new()\fR,
-\&\fIOPENSSL_sk_new_null()\fR, \fIOPENSSL_sk_num()\fR, \fIOPENSSL_sk_pop()\fR,
-\&\fIOPENSSL_sk_pop_free()\fR, \fIOPENSSL_sk_push()\fR, \fIOPENSSL_sk_reserve()\fR,
-\&\fIOPENSSL_sk_set()\fR, \fIOPENSSL_sk_set_cmp_func()\fR, \fIOPENSSL_sk_shift()\fR,
-\&\fIOPENSSL_sk_sort()\fR, \fIOPENSSL_sk_unshift()\fR, \fIOPENSSL_sk_value()\fR,
-\&\fIOPENSSL_sk_zero()\fR.
+It defines these functions: \fBOPENSSL_sk_deep_copy()\fR,
+\&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR,
+\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR,
+\&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR,
+\&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR,
+\&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR,
+\&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR,
+\&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR,
+\&\fBOPENSSL_sk_zero()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the
+\&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the
 passed stack is \fB\s-1NULL\s0\fR.
 .PP
-\&\fIsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the
+\&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the
 index is out of range.
 .PP
-\&\fIsk_TYPE_new()\fR, \fIsk_TYPE_new_null()\fR and \fIsk_TYPE_new_reserve()\fR return an empty
+\&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty
 stack or \fB\s-1NULL\s0\fR if an error occurs.
 .PP
-\&\fIsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory
+\&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory
 or \fB0\fR on error.
 .PP
-\&\fIsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if
+\&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if
 there was no old comparison function.
 .PP
-\&\fIsk_TYPE_free()\fR, \fIsk_TYPE_zero()\fR, \fIsk_TYPE_pop_free()\fR and \fIsk_TYPE_sort()\fR do
+\&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do
 not return values.
 .PP
-\&\fIsk_TYPE_pop()\fR, \fIsk_TYPE_shift()\fR, \fIsk_TYPE_delete()\fR and \fIsk_TYPE_delete_ptr()\fR
+\&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR
 return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error.
 .PP
-\&\fIsk_TYPE_insert()\fR, \fIsk_TYPE_push()\fR and \fIsk_TYPE_unshift()\fR return the total
+\&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total
 number of elements in the stack and 0 if an error occurred.
 .PP
-\&\fIsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on
+\&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on
 error.
 .PP
-\&\fIsk_TYPE_find()\fR and \fIsk_TYPE_find_ex()\fR return an index to the found element
+\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element
 or \fB\-1\fR on error.
 .PP
-\&\fIsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is
+\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is
 not.
 .PP
-\&\fIsk_TYPE_dup()\fR and \fIsk_TYPE_deep_copy()\fR return a pointer to the copy of the
+\&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the
 stack.
 .SH "HISTORY"
 .IX Header "HISTORY"
 Before OpenSSL 1.1.0, this was implemented via macros and not inline functions
 and was not a public \s-1API.\s0
 .PP
-\&\fIsk_TYPE_reserve()\fR and \fIsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1.
+\&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DES_random_key.3 b/secure/lib/libcrypto/man/DES_random_key.3
index ad4173cdade0e..2ac6a10e38c34 100644
--- a/secure/lib/libcrypto/man/DES_random_key.3
+++ b/secure/lib/libcrypto/man/DES_random_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DES_RANDOM_KEY 3"
-.TH DES_RANDOM_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DES_RANDOM_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -229,34 +233,34 @@ consists of 8 bytes with odd parity.  The least significant bit in
 each byte is the parity bit.  The key schedule is an expanded form of
 the key; it is used to speed the encryption process.
 .PP
-\&\fIDES_random_key()\fR generates a random key.  The \s-1PRNG\s0 must be seeded
-prior to using this function (see \fIRAND_bytes\fR\|(3)).  If the \s-1PRNG\s0
+\&\fBDES_random_key()\fR generates a random key.  The \s-1PRNG\s0 must be seeded
+prior to using this function (see \fBRAND_bytes\fR\|(3)).  If the \s-1PRNG\s0
 could not generate a secure key, 0 is returned.
 .PP
 Before a \s-1DES\s0 key can be used, it must be converted into the
 architecture dependent \fIDES_key_schedule\fR via the
-\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function.
+\&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function.
 .PP
-\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity
+\&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity
 and is not a weak or semi-weak key.  If the parity is wrong, then \-1
 is returned.  If the key is a weak key, then \-2 is returned.  If an
 error is returned, the key schedule is not generated.
 .PP
-\&\fIDES_set_key()\fR works like
-\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero,
-otherwise like \fIDES_set_key_unchecked()\fR.  These functions are available
+\&\fBDES_set_key()\fR works like
+\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero,
+otherwise like \fBDES_set_key_unchecked()\fR.  These functions are available
 for compatibility; it is recommended to use a function that does not
 depend on a global variable.
 .PP
-\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd.
+\&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd.
 .PP
-\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it
+\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it
 is ok.
 .PP
 The following routines mostly operate on an input and output stream of
 \&\fIDES_cblock\fRs.
 .PP
-\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or
+\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or
 decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR
 (\s-1ECB\s0) mode.  It always transforms the input data, pointed to by
 \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument.
@@ -265,9 +269,9 @@ If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR
 key_schedule specified by the \fIschedule\fR argument, previously set via
 \&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now
 ciphertext) is decrypted into the \fIoutput\fR (now cleartext).  Input
-and output may overlap.  \fIDES_ecb_encrypt()\fR does not return a value.
+and output may overlap.  \fBDES_ecb_encrypt()\fR does not return a value.
 .PP
-\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using
+\&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using
 three-key Triple-DES encryption in \s-1ECB\s0 mode.  This involves encrypting
 the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and
 then encrypting with \fIks3\fR.  This routine greatly reduces the chances
@@ -275,10 +279,10 @@ of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR,
 \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption
 using \s-1ECB\s0 mode and \fIks1\fR as the key.
 .PP
-The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES
+The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES
 encryption by using \fIks1\fR for the final encryption.
 .PP
-\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
+\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
 (\s-1CBC\s0) mode of \s-1DES.\s0  If the \fIencrypt\fR argument is non-zero, the
 routine cipher-block-chain encrypts the cleartext data pointed to by
 the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR
@@ -288,24 +292,24 @@ and initialization vector provided by the \fIivec\fR argument.  If the
 last block is copied to a temporary area and zero filled.  The output
 is always an integral multiple of eight bytes.
 .PP
-\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0  It uses \fIinw\fR and
+\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0  It uses \fIinw\fR and
 \&\fIoutw\fR to 'whiten' the encryption.  \fIinw\fR and \fIoutw\fR are secret
 (unlike the iv) and are as such, part of the key.  So the key is sort
 of 24 bytes.  This is much better than \s-1CBC DES.\s0
 .PP
-\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with
+\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with
 three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
 \&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR.  This mode is used by \s-1SSL.\s0
 .PP
-The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
+The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
 reusing \fIks1\fR for the final encryption.  \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
 This form of Triple-DES is used by the \s-1RSAREF\s0 library.
 .PP
-\&\fIDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block
+\&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block
 chaining mode used by Kerberos v4. Its parameters are the same as
-\&\fIDES_ncbc_encrypt()\fR.
+\&\fBDES_ncbc_encrypt()\fR.
 .PP
-\&\fIDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode.  This
+\&\fBDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode.  This
 method takes an array of characters as input and outputs an array of
 characters.  It does not require any padding to 8 character groups.
 Note: the \fIivec\fR variable is changed and the new changed value needs to
@@ -313,7 +317,7 @@ be passed to the next call to this function.  Since this function runs
 a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
 suggested for use when sending a small number of characters.
 .PP
-\&\fIDES_cfb64_encrypt()\fR
+\&\fBDES_cfb64_encrypt()\fR
 implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback.  Why is this
 useful you ask?  Because this routine will allow you to encrypt an
 arbitrary number of bytes, without 8 byte padding.  Each call to this
@@ -321,10 +325,10 @@ routine will encrypt the input bytes to output and then update ivec
 and num.  num contains 'how far' we are though ivec.  If this does
 not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0
 .PP
-\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as
-\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used.
+\&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as
+\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used.
 .PP
-\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode.  This method
+\&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode.  This method
 takes an array of characters as input and outputs an array of
 characters.  It does not require any padding to 8 character groups.
 Note: the \fIivec\fR variable is changed and the new changed value needs to
@@ -332,22 +336,22 @@ be passed to the next call to this function.  Since this function runs
 a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
 suggested for use when sending a small number of characters.
 .PP
-\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output
+\&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output
 Feed Back mode.
 .PP
-\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as
-\&\fIDES_ofb64_encrypt()\fR, using Triple-DES.
+\&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as
+\&\fBDES_ofb64_encrypt()\fR, using Triple-DES.
 .PP
 The following functions are included in the \s-1DES\s0 library for
 compatibility with the \s-1MIT\s0 Kerberos library.
 .PP
-\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream
+\&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream
 (via \s-1CBC\s0 encryption).  The last 4 bytes of the checksum are returned
 and the complete 8 bytes are placed in \fIoutput\fR. This function is
 used by Kerberos v4.  Other applications should use
-\&\fIEVP_DigestInit\fR\|(3) etc. instead.
+\&\fBEVP_DigestInit\fR\|(3) etc. instead.
 .PP
-\&\fIDES_quad_cksum()\fR is a Kerberos v4 function.  It returns a 4 byte
+\&\fBDES_quad_cksum()\fR is a Kerberos v4 function.  It returns a 4 byte
 checksum from the input bytes.  The algorithm can be iterated over the
 input, depending on \fIout_count\fR, 1, 2, 3 or 4 times.  If \fIoutput\fR is
 non-NULL, the 8 bytes generated by each pass are written into
@@ -355,23 +359,23 @@ non-NULL, the 8 bytes generated by each pass are written into
 .PP
 The following are DES-based transformations:
 .PP
-\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function.  This
+\&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function.  This
 version takes only a small amount of space relative to other fast
-\&\fIcrypt()\fR implementations.  This is different to the normal \fIcrypt()\fR in
+\&\fBcrypt()\fR implementations.  This is different to the normal \fBcrypt()\fR in
 that the third parameter is the buffer that the return value is
 written into.  It needs to be at least 14 bytes long.  This function
-is thread safe, unlike the normal \fIcrypt()\fR.
+is thread safe, unlike the normal \fBcrypt()\fR.
 .PP
-\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR.
-This function calls \fIDES_fcrypt()\fR with a static array passed as the
+\&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR.
+This function calls \fBDES_fcrypt()\fR with a static array passed as the
 third parameter.  This mostly emulates the normal non-thread-safe semantics
-of \fIcrypt\fR\|(3).
+of \fBcrypt\fR\|(3).
 The \fBsalt\fR must be two \s-1ASCII\s0 characters.
 .PP
-The values returned by \fIDES_fcrypt()\fR and \fIDES_crypt()\fR are terminated by \s-1NUL\s0
+The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0
 character.
 .PP
-\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from
+\&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from
 buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default)
 using \fIsched\fR for the key and \fIiv\fR as a starting vector.  The actual
 data send down \fIfd\fR consists of 4 bytes (in network byte order)
@@ -380,10 +384,10 @@ data then follows, padded with random data out to a multiple of 8
 bytes.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR
+\&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR
 instead.
 .PP
-\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits.
+\&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits.
 What this means is that if you set numbits to 12, and length to 2, the
 first 12 bits will come from the 1st input byte and the low half of
 the second input byte.  The second 12 bits will have the low 8 bits
@@ -393,41 +397,41 @@ implemented this way because most people will be using a multiple of 8
 and because once you get into pulling bytes input bytes apart things
 get ugly!
 .PP
-\&\fIDES_string_to_key()\fR is available for backward compatibility with the
+\&\fBDES_string_to_key()\fR is available for backward compatibility with the
 \&\s-1MIT\s0 library.  New applications should use a cryptographic hash function.
-The same applies for \fIDES_string_to_2key()\fR.
+The same applies for \fBDES_string_to_2key()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The \fBdes\fR library was written to be source code compatible with
 the \s-1MIT\s0 Kerberos library.
 .PP
 Applications should use the higher level functions
-\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these
+\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these
 functions directly.
 .PP
 Single-key \s-1DES\s0 is insecure due to its short key size.  \s-1ECB\s0 mode is
-not suitable for most applications; see \fIdes_modes\fR\|(7).
+not suitable for most applications; see \fBdes_modes\fR\|(7).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDES_set_key()\fR, \fIDES_key_sched()\fR, \fIDES_set_key_checked()\fR and \fIDES_is_weak_key()\fR
+\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR
 return 0 on success or negative values on error.
 .PP
-\&\fIDES_cbc_cksum()\fR and \fIDES_quad_cksum()\fR return 4\-byte integer representing the
+\&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the
 last 4 bytes of the checksum of the input.
 .PP
-\&\fIDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fIDES_crypt()\fR \-
+\&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \-
 to a static buffer on success; otherwise they return \s-1NULL.\s0
 .SH "HISTORY"
 .IX Header "HISTORY"
-The requirement that the \fBsalt\fR parameter to \fIDES_crypt()\fR and \fIDES_fcrypt()\fR
+The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR
 be two \s-1ASCII\s0 characters was first enforced in
 OpenSSL 1.1.0.  Previous versions tried to use the letter uppercase \fBA\fR
 if both character were not present, and could crash when given non-ASCII
 on some platforms.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIdes_modes\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3)
+\&\fBdes_modes\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index 51c0981163119..6e89587addd11 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_GENERATE_KEY 3"
-.TH DH_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_GENERATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,31 +151,31 @@ DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key
+\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key
 exchange by generating private and public \s-1DH\s0 values. By calling
-\&\fIDH_compute_key()\fR, these are combined with the other party's public
+\&\fBDH_compute_key()\fR, these are combined with the other party's public
 value to compute the shared key.
 .PP
-\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters
+\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters
 \&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value
 unless \fBdh\->priv_key\fR is already set, and computes the
 corresponding public value \fBdh\->pub_key\fR, which can then be
 published.
 .PP
-\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value
+\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value
 in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores
 it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise.
+\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise.
 .PP
-\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1
+\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1
 on error.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIDH_size\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index acdadf8987d0f..b8695b8baf817 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_GENERATE_PARAMETERS 3"
-.TH DH_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_GENERATE_PARAMETERS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,11 +165,11 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can
+\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can
 be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR
 structure. The pseudo-random number generator must be
 seeded before calling it.
-The parameters generated by \fIDH_generate_parameters_ex()\fR should not be used in
+The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in
 signature schemes.
 .PP
 \&\fBprime_len\fR is the length in bits of the safe prime to be generated.
@@ -173,19 +177,19 @@ signature schemes.
 .PP
 A callback function may be used to provide feedback about the progress
 of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be
-called as described in \fIBN_generate_prime\fR\|(3) while a random prime
+called as described in \fBBN_generate_prime\fR\|(3) while a random prime
 number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR
-is called. See \fIBN_generate_prime_ex\fR\|(3) for information on
-the \fIBN_GENCB_call()\fR function.
+is called. See \fBBN_generate_prime_ex\fR\|(3) for information on
+the \fBBN_GENCB_call()\fR function.
 .PP
-\&\fIDH_generate_parameters()\fR is similar to \fIDH_generate_prime_ex()\fR but
+\&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but
 expects an old-style callback function; see
-\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback.
+\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback.
 .PP
-\&\fIDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to
+\&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to
 be valid.
 This is a lightweight check, if a more thorough check is needed, use
-\&\fIDH_check()\fR.
+\&\fBDH_check()\fR.
 The value of \fB*codes\fR is updated with any problems found.
 If \fB*codes\fR is zero then no problems were found, otherwise the
 following bits may be set:
@@ -200,7 +204,7 @@ The generator \fBg\fR is not suitable.
 Note that the lack of this bit doesn't guarantee that \fBg\fR is
 suitable, unless \fBp\fR is known to be a strong prime.
 .PP
-\&\fIDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The
+\&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The
 value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then
 no problems were found, otherwise the following bits may be set:
 .IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4
@@ -225,30 +229,30 @@ The parameter \fBq\fR is invalid.
 .IX Item "DH_CHECK_INVALID_J_VALUE"
 The parameter \fBj\fR is invalid.
 .PP
-\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR are similar to
-\&\fIDH_check()\fR and \fIDH_check_params()\fR respectively, but the error reasons are added
+\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to
+\&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added
 to the thread's error queue instead of provided as return values from the
 function.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDH_generate_parameters_ex()\fR, \fIDH_check()\fR and \fIDH_check_params()\fR return 1
+\&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1
 if the check could be performed, 0 otherwise.
 .PP
-\&\fIDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if
+\&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if
 the parameter generation fails.
 .PP
-\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR return 1 if the
+\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the
 check is successful, 0 for failed.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3),
-\&\fIDH_free\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3),
+\&\fBDH_free\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use
-\&\fIDH_generate_parameters_ex()\fR instead.
+\&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use
+\&\fBDH_generate_parameters_ex()\fR instead.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DH_get0_pqg.3 b/secure/lib/libcrypto/man/DH_get0_pqg.3
index 4d900d008a478..363d5744f43ce 100644
--- a/secure/lib/libcrypto/man/DH_get0_pqg.3
+++ b/secure/lib/libcrypto/man/DH_get0_pqg.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_GET0_PQG 3"
-.TH DH_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_GET0_PQG 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,7 +169,7 @@ A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note th
 parameter is optional. It also contains a public key (\fBpub_key\fR) and
 (optionally) a private key (\fBpriv_key\fR).
 .PP
-The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDH_get0_pqg()\fR.
+The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR.
 If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set
 to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These
 point directly to the internal representations of the values and therefore
@@ -173,13 +177,13 @@ should not be freed directly.
 Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no
 value will be returned for that parameter.
 .PP
-The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDH_set0_pqg()\fR and passing
+The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing
 the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling
 this function transfers the memory management of the values to the \s-1DH\s0 object,
 and therefore the values that have been passed in should not be freed directly
 after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0
 .PP
-To get the public and private key values use the \fIDH_get0_key()\fR function. A
+To get the public and private key values use the \fBDH_get0_key()\fR function. A
 pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the
 private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not
 been set yet, although if the private key has been set then the public key must
@@ -188,55 +192,55 @@ private key values. This memory should not be freed directly.
 Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case
 no value will be returned for that parameter.
 .PP
-The public and private key values can be set using \fIDH_set0_key()\fR. Either
+The public and private key values can be set using \fBDH_set0_key()\fR. Either
 parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left
-untouched. As with \fIDH_set0_pqg()\fR this function transfers the memory management
+untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management
 of the key values to the \s-1DH\s0 object, and therefore they should not be freed
 directly after this function has been called.
 .PP
 Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be
-retrieved separately by the corresponding function \fIDH_get0_p()\fR, \fIDH_get0_q()\fR,
-\&\fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR, respectively.
+retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR,
+\&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively.
 .PP
-\&\fIDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object.
+\&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object.
 Multiple flags can be passed in one go (bitwise ORed together). Any flags that
-are already set are left set. \fIDH_test_flags()\fR tests to see whether the flags
+are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags
 passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple
 flags can be tested in one go. All flags that are currently set are returned, or
-zero if none of the flags are set. \fIDH_clear_flags()\fR clears the specified flags
+zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags
 within the \s-1DH\s0 object.
 .PP
-\&\fIDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0
+\&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0
 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set.
 .PP
-The \fIDH_get_length()\fR and \fIDH_set_length()\fR functions get and set the optional
+The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional
 length parameter associated with this \s-1DH\s0 object. If the length is non-zero then
 it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the
 length of the secret exponent (private key) in bits.
 .SH "NOTES"
 .IX Header "NOTES"
-Values retrieved with \fIDH_get0_key()\fR are owned by the \s-1DH\s0 object used
-in the call and may therefore \fInot\fR be passed to \fIDH_set0_key()\fR.  If
-needed, duplicate the received value using \fIBN_dup()\fR and pass the
-duplicate.  The same applies to \fIDH_get0_pqg()\fR and \fIDH_set0_pqg()\fR.
+Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used
+in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR.  If
+needed, duplicate the received value using \fBBN_dup()\fR and pass the
+duplicate.  The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDH_set0_pqg()\fR and \fIDH_set0_key()\fR return 1 on success or 0 on failure.
+\&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure.
 .PP
-\&\fIDH_get0_p()\fR, \fIDH_get0_q()\fR, \fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR
+\&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR
 return the respective value, or \s-1NULL\s0 if it is unset.
 .PP
-\&\fIDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object.
+\&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object.
 .PP
-\&\fIDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0
+\&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0
 has been set.
 .PP
-\&\fIDH_get_length()\fR returns the length of the secret exponent (private key) in bits,
+\&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits,
 or zero if no such length has been explicitly set.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3),
-\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_meth_new\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3),
+\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The functions described here were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/DH_get_1024_160.3 b/secure/lib/libcrypto/man/DH_get_1024_160.3
index 593aadeedecad..7230fd38edfd5 100644
--- a/secure/lib/libcrypto/man/DH_get_1024_160.3
+++ b/secure/lib/libcrypto/man/DH_get_1024_160.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_GET_1024_160 3"
-.TH DH_GET_1024_160 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_GET_1024_160 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,17 +165,17 @@ DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_ge
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDH_get_1024_160()\fR, \fIDH_get_2048_224()\fR, and \fIDH_get_2048_256()\fR each return
+\&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return
 a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value.
 .PP
-\&\fIBN_get0_nist_prime_192()\fR, \fIBN_get0_nist_prime_224()\fR, \fIBN_get0_nist_prime_256()\fR,
-\&\fIBN_get0_nist_prime_384()\fR, and \fIBN_get0_nist_prime_521()\fR functions return
+\&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR,
+\&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return
 a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256).
 .PP
-\&\fIBN_get_rfc2409_prime_768()\fR, \fIBN_get_rfc2409_prime_1024()\fR,
-\&\fIBN_get_rfc3526_prime_1536()\fR, \fIBN_get_rfc3526_prime_2048()\fR,
-\&\fIBN_get_rfc3526_prime_3072()\fR, \fIBN_get_rfc3526_prime_4096()\fR,
-\&\fIBN_get_rfc3526_prime_6144()\fR, and \fIBN_get_rfc3526_prime_8192()\fR functions
+\&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR,
+\&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR,
+\&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR,
+\&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions
 return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0  If \fBbn\fR
 is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well.
 .SH "RETURN VALUES"
diff --git a/secure/lib/libcrypto/man/DH_meth_new.3 b/secure/lib/libcrypto/man/DH_meth_new.3
index 0903e7408a8b4..4620667e6c888 100644
--- a/secure/lib/libcrypto/man/DH_meth_new.3
+++ b/secure/lib/libcrypto/man/DH_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_METH_NEW 3"
-.TH DH_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -189,45 +193,45 @@ The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom
 implementations. It provides a set of functions used by OpenSSL for the
 implementation of the various \s-1DH\s0 capabilities.
 .PP
-\&\fIDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a
+\&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a
 unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated
 string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is
 the callers responsibility to free the original string. The flags will be used
 during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any
 new \fB\s-1DH\s0\fR object will have those flags set by default.
 .PP
-\&\fIDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a
+\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a
 parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an
 existing one, but with some differences.
 .PP
-\&\fIDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory
+\&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory
 associated with it.
 .PP
-\&\fIDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This
+\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This
 is a pointer to the internal name string and so should not be freed by the
-caller. \fIDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The
+caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The
 string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the
 caller remains responsible for freeing the memory associated with the name.
 .PP
-\&\fIDH_meth_get_flags()\fR returns the current value of the flags associated with this
-\&\s-1DH_METHOD.\s0 \fIDH_meth_set_flags()\fR provides the ability to set these flags.
+\&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this
+\&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags.
 .PP
-The functions \fIDH_meth_get0_app_data()\fR and \fIDH_meth_set0_app_data()\fR provide the
+The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the
 ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is
 the application's responsibility to free this data before the \s-1DH_METHOD\s0 is
-freed via a call to \fIDH_meth_free()\fR.
+freed via a call to \fBDH_meth_free()\fR.
 .PP
-\&\fIDH_meth_get_generate_key()\fR and \fIDH_meth_set_generate_key()\fR get and set the
+\&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the
 function used for generating a new \s-1DH\s0 key pair respectively. This function will
-be called in response to the application calling \fIDH_generate_key()\fR. The
-parameter for the function has the same meaning as for \fIDH_generate_key()\fR.
+be called in response to the application calling \fBDH_generate_key()\fR. The
+parameter for the function has the same meaning as for \fBDH_generate_key()\fR.
 .PP
-\&\fIDH_meth_get_compute_key()\fR and \fIDH_meth_set_compute_key()\fR get and set the
+\&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the
 function used for computing a new \s-1DH\s0 shared secret respectively. This function
-will be called in response to the application calling \fIDH_compute_key()\fR. The
-parameters for the function have the same meaning as for \fIDH_compute_key()\fR.
+will be called in response to the application calling \fBDH_compute_key()\fR. The
+parameters for the function have the same meaning as for \fBDH_compute_key()\fR.
 .PP
-\&\fIDH_meth_get_bn_mod_exp()\fR and \fIDH_meth_set_bn_mod_exp()\fR get and set the function
+\&\fBDH_meth_get_bn_mod_exp()\fR and \fBDH_meth_set_bn_mod_exp()\fR get and set the function
 used for computing the following value:
 .PP
 .Vb 1
@@ -235,48 +239,48 @@ used for computing the following value:
 .Ve
 .PP
 This function will be called by the default OpenSSL function for
-\&\fIDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function
+\&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function
 may be \s-1NULL\s0 unless using the default generate key function, in which case it
 must be present.
 .PP
-\&\fIDH_meth_get_init()\fR and \fIDH_meth_set_init()\fR get and set the function used
+\&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used
 for creating a new \s-1DH\s0 instance respectively. This function will be
-called in response to the application calling \fIDH_new()\fR (if the current default
-\&\s-1DH_METHOD\s0 is this one) or \fIDH_new_method()\fR. The \fIDH_new()\fR and \fIDH_new_method()\fR
+called in response to the application calling \fBDH_new()\fR (if the current default
+\&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR
 functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this
 newly allocated structure will be passed as a parameter to the function. This
 function may be \s-1NULL.\s0
 .PP
-\&\fIDH_meth_get_finish()\fR and \fIDH_meth_set_finish()\fR get and set the function used
+\&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used
 for destroying an instance of a \s-1DH\s0 object respectively. This function will be
-called in response to the application calling \fIDH_free()\fR. A pointer to the \s-1DH\s0
+called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0
 to be destroyed is passed as a parameter. The destroy function should be used
 for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should
 not be freed by this function. This function may be \s-1NULL.\s0
 .PP
-\&\fIDH_meth_get_generate_params()\fR and \fIDH_meth_set_generate_params()\fR get and set the
+\&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the
 function used for generating \s-1DH\s0 parameters respectively. This function will be
-called in response to the application calling \fIDH_generate_parameters_ex()\fR (or
-\&\fIDH_generate_parameters()\fR). The parameters for the function have the same
-meaning as for \fIDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0
+called in response to the application calling \fBDH_generate_parameters_ex()\fR (or
+\&\fBDH_generate_parameters()\fR). The parameters for the function have the same
+meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDH_meth_new()\fR and \fIDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object
+\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object
 or \s-1NULL\s0 on failure.
 .PP
-\&\fIDH_meth_get0_name()\fR and \fIDH_meth_get_flags()\fR return the name and flags
+\&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags
 associated with the \s-1DH_METHOD\s0 respectively.
 .PP
 All other DH_meth_get_*() functions return the appropriate function pointer
 that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been
 set.
 .PP
-\&\fIDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or
+\&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or
 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3),
-\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_get0_pqg\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3),
+\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The functions described here were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index 292eb9b710a7e..c6f509e4b28c4 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_NEW 3"
-.TH DH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,23 +151,23 @@ DH_new, DH_free \- allocate and free DH objects
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure.
+\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure.
 .PP
-\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are
+\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are
 erased before the memory is returned to the system.
 If \fBdh\fR is \s-1NULL\s0 nothing is done.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
-code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns
+If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns
 a pointer to the newly allocated structure.
 .PP
-\&\fIDH_free()\fR returns no value.
+\&\fBDH_free()\fR returns no value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIDH_generate_parameters\fR\|(3),
-\&\fIDH_generate_key\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBDH_generate_parameters\fR\|(3),
+\&\fBDH_generate_key\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DH_new_by_nid.3 b/secure/lib/libcrypto/man/DH_new_by_nid.3
index d49e9f9b15463..57a53351b46c6 100644
--- a/secure/lib/libcrypto/man/DH_new_by_nid.3
+++ b/secure/lib/libcrypto/man/DH_new_by_nid.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_NEW_BY_NID 3"
-.TH DH_NEW_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_NEW_BY_NID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,18 +149,18 @@ DH_new_by_nid, DH_get_nid \- get or find DH named parameters
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters
+\&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters
 \&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR,
 \&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR.
 .PP
-\&\fIDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match
+\&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match
 any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or
 \&\fBNID_undef\fR if there is no match.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred.
+\&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or
+\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or
 \&\fBNID_undef\fR if there is no match.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index cd0f6560ecbcb..a976e2ab45714 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_SET_METHOD 3"
-.TH DH_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_SET_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,20 +164,20 @@ important information about how these \s-1DH API\s0 functions are affected by th
 of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
 .PP
 Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as
-returned by \fIDH_OpenSSL()\fR.
+returned by \fBDH_OpenSSL()\fR.
 .PP
-\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
+\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
 structures created later.
 \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set
 as a default for \s-1DH,\s0 so this function is no longer recommended.
 This function is not thread-safe and should not be called at the same time
 as other OpenSSL functions.
 .PP
-\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0
+\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0
 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE
 API\s0 is being used, so this function is no longer recommended.
 .PP
-\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
+\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
 This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method
 was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the
 change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0
@@ -181,30 +185,30 @@ implementations (eg. from an \s-1ENGINE\s0 module that supports embedded
 hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0
 for the key can have unexpected results.
 .PP
-\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
+\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
 be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0
 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by
-\&\fIDH_set_default_method()\fR is used.
+\&\fBDH_set_default_method()\fR is used.
 .PP
-A new \s-1DH_METHOD\s0 object may be constructed using \fIDH_meth_new()\fR (see
-\&\fIDH_meth_new\fR\|(3)).
+A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see
+\&\fBDH_meth_new\fR\|(3)).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective
+\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective
 \&\fB\s-1DH_METHOD\s0\fRs.
 .PP
-\&\fIDH_set_default_method()\fR returns no value.
+\&\fBDH_set_default_method()\fR returns no value.
 .PP
-\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
+\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
 the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous
 method was supplied by an \s-1ENGINE\s0).
 .PP
-\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by
-\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it
+\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by
+\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it
 returns a pointer to the newly allocated structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_meth_new\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index 6a63cb458085b..9ed829c463de0 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_SIZE 3"
-.TH DH_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DH_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,30 +153,30 @@ DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and securit
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used
+\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used
 to determine how much memory must be allocated for the shared secret
-computed by \fIDH_compute_key\fR\|(3).
+computed by \fBDH_compute_key\fR\|(3).
 .PP
-\&\fIDH_bits()\fR returns the number of significant bits.
+\&\fBDH_bits()\fR returns the number of significant bits.
 .PP
 \&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR.
 .PP
-\&\fIDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR
-key. See \fIBN_security_bits\fR\|(3).
+\&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR
+key. See \fBBN_security_bits\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDH_size()\fR returns the prime size of Diffie-Hellman in bytes.
+\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes.
 .PP
-\&\fIDH_bits()\fR returns the number of bits in the key.
+\&\fBDH_bits()\fR returns the number of bits in the key.
 .PP
-\&\fIDH_security_bits()\fR returns the number of security bits.
+\&\fBDH_security_bits()\fR returns the number of security bits.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIDH_generate_key\fR\|(3),
-\&\fIBN_num_bits\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3),
+\&\fBBN_num_bits\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIDH_bits()\fR was added in OpenSSL 1.1.0.
+The \fBDH_bits()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index 6b91e3c4b12d4..5933ac654c0cd 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_SIG_NEW 3"
-.TH DSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_SIG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,33 +152,33 @@ DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA s
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure.
+\&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure.
 .PP
-\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The
+\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The
 values are erased before the memory is returned to the system.
 .PP
-\&\fIDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained
+\&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained
 in \fBsig\fR.
 .PP
-The \fBr\fR and \fBs\fR values can be set by calling \fIDSA_SIG_set0()\fR and passing the
+The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the
 new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this
 function transfers the memory management of the values to the \s-1DSA_SIG\s0 object,
 and therefore the values that have been passed in should not be freed directly
 after this function has been called.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an
+If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an
 error code that can be obtained by
-\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
+\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer
 to the newly allocated structure.
 .PP
-\&\fIDSA_SIG_free()\fR returns no value.
+\&\fBDSA_SIG_free()\fR returns no value.
 .PP
-\&\fIDSA_SIG_set0()\fR returns 1 on success or 0 on failure.
+\&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIDSA_do_sign\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBDSA_do_sign\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index 7a27cda24f4b3..1680fdc2b3e2c 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_DO_SIGN 3"
-.TH DSA_DO_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_DO_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,28 +152,28 @@ DSA_do_sign, DSA_do_verify \- raw DSA signature operations
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message
+\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message
 digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a
 newly allocated \fB\s-1DSA_SIG\s0\fR structure.
 .PP
-\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part
+\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part
 of the signing operation in case signature generation is
 time-critical.
 .PP
-\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given
+\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given
 message digest \fBdgst\fR of size \fBlen\fR.  \fBdsa\fR is the signer's public
 key.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error.  \fIDSA_do_verify()\fR
+\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error.  \fBDSA_do_verify()\fR
 returns 1 for a valid signature, 0 for an incorrect signature and \-1
 on error. The error codes can be obtained by
-\&\fIERR_get_error\fR\|(3).
+\&\fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3),
-\&\fIDSA_SIG_new\fR\|(3),
-\&\fIDSA_sign\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3),
+\&\fBDSA_SIG_new\fR\|(3),
+\&\fBDSA_sign\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index cfbd7edb07269..dce3f947953c5 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_DUP_DH 3"
-.TH DSA_DUP_DH 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_DUP_DH 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,19 +149,19 @@ DSA_dup_DH \- create a DH structure out of DSA structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q
+\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q
 is lost during that conversion, but the resulting \s-1DH\s0 parameters
 contain its length.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The
-error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The
+error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "NOTE"
 .IX Header "NOTE"
 Be careful to avoid small subgroup attacks when using this.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDH_new\fR\|(3), \fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3)
+\&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index 9cf96992cc614..daafe853e43e4 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_GENERATE_KEY 3"
-.TH DSA_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_GENERATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,18 +149,18 @@ DSA_generate_key \- generate DSA key pair
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates
+\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates
 a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR.
 .PP
-The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR.
+The \s-1PRNG\s0 must be seeded prior to calling \fBDSA_generate_key()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise.
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3),
-\&\fIDSA_generate_parameters_ex\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3),
+\&\fBDSA_generate_parameters_ex\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index 4b30a73215d71..bfc29faaa8888 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_GENERATE_PARAMETERS 3"
-.TH DSA_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_GENERATE_PARAMETERS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -158,7 +162,7 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_generate_parameters_ex()\fR generates primes p and q and a generator g
+\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g
 for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR.
 .PP
 \&\fBbits\fR is the length of the prime p to be generated.
@@ -168,7 +172,7 @@ greater than or equal to 2048 bits, the length of q is set to 256 bits.
 If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random.
 If \fBseed_len\fR is less than the length of q, an error is returned.
 .PP
-\&\fIDSA_generate_parameters_ex()\fR places the iteration count in
+\&\fBDSA_generate_parameters_ex()\fR places the iteration count in
 *\fBcounter_ret\fR and a counter used for finding a generator in
 *\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR.
 .PP
@@ -176,11 +180,11 @@ A callback function may be used to provide feedback about the progress
 of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be
 called as shown below. For information on the \s-1BN_GENCB\s0 structure and the
 BN_GENCB_call function discussed below, refer to
-\&\fIBN_generate_prime\fR\|(3).
+\&\fBBN_generate_prime\fR\|(3).
 .PP
-\&\fIDSA_generate_prime()\fR is similar to \fIDSA_generate_prime_ex()\fR but
+\&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but
 expects an old-style callback function; see
-\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback.
+\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback.
 .IP "\(bu" 2
 When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called
 (m is 0 for the first candidate).
@@ -210,22 +214,22 @@ When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called.
 When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise.
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .PP
-\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or
+\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or
 \&\fB\s-1NULL\s0\fR if the parameter generation fails.
 .SH "BUGS"
 .IX Header "BUGS"
 Seed lengths greater than 20 are not supported.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3),
-\&\fIDSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3),
+\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use
-\&\fIDSA_generate_parameters_ex()\fR instead.
+\&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use
+\&\fBDSA_generate_parameters_ex()\fR instead.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/DSA_get0_pqg.3
index 0cd356b05b4c9..4f69736781920 100644
--- a/secure/lib/libcrypto/man/DSA_get0_pqg.3
+++ b/secure/lib/libcrypto/man/DSA_get0_pqg.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_GET0_PQG 3"
-.TH DSA_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_GET0_PQG 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -162,66 +166,66 @@ DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q,
 A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a
 public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR).
 .PP
-The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDSA_get0_pqg()\fR.
+The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR.
 If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set
 to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These
 point directly to the internal representations of the values and therefore
 should not be freed directly.
 .PP
-The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDSA_set0_pqg()\fR and passing
+The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing
 the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling
 this function transfers the memory management of the values to the \s-1DSA\s0 object,
 and therefore the values that have been passed in should not be freed directly
 after this function has been called.
 .PP
-To get the public and private key values use the \fIDSA_get0_key()\fR function. A
+To get the public and private key values use the \fBDSA_get0_key()\fR function. A
 pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the
 private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not
 been set yet, although if the private key has been set then the public key must
 be. The values point to the internal representation of the public key and
 private key values. This memory should not be freed directly.
 .PP
-The public and private key values can be set using \fIDSA_set0_key()\fR. The public
+The public and private key values can be set using \fBDSA_set0_key()\fR. The public
 key must be non-NULL the first time this function is called on a given \s-1DSA\s0
 object. The private key may be \s-1NULL.\s0  On subsequent calls, either may be \s-1NULL,\s0
-which means the corresponding \s-1DSA\s0 field is left untouched. As for \fIDSA_set0_pqg()\fR
+which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR
 this function transfers the memory management of the key values to the \s-1DSA\s0
 object, and therefore they should not be freed directly after this function has
 been called.
 .PP
 Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be
-retrieved separately by the corresponding function \fIDSA_get0_p()\fR, \fIDSA_get0_q()\fR,
-\&\fIDSA_get0_g()\fR, \fIDSA_get0_priv_key()\fR, and \fIDSA_get0_pub_key()\fR, respectively.
+retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR,
+\&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively.
 .PP
-\&\fIDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object.
+\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object.
 Multiple flags can be passed in one go (bitwise ORed together). Any flags that
-are already set are left set. \fIDSA_test_flags()\fR tests to see whether the flags
+are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags
 passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple
 flags can be tested in one go. All flags that are currently set are returned, or
-zero if none of the flags are set. \fIDSA_clear_flags()\fR clears the specified flags
+zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags
 within the \s-1DSA\s0 object.
 .PP
-\&\fIDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0
+\&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0
 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set.
 .SH "NOTES"
 .IX Header "NOTES"
-Values retrieved with \fIDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used
-in the call and may therefore \fInot\fR be passed to \fIDSA_set0_key()\fR.  If
-needed, duplicate the received value using \fIBN_dup()\fR and pass the
-duplicate.  The same applies to \fIDSA_get0_pqg()\fR and \fIDSA_set0_pqg()\fR.
+Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used
+in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR.  If
+needed, duplicate the received value using \fBBN_dup()\fR and pass the
+duplicate.  The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_set0_pqg()\fR and \fIDSA_set0_key()\fR return 1 on success or 0 on failure.
+\&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure.
 .PP
-\&\fIDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object.
+\&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object.
 .PP
-\&\fIDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0
+\&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0
 has been set.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3),
-\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3),
-\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_meth_new\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3),
+\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3),
+\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The functions described here were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/DSA_meth_new.3 b/secure/lib/libcrypto/man/DSA_meth_new.3
index 5167565a2fb7f..1277964af30c7 100644
--- a/secure/lib/libcrypto/man/DSA_meth_new.3
+++ b/secure/lib/libcrypto/man/DSA_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_METH_NEW 3"
-.TH DSA_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -216,50 +220,50 @@ implementations. It provides a set of functions used by OpenSSL for the
 implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more
 information.
 .PP
-\&\fIDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a
+\&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a
 unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated
 string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is
 the callers responsibility to free the original string. The flags will be used
 during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any
 new \fB\s-1DSA\s0\fR object will have those flags set by default.
 .PP
-\&\fIDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a
+\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a
 parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an
 existing one, but with some differences.
 .PP
-\&\fIDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory
+\&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory
 associated with it.
 .PP
-\&\fIDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This
+\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This
 is a pointer to the internal name string and so should not be freed by the
-caller. \fIDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The
+caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The
 string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the
 caller remains responsible for freeing the memory associated with the name.
 .PP
-\&\fIDSA_meth_get_flags()\fR returns the current value of the flags associated with this
-\&\s-1DSA_METHOD.\s0 \fIDSA_meth_set_flags()\fR provides the ability to set these flags.
+\&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this
+\&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags.
 .PP
-The functions \fIDSA_meth_get0_app_data()\fR and \fIDSA_meth_set0_app_data()\fR provide the
+The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the
 ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is
 the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is
-freed via a call to \fIDSA_meth_free()\fR.
+freed via a call to \fBDSA_meth_free()\fR.
 .PP
-\&\fIDSA_meth_get_sign()\fR and \fIDSA_meth_set_sign()\fR get and set the function used for
+\&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for
 creating a \s-1DSA\s0 signature respectively. This function will be
-called in response to the application calling \fIDSA_do_sign()\fR (or \fIDSA_sign()\fR). The
-parameters for the function have the same meaning as for \fIDSA_do_sign()\fR.
+called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The
+parameters for the function have the same meaning as for \fBDSA_do_sign()\fR.
 .PP
-\&\fIDSA_meth_get_sign_setup()\fR and \fIDSA_meth_set_sign_setup()\fR get and set the function
+\&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function
 used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function
-will be called in response to the application calling \fIDSA_sign_setup()\fR. The
-parameters for the function have the same meaning as for \fIDSA_sign_setup()\fR.
+will be called in response to the application calling \fBDSA_sign_setup()\fR. The
+parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR.
 .PP
-\&\fIDSA_meth_get_verify()\fR and \fIDSA_meth_set_verify()\fR get and set the function used
+\&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used
 for verifying a \s-1DSA\s0 signature respectively. This function will be called in
-response to the application calling \fIDSA_do_verify()\fR (or \fIDSA_verify()\fR). The
-parameters for the function have the same meaning as for \fIDSA_do_verify()\fR.
+response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The
+parameters for the function have the same meaning as for \fBDSA_do_verify()\fR.
 .PP
-\&\fIDSA_meth_get_mod_exp()\fR and \fIDSA_meth_set_mod_exp()\fR get and set the function used
+\&\fBDSA_meth_get_mod_exp()\fR and \fBDSA_meth_set_mod_exp()\fR get and set the function used
 for computing the following value:
 .PP
 .Vb 1
@@ -270,7 +274,7 @@ This function will be called by the default OpenSSL method during verification
 of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function
 may be \s-1NULL.\s0
 .PP
-\&\fIDSA_meth_get_bn_mod_exp()\fR and \fIDSA_meth_set_bn_mod_exp()\fR get and set the function
+\&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function
 used for computing the following value:
 .PP
 .Vb 1
@@ -278,53 +282,53 @@ used for computing the following value:
 .Ve
 .PP
 This function will be called by the default OpenSSL function for
-\&\fIDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function
+\&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function
 may be \s-1NULL.\s0
 .PP
-\&\fIDSA_meth_get_init()\fR and \fIDSA_meth_set_init()\fR get and set the function used
+\&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used
 for creating a new \s-1DSA\s0 instance respectively. This function will be
-called in response to the application calling \fIDSA_new()\fR (if the current default
-\&\s-1DSA_METHOD\s0 is this one) or \fIDSA_new_method()\fR. The \fIDSA_new()\fR and \fIDSA_new_method()\fR
+called in response to the application calling \fBDSA_new()\fR (if the current default
+\&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR
 functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this
 newly allocated structure will be passed as a parameter to the function. This
 function may be \s-1NULL.\s0
 .PP
-\&\fIDSA_meth_get_finish()\fR and \fIDSA_meth_set_finish()\fR get and set the function used
+\&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used
 for destroying an instance of a \s-1DSA\s0 object respectively. This function will be
-called in response to the application calling \fIDSA_free()\fR. A pointer to the \s-1DSA\s0
+called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0
 to be destroyed is passed as a parameter. The destroy function should be used
 for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should
 not be freed by this function. This function may be \s-1NULL.\s0
 .PP
-\&\fIDSA_meth_get_paramgen()\fR and \fIDSA_meth_set_paramgen()\fR get and set the function
+\&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function
 used for generating \s-1DSA\s0 parameters respectively. This function will be called in
-response to the application calling \fIDSA_generate_parameters_ex()\fR (or
-\&\fIDSA_generate_parameters()\fR). The parameters for the function have the same
-meaning as for \fIDSA_generate_parameters_ex()\fR.
+response to the application calling \fBDSA_generate_parameters_ex()\fR (or
+\&\fBDSA_generate_parameters()\fR). The parameters for the function have the same
+meaning as for \fBDSA_generate_parameters_ex()\fR.
 .PP
-\&\fIDSA_meth_get_keygen()\fR and \fIDSA_meth_set_keygen()\fR get and set the function
+\&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function
 used for generating a new \s-1DSA\s0 key pair respectively. This function will be
-called in response to the application calling \fIDSA_generate_key()\fR. The parameter
-for the function has the same meaning as for \fIDSA_generate_key()\fR.
+called in response to the application calling \fBDSA_generate_key()\fR. The parameter
+for the function has the same meaning as for \fBDSA_generate_key()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_meth_new()\fR and \fIDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object
+\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object
 or \s-1NULL\s0 on failure.
 .PP
-\&\fIDSA_meth_get0_name()\fR and \fIDSA_meth_get_flags()\fR return the name and flags
+\&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags
 associated with the \s-1DSA_METHOD\s0 respectively.
 .PP
 All other DSA_meth_get_*() functions return the appropriate function pointer
 that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been
 set.
 .PP
-\&\fIDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or
+\&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or
 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3),
-\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3),
-\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_get0_pqg\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3),
+\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3),
+\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The functions described here were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index 2f046affd9999..b25b350632924 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_NEW 3"
-.TH DSA_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,25 +151,25 @@ DSA_new, DSA_free \- allocate and free DSA objects
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to
+\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to
 calling DSA_new_method(\s-1NULL\s0).
 .PP
-\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are
+\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are
 erased before the memory is returned to the system.
 If \fBdsa\fR is \s-1NULL\s0 nothing is done.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
 code that can be obtained by
-\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
+\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer
 to the newly allocated structure.
 .PP
-\&\fIDSA_free()\fR returns no value.
+\&\fBDSA_free()\fR returns no value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIDSA_generate_parameters\fR\|(3),
-\&\fIDSA_generate_key\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBDSA_generate_parameters\fR\|(3),
+\&\fBDSA_generate_key\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index 54e5fa3b2fcd9..c2d7b8198aee3 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_SET_METHOD 3"
-.TH DSA_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_SET_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,21 +164,21 @@ important information about how these \s-1DSA API\s0 functions are affected by t
 of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
 .PP
 Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation,
-as returned by \fIDSA_OpenSSL()\fR.
+as returned by \fBDSA_OpenSSL()\fR.
 .PP
-\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
+\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
 structures created later.
 \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
 been set as a default for \s-1DSA,\s0 so this function is no longer recommended.
 This function is not thread-safe and should not be called at the same time
 as other OpenSSL functions.
 .PP
-\&\fIDSA_get_default_method()\fR returns a pointer to the current default
+\&\fBDSA_get_default_method()\fR returns a pointer to the current default
 \&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on
 whether the \s-1ENGINE API\s0 is being used, so this function is no longer
 recommended.
 .PP
-\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
+\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
 \&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the
 previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will
 be released during the change. It is possible to have \s-1DSA\s0 keys that only
@@ -184,27 +188,27 @@ attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected
 results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0
 objects;
 .PP
-\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
+\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
 will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine
 for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0
-controlled by \fIDSA_set_default_method()\fR is used.
+controlled by \fBDSA_set_default_method()\fR is used.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective
+\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective
 \&\fB\s-1DSA_METHOD\s0\fRs.
 .PP
-\&\fIDSA_set_default_method()\fR returns no value.
+\&\fBDSA_set_default_method()\fR returns no value.
 .PP
-\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
+\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
 the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous
 method was supplied by an \s-1ENGINE\s0).
 .PP
-\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be
-obtained by \fIERR_get_error\fR\|(3) if the allocation
+\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be
+obtained by \fBERR_get_error\fR\|(3) if the allocation
 fails. Otherwise it returns a pointer to the newly allocated structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_meth_new\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index f5f896c59c246..6641e6c9c4239 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_SIGN 3"
-.TH DSA_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,40 +155,40 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
+\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
 digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0
 encoding at \fBsigret\fR. The length of the signature is places in
 *\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory.
 .PP
-\&\fIDSA_sign_setup()\fR is defined only for backward binary compatibility and
+\&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and
 should not be used.
 Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of
-\&\fIDSA_sign_setup()\fR cannot be used anyway: calling this function will only
+\&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only
 cause overhead, and does not affect the actual signature
 (pre\-)computation.
 .PP
-\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
+\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
 matches a given message digest \fBdgst\fR of size \fBlen\fR.
 \&\fBdsa\fR is the signer's public key.
 .PP
 The \fBtype\fR parameter is ignored.
 .PP
-The \s-1PRNG\s0 must be seeded before \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR)
+The \s-1PRNG\s0 must be seeded before \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR)
 is called.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error.
-\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect
+\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error.
+\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect
 signature and \-1 on error. The error codes can be obtained by
-\&\fIERR_get_error\fR\|(3).
+\&\fBERR_get_error\fR\|(3).
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature
 Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3),
-\&\fIDSA_do_sign\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3),
+\&\fBDSA_do_sign\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index e2cb1d00ba0e7..6cd5229672bc1 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_SIZE 3"
-.TH DSA_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,25 +151,25 @@ DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or sec
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature
+\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature
 for key \fBdsa\fR in bytes. It can be used to determine how much memory must
 be allocated for a \s-1DSA\s0 signature.
 .PP
 \&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR.
 .PP
-\&\fIDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number
+\&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number
 of bits in the \fBp\fR parameter.
 .PP
-\&\fIDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR
-key. See \fIBN_security_bits\fR\|(3).
+\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR
+key. See \fBBN_security_bits\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIDSA_size()\fR returns the signature size in bytes.
+\&\fBDSA_size()\fR returns the signature size in bytes.
 .PP
-\&\fIDSA_bits()\fR returns the number of bits in the key.
+\&\fBDSA_bits()\fR returns the number of bits in the key.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3), \fIDSA_sign\fR\|(3)
+\&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
index 56c3754ee13cf..206b22a1357e7 100644
--- a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
+++ b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DTLS_GET_DATA_MTU 3"
-.TH DTLS_GET_DATA_MTU 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DTLS_GET_DATA_MTU 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,7 +157,7 @@ of the \s-1DTLS\s0 record header, encryption and authentication currently in use
 Returns the maximum data payload size on success, or 0 on failure.
 .SH "HISTORY"
 .IX Header "HISTORY"
-This function was added in OpenSSL 1.1.1
+The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
index 8b955732e86d1..9020bf9f41039 100644
--- a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
+++ b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DTLS_SET_TIMER_CB 3"
-.TH DTLS_SET_TIMER_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DTLS_SET_TIMER_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,7 +159,7 @@ called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent.
 Returns void.
 .SH "HISTORY"
 .IX Header "HISTORY"
-This function was added in OpenSSL 1.1.1
+The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/DTLSv1_listen.3 b/secure/lib/libcrypto/man/DTLSv1_listen.3
index 27245e982fff9..71ef2b68e7815 100644
--- a/secure/lib/libcrypto/man/DTLSv1_listen.3
+++ b/secure/lib/libcrypto/man/DTLSv1_listen.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DTLSV1_LISTEN 3"
-.TH DTLSV1_LISTEN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DTLSV1_LISTEN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,12 +150,12 @@ SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections.
-\&\fIDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a
+\&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections.
+\&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a
 ClientHello is received that does not contain a cookie, then they respond with a
 request for a new ClientHello that does contain a cookie. If a ClientHello is
 received with a cookie that is verified then the function returns in order to
-enable the handshake to be completed (for example by using \fISSL_accept()\fR).
+enable the handshake to be completed (for example by using \fBSSL_accept()\fR).
 .SH "NOTES"
 .IX Header "NOTES"
 Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification
@@ -165,7 +169,7 @@ message then the amplification attack has succeeded.
 If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate
 the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is
 designed to operate over a stream-based transport protocol (such as \s-1TCP\s0).
-If \s-1TCP\s0 is being used then there is no need to use \fISSL_stateless()\fR. However some
+If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However some
 stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source
 address. In this case a TLSv1.3 application would be susceptible to this attack.
 .PP
@@ -178,51 +182,51 @@ message thus proving that the client is capable of receiving messages sent to
 that address. All of this can be done by the server without allocating any
 state, and thus without consuming expensive resources.
 .PP
-OpenSSL implements this capability via the \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR
+OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR
 functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its
 read and write BIOs set, in the same way as might be done for a call to
-\&\fISSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R"
+\&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R"
 state and thus capable of receiving messages from any peer.
 .PP
 When a ClientHello is received that contains a cookie that has been verified,
 then these functions will return with the \fBssl\fR parameter updated into a state
-where the handshake can be continued by a call to (for example) \fISSL_accept()\fR.
-Additionally, for \fIDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be
+where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR.
+Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be
 filled in with details of the peer that sent the ClientHello. If the underlying
 \&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0
 does not support this), then \fB*peer\fR will be cleared and the family set to
 \&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to
 the peer and continue the handshake in a connected state.
 .PP
-Prior to calling \fIDTLSv1_listen()\fR user code must ensure that cookie generation
+Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation
 and verification callbacks have been set up using
-\&\fISSL_CTX_set_cookie_generate_cb()\fR and \fISSL_CTX_set_cookie_verify_cb()\fR
-respectively. For \fISSL_stateless()\fR, \fISSL_CTX_set_stateless_cookie_generate_cb()\fR
-and \fISSL_CTX_set_stateless_cookie_verify_cb()\fR must be used instead.
+\&\fBSSL_CTX_set_cookie_generate_cb()\fR and \fBSSL_CTX_set_cookie_verify_cb()\fR
+respectively. For \fBSSL_stateless()\fR, \fBSSL_CTX_set_stateless_cookie_generate_cb()\fR
+and \fBSSL_CTX_set_stateless_cookie_verify_cb()\fR must be used instead.
 .PP
-Since \fIDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming
+Since \fBDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming
 ClientHellos it is unable to process fragmented messages (since this would
-require the allocation of state). An implication of this is that \fIDTLSv1_listen()\fR
+require the allocation of state). An implication of this is that \fBDTLSv1_listen()\fR
 \&\fBonly\fR supports ClientHellos that fit inside a single datagram.
 .PP
-For \fISSL_stateless()\fR if an entire ClientHello message cannot be read without the
-\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fISSL_stateless()\fR call will fail. It is the
+For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the
+\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the
 application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during
-a single \fISSL_stateless()\fR call is all from the same peer.
+a single \fBSSL_stateless()\fR call is all from the same peer.
 .PP
-\&\fISSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than
+\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than
 TLSv1.3 is used.
 .PP
-Both \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR will clear the error queue when they
+Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they
 start.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-For \fISSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object
+For \fBSSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object
 will be set up ready to continue the handshake. A return value of 0 or \-1
 indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value
-of \-1 indicates any other error. User code may retry the \fISSL_stateless()\fR call.
+of \-1 indicates any other error. User code may retry the \fBSSL_stateless()\fR call.
 .PP
-For \fIDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object
+For \fBDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object
 will be set up ready to continue the handshake.  the \fBpeer\fR value will also be
 filled in.
 .PP
@@ -230,24 +234,24 @@ A return value of 0 indicates a non-fatal error. This could (for
 example) be because of non-blocking \s-1IO,\s0 or some invalid message having been
 received from a peer. Errors may be placed on the OpenSSL error queue with
 further information if appropriate. Typically user code is expected to retry the
-call to \fIDTLSv1_listen()\fR in the event of a non-fatal error.
+call to \fBDTLSv1_listen()\fR in the event of a non-fatal error.
 .PP
 A return value of <0 indicates a fatal error. This could (for example) be
 because of a failure to allocate sufficient memory for the operation.
 .PP
-For \fIDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both
+For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both
 produce return codes <= 0 (in typical implementations user code treats all
 errors as non-fatal), whilst return codes >0 indicate success.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3),
-\&\fIssl\fR\|(7), \fIbio\fR\|(7)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3),
+\&\fBssl\fR\|(7), \fBbio\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_stateless()\fR was first added in OpenSSL 1.1.1.
+The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1.
 .PP
-\&\fIDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. The type of \*(L"peer\*(R"
-also changed in OpenSSL 1.1.0.
+The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0.
+The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/ECDSA_SIG_new.3
index f4e44d09f6e8b..a9b8f7aa206b9 100644
--- a/secure/lib/libcrypto/man/ECDSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/ECDSA_SIG_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ECDSA_SIG_NEW 3"
-.TH ECDSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ECDSA_SIG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -173,60 +177,60 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_ne
 .IX Header "DESCRIPTION"
 Note: these functions provide a low level interface to \s-1ECDSA.\s0 Most
 applications should use the higher level \fB\s-1EVP\s0\fR interface such as
-\&\fIEVP_DigestSignInit\fR\|(3) or \fIEVP_DigestVerifyInit\fR\|(3) instead.
+\&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead.
 .PP
 \&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the
 \&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0).
 .PP
-\&\fIECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before
+\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before
 OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised.
 .PP
-\&\fIECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR.
+\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR.
 .PP
-\&\fIECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained
+\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained
 in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively.
 The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value
 is not returned.
 .PP
 The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding
-function \fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR, respectively.
+function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively.
 .PP
-The \fBr\fR and \fBs\fR values can be set by calling \fIECDSA_SIG_set0()\fR and passing the
+The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the
 new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this
 function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object,
 and therefore the values that have been passed in should not be freed directly
 after this function has been called.
 .PP
-\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature \fBsig\fR and
-writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR is \s-1NULL\s0 \fIi2d_ECDSA_SIG()\fR
+\&\fBi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature \fBsig\fR and
+writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR is \s-1NULL\s0 \fBi2d_ECDSA_SIG()\fR
 returns the expected length in bytes of the \s-1DER\s0 encoded signature).
-\&\fIi2d_ECDSA_SIG()\fR returns the length of the \s-1DER\s0 encoded signature (or 0 on
+\&\fBi2d_ECDSA_SIG()\fR returns the length of the \s-1DER\s0 encoded signature (or 0 on
 error).
 .PP
-\&\fId2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns the decoded
+\&\fBd2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns the decoded
 signature in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure. \fB*sig\fR points to the
 buffer containing the \s-1DER\s0 encoded signature of size \fBlen\fR.
 .PP
-\&\fIECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature
+\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature
 created with the private \s-1EC\s0 key \fBeckey\fR.
 .PP
-\&\fIECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value
+\&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value
 \&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is
 stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must
 point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently
-ignored. \fIECDSA_sign()\fR is wrapper function for \fIECDSA_sign_ex()\fR with \fBkinv\fR
+ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR
 and \fBrp\fR set to \s-1NULL.\s0
 .PP
-\&\fIECDSA_do_sign()\fR is similar to \fIECDSA_sign()\fR except the signature is returned
-as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fIECDSA_do_sign()\fR
-is a wrapper function for \fIECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to
+\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned
+as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR
+is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to
 \&\s-1NULL.\s0
 .PP
-\&\fIECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a
+\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a
 valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the
 public key \fBeckey\fR.  The parameter \fBtype\fR is ignored.
 .PP
-\&\fIECDSA_do_verify()\fR is similar to \fIECDSA_verify()\fR except the signature is
+\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is
 presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure.
 .PP
 The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used
@@ -234,39 +238,39 @@ during signature computation. Most applications will never need to call these
 and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if
 either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR.
 .PP
-\&\fIECDSA_sign_setup()\fR may be used to precompute parts of the signing operation.
+\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation.
 \&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure
 (or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be
-used in a later call to \fIECDSA_sign_ex()\fR or \fIECDSA_do_sign_ex()\fR.
+used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR.
 .PP
-\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value
+\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value
 \&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values
 \&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its
 length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey)
 bytes of memory. The parameter \fBtype\fR is ignored.
 .PP
-\&\fIECDSA_do_sign_ex()\fR is similar to \fIECDSA_sign_ex()\fR except the signature is
+\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is
 returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails.
+\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails.
 .PP
-\&\fIECDSA_SIG_set0()\fR returns 1 on success or 0 on failure.
+\&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure.
 .PP
-\&\fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR return the corresponding value,
+\&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value,
 or \s-1NULL\s0 if it is unset.
 .PP
-\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error.
+\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error.
 .PP
-\&\fIECDSA_sign()\fR, \fIECDSA_sign_ex()\fR and \fIECDSA_sign_setup()\fR return 1 if successful
+\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful
 or 0 on error.
 .PP
-\&\fIECDSA_do_sign()\fR and \fIECDSA_do_sign_ex()\fR return a pointer to an allocated
+\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated
 \&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error.
 .PP
-\&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid
+\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid
 signature, 0 for an invalid signature and \-1 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the
@@ -288,7 +292,7 @@ specific)
 .Ve
 .PP
 Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value
-using \fIECDSA_do_sign()\fR:
+using \fBECDSA_do_sign()\fR:
 .PP
 .Vb 3
 \& sig = ECDSA_do_sign(digest, 32, eckey);
@@ -296,7 +300,7 @@ using \fIECDSA_do_sign()\fR:
 \&     /* error */
 .Ve
 .PP
-or using \fIECDSA_sign()\fR:
+or using \fBECDSA_sign()\fR:
 .PP
 .Vb 2
 \& unsigned char *buffer, *pp;
@@ -309,13 +313,13 @@ or using \fIECDSA_sign()\fR:
 \&     /* error */
 .Ve
 .PP
-Third step: verify the created \s-1ECDSA\s0 signature using \fIECDSA_do_verify()\fR:
+Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR:
 .PP
 .Vb 1
 \& ret = ECDSA_do_verify(digest, 32, sig, eckey);
 .Ve
 .PP
-or using \fIECDSA_verify()\fR:
+or using \fBECDSA_verify()\fR:
 .PP
 .Vb 1
 \& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
@@ -337,9 +341,9 @@ and finally evaluate the return value:
 (Digital Signature Standard, \s-1DSS\s0)
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIDSA_new\fR\|(3),
-\&\fIEVP_DigestSignInit\fR\|(3),
-\&\fIEVP_DigestVerifyInit\fR\|(3)
+\&\fBDSA_new\fR\|(3),
+\&\fBEVP_DigestSignInit\fR\|(3),
+\&\fBEVP_DigestVerifyInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ECPKParameters_print.3 b/secure/lib/libcrypto/man/ECPKParameters_print.3
index 9c376ca8a0bbc..c4941ce8e9cb4 100644
--- a/secure/lib/libcrypto/man/ECPKParameters_print.3
+++ b/secure/lib/libcrypto/man/ECPKParameters_print.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ECPKPARAMETERS_PRINT 3"
-.TH ECPKPARAMETERS_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ECPKPARAMETERS_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,18 +153,18 @@ ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and enco
 The ECPKParameters represent the public parameters for an
 \&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve.
 .PP
-The \fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR functions print
+The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print
 a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR
 or \fBfp\fR. The output lines are indented by \fBoff\fR spaces.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR
+\&\fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR
 return 1 for success and 0 if an error occurs.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3),
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
index 26f231246ac37..3d186d3bab702 100644
--- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3
+++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC_GFP_SIMPLE_METHOD 3"
-.TH EC_GFP_SIMPLE_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC_GFP_SIMPLE_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,7 +159,7 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The Elliptic Curve library provides a number of different implementations through a single common interface.
-When constructing a curve using EC_GROUP_new (see \fIEC_GROUP_new\fR\|(3)) an
+When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an
 implementation method must be provided. The functions described here all return a const pointer to an
 \&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation
 type for the form of curve selected is used.
@@ -164,9 +168,9 @@ For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_meth
 .PP
 For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All
 other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the
-use of montgomery multiplication (see \fIBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method
+use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method
 offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through
-EC_GROUP_new_by_curve_name as described in \fIEC_GROUP_new\fR\|(3)).
+EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)).
 .PP
 The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit
 optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these
@@ -183,10 +187,10 @@ All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to
 EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fId2i_ECPKParameters\fR\|(3),
-\&\fIBN_mod_mul_montgomery\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBd2i_ECPKParameters\fR\|(3),
+\&\fBBN_mod_mul_montgomery\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3
index b3f95d40b1c71..07c9469882676 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_copy.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC_GROUP_COPY 3"
-.TH EC_GROUP_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC_GROUP_COPY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -202,7 +206,7 @@ The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided
 with the respective order and cofactors for the \fBgroup\fR.
 .PP
 The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the \s-1NID\s0 for the curve respectively
-(see \fIEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name
+(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name
 will return 0.
 .PP
 The asn1_flag value is used to determine whether the curve encoding uses
@@ -212,7 +216,7 @@ named curve form is used and the parameters must have a corresponding
 named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the
 parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and
 EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve.
-Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was first added to OpenSSL 1.1.0, for
+Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for
 previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL
 1.1.0 the default form was to use explicit parameters (meaning that
 applications would have to explicitly set the named curve form) in OpenSSL
@@ -298,9 +302,9 @@ EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get
 and EC_GROUP_get_degree return the order, cofactor, curve name (\s-1NID\s0), \s-1ASN1\s0 flag, point_conversion_form and degree for the
 specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0.
 .PP
-\&\fIEC_GROUP_get0_order()\fR returns an internal pointer to the group order.
-\&\fIEC_GROUP_get_order_bits()\fR returns the number of bits in the group order.
-\&\fIEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor.
+\&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order.
+\&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order.
+\&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor.
 .PP
 EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not
 specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified.
@@ -314,9 +318,9 @@ EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasi
 trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3
index 45053dff2c9da..5c755b32a3948 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_new.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC_GROUP_NEW 3"
-.TH EC_GROUP_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC_GROUP_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -188,22 +192,22 @@ Operations in a binary field are performed relative to an \fBirreducible polynom
 use a trinomial or a pentanomial for this parameter.
 .PP
 A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by \fBmeth\fR (see
-\&\fIEC_GFp_simple_method\fR\|(3)). It is then necessary to call \fIEC_GROUP_set_curve()\fR to set the curve parameters.
-\&\fIEC_GROUP_new_from_ecparameters()\fR will create a group from the
+\&\fBEC_GFp_simple_method\fR\|(3)). It is then necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters.
+\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the
 specified \fBparams\fR and
-\&\fIEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 \fBparams\fR.
+\&\fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 \fBparams\fR.
 .PP
-\&\fIEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBb\fR
+\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBb\fR
 is the prime for the field. For a curve over F2^m \fBp\fR represents the irreducible polynomial \- each bit
 represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether
 the polynomial is a trinomial or a pentanomial.
 .PP
-\&\fIEC_group_get_curve()\fR obtains the previously set curve parameters.
+\&\fBEC_group_get_curve()\fR obtains the previously set curve parameters.
 .PP
-\&\fIEC_GROUP_set_curve_GFp()\fR and \fIEC_GROUP_set_curve_GF2m()\fR are synonyms for \fIEC_GROUP_set_curve()\fR. They are defined for
+\&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for \fBEC_GROUP_set_curve()\fR. They are defined for
 backwards compatibility only and should not be used.
 .PP
-\&\fIEC_GROUP_get_curve_GFp()\fR and \fIEC_GROUP_get_curve_GF2m()\fR are synonyms for \fIEC_GROUP_get_curve()\fR. They are defined for
+\&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for \fBEC_GROUP_get_curve()\fR. They are defined for
 backwards compatibility only and should not be used.
 .PP
 The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the
@@ -244,9 +248,9 @@ EC_get_builtin_curves returns the number of builtin curves that are available.
 EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
index 31e93dd058e4c..22762ff5f996f 100644
--- a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
+++ b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC_KEY_GET_ENC_FLAGS 3"
-.TH EC_KEY_GET_ENC_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC_KEY_GET_ENC_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,35 +151,35 @@ EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding E
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The format of the external representation of the public key written by
-\&\fIi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is
-described by the point_conversion_form. See \fIEC_GROUP_copy\fR\|(3)
+\&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is
+described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3)
 for a description of point_conversion_form.
 .PP
 When reading a private key encoded without an associated public key (e.g. if
-\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fId2i_ECPrivateKey()\fR generates
+\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates
 the missing public key automatically. Private keys encoded without parameters
 (e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using
-\&\fId2i_ECPrivateKey()\fR.
+\&\fBd2i_ECPrivateKey()\fR.
 .PP
-The functions \fIEC_KEY_get_enc_flags()\fR and \fIEC_KEY_set_enc_flags()\fR get and set the
+The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the
 value of the encoding flags for the \fBkey\fR. There are two encoding flags
 currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0  These flags
 define the behaviour of how the  \fBkey\fR is converted into \s-1ASN1\s0 in a call to
-\&\fIi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for
+\&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for
 the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is
 set then the public key is not encoded along with the private key.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the
+\&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the
 \&\s-1EC_KEY.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3),
-\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3),
-\&\fIEC_POINT_add\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3),
-\&\fId2i_ECPKParameters\fR\|(3),
-\&\fId2i_ECPrivateKey\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3),
+\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3),
+\&\fBEC_POINT_add\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3),
+\&\fBd2i_ECPKParameters\fR\|(3),
+\&\fBd2i_ECPrivateKey\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3
index aa156b2ac6e25..183139d4dfbe4 100644
--- a/secure/lib/libcrypto/man/EC_KEY_new.3
+++ b/secure/lib/libcrypto/man/EC_KEY_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC_KEY_NEW 3"
-.TH EC_KEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC_KEY_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -180,121 +184,121 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_f
 .IX Header "DESCRIPTION"
 An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private
 key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling
-\&\fIEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially
+\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially
 set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling
-\&\fIEC_KEY_set_group()\fR.
+\&\fBEC_KEY_set_group()\fR.
 .PP
 Alternatively a new \s-1EC_KEY\s0 can be constructed by calling
-\&\fIEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See
-\&\fIEC_GROUP_new\fR\|(3) for a description of curve names. This function simply
-wraps calls to \fIEC_KEY_new()\fR and \fIEC_GROUP_new_by_curve_name()\fR.
+\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See
+\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply
+wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR.
 .PP
-Calling \fIEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object,
+Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object,
 and if it has dropped to zero then frees the memory associated with it.  If
 \&\fBkey\fR is \s-1NULL\s0 nothing is done.
 .PP
-\&\fIEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR.
+\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR.
 .PP
-\&\fIEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it.
+\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it.
 .PP
-\&\fIEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0
+\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0
 object.
 .PP
-\&\fIEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for
+\&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for
 this \s-1EC_KEY\s0 object.
 .PP
-\&\fIEC_KEY_generate_key()\fR generates a new public and private key for the supplied
+\&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied
 \&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it
 before calling this function. The private key is a random integer (0 < priv_key
 < order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is
 an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the
 curve by the private key.
 .PP
-\&\fIEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to
+\&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to
 confirm that it is valid.
 .PP
-\&\fIEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based
+\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based
 on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on
 the supplied \fBx\fR and \fBy\fR values and sets the public key to be this
 \&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm
 that it is valid.
 .PP
-The functions \fIEC_KEY_get0_group()\fR, \fIEC_KEY_set_group()\fR,
-\&\fIEC_KEY_get0_private_key()\fR, \fIEC_KEY_set_private_key()\fR, \fIEC_KEY_get0_public_key()\fR,
-and \fIEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key,
+The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR,
+\&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR,
+and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key,
 and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively.
 .PP
-The functions \fIEC_KEY_get_conv_form()\fR and \fIEC_KEY_set_conv_form()\fR get and set the
+The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the
 point_conversion_form for the \fBkey\fR. For a description of
-point_conversion_forms please see \fIEC_POINT_new\fR\|(3).
+point_conversion_forms please see \fBEC_POINT_new\fR\|(3).
 .PP
-\&\fIEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0
+\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0
 object. Any flags that are already set are left set. The flags currently
 defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In
 addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0
-\&\fIEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0
-\&\fIEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all
+\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0
+\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all
 other flags are left in their existing state.
 .PP
-\&\fIEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object
-(if set). Refer to \fIEC_GROUP_copy\fR\|(3) for further information on the
+\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object
+(if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the
 asn1_flag.
 .PP
-\&\fIEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator
-for faster point multiplication. See also \fIEC_POINT_add\fR\|(3).
+\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator
+for faster point multiplication. See also \fBEC_POINT_add\fR\|(3).
 .PP
-\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_key2buf()\fR are identical to the functions
-\&\fIEC_POINT_oct2point()\fR and \fIEC_KEY_point2buf()\fR except they use the public key
+\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions
+\&\fBEC_POINT_oct2point()\fR and \fBEC_KEY_point2buf()\fR except they use the public key
 \&\s-1EC_POINT\s0 in \fBeckey\fR.
 .PP
-\&\fIEC_KEY_oct2priv()\fR and \fIEC_KEY_priv2oct()\fR convert between the private key
+\&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key
 component of \fBeckey\fR and octet form. The octet form consists of the content
 octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure.
 .PP
-The function \fIEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to
+The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to
 store the octet form. The return value provides the number of octets stored.
 Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but
 will just return the required buffer length.
 .PP
-The function \fIEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes
+The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes
 an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR
 and its length is returned. The caller must free up the allocated buffer with a
-call to \fIOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR
+call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR
 the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR.
 .PP
-\&\fIEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer.
+\&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEC_KEY_new()\fR, \fIEC_KEY_new_by_curve_name()\fR and \fIEC_KEY_dup()\fR return a pointer to
+\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to
 the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error.
 .PP
-\&\fIEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an
+\&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an
 integer.
 .PP
-\&\fIEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error.
+\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error.
 .PP
-\&\fIEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set.
+\&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set.
 .PP
-\&\fIEC_KEY_up_ref()\fR, \fIEC_KEY_set_group()\fR, \fIEC_KEY_set_private_key()\fR,
-\&\fIEC_KEY_set_public_key()\fR, \fIEC_KEY_precompute_mult()\fR, \fIEC_KEY_generate_key()\fR,
-\&\fIEC_KEY_check_key()\fR, \fIEC_KEY_set_public_key_affine_coordinates()\fR,
-\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_oct2priv()\fR return 1 on success or 0 on error.
+\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR,
+\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR,
+\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR,
+\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error.
 .PP
-\&\fIEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0
+\&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0
 .PP
-\&\fIEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0
+\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0
 .PP
-\&\fIEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0
+\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0
 .PP
-\&\fIEC_KEY_key2buf()\fR, \fIEC_KEY_priv2oct()\fR and \fIEC_KEY_priv2buf()\fR return the length
+\&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length
 of the buffer or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3),
-\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3),
-\&\fIEC_POINT_add\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3),
-\&\fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3),
+\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3),
+\&\fBEC_POINT_add\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3),
+\&\fBd2i_ECPKParameters\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3
index 251e76d8309c8..9012ac400c0be 100644
--- a/secure/lib/libcrypto/man/EC_POINT_add.3
+++ b/secure/lib/libcrypto/man/EC_POINT_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC_POINT_ADD 3"
-.TH EC_POINT_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC_POINT_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -183,7 +187,7 @@ EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR
 When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order).
 .PP
 The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst
-EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fIEC_GROUP_copy\fR\|(3) for information
+EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information
 about the generator.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -199,9 +203,9 @@ EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on err
 EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_new\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3
index 6f28ac9bef7a9..95da5c728ebb0 100644
--- a/secure/lib/libcrypto/man/EC_POINT_new.3
+++ b/secure/lib/libcrypto/man/EC_POINT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC_POINT_NEW 3"
-.TH EC_POINT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC_POINT_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -205,40 +209,40 @@ EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_P
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is
-constructed by calling the function \fIEC_POINT_new()\fR and providing the
+constructed by calling the function \fBEC_POINT_new()\fR and providing the
 \&\fBgroup\fR object that the point relates to.
 .PP
-\&\fIEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR.
+\&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR.
 if \fBpoint\fR is \s-1NULL\s0 nothing is done.
 .PP
-\&\fIEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and
+\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and
 then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done.
 .PP
-\&\fIEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR
+\&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR
 must use the same \fB\s-1EC_METHOD\s0\fR.
 .PP
-\&\fIEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from
+\&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from
 \&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object.
 .PP
-\&\fIEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR.
+\&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR.
 .PP
 A valid point on a curve is the special point at infinity. A point is set to
-be at infinity by calling \fIEC_POINT_set_to_infinity()\fR.
+be at infinity by calling \fBEC_POINT_set_to_infinity()\fR.
 .PP
 The affine co-ordinates for a point describe a point in terms of its x and y
-position. The function \fIEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR
+position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR
 co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The
-function \fIEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which
+function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which
 may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR.
 .PP
-The functions \fIEC_POINT_set_affine_coordinates_GFp()\fR and
-\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for
-\&\fIEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility
+The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and
+\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for
+\&\fBEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility
 only and should not be used.
 .PP
-The functions \fIEC_POINT_get_affine_coordinates_GFp()\fR and
-\&\fIEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for
-\&\fIEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility
+The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and
+\&\fBEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for
+\&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility
 only and should not be used.
 .PP
 As well as the affine co-ordinates, a point can alternatively be described in
@@ -250,19 +254,19 @@ affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written
 as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
 projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped
 to (x, y, 1). To set or get the projective co-ordinates use
-\&\fIEC_POINT_set_Jprojective_coordinates_GFp()\fR and
-\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively.
+\&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and
+\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively.
 .PP
 Points can also be described in terms of their compressed co-ordinates. For a
 point (x, y), for any given value for x such that the point is on the curve
 there will only ever be two possible values for y. Therefore a point can be set
-using the \fIEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x
+using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x
 co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two
 possible values for y should be used.
 .PP
-The functions \fIEC_POINT_set_compressed_coordinates_GFp()\fR and
-\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for
-\&\fIEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards
+The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and
+\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for
+\&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards
 compatibility only and should not be used.
 .PP
 In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external
@@ -274,57 +278,57 @@ integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the oc
 form converted to a \s-1NULL\s0 terminated character string where each character
 is one of the printable values 0\-9 or A\-F (or a\-f).
 .PP
-The functions \fIEC_POINT_point2oct()\fR, \fIEC_POINT_oct2point()\fR, \fIEC_POINT_point2bn()\fR,
-\&\fIEC_POINT_bn2point()\fR, \fIEC_POINT_point2hex()\fR and \fIEC_POINT_hex2point()\fR convert from
+The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR,
+\&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from
 and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively.
 .PP
-The function \fIEC_POINT_point2oct()\fR must be supplied with a buffer long enough to
+The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to
 store the octet form. The return value provides the number of octets stored.
 Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but
 will still return the required buffer length.
 .PP
-The function \fIEC_POINT_point2buf()\fR allocates a buffer of suitable length and
+The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and
 writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to
 \&\fB*pbuf\fR and its length is returned. The caller must free up the allocated
-buffer with a call to \fIOPENSSL_free()\fR. Since the allocated buffer value is
+buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is
 written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR.
 .PP
-The function \fIEC_POINT_point2hex()\fR will allocate sufficient memory to store the
+The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the
 hexadecimal string. It is the caller's responsibility to free this memory with
-a subsequent call to \fIOPENSSL_free()\fR.
+a subsequent call to \fBOPENSSL_free()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEC_POINT_new()\fR and \fIEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0
+\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0
 on error.
 .PP
-The following functions return 1 on success or 0 on error: \fIEC_POINT_copy()\fR,
-\&\fIEC_POINT_set_to_infinity()\fR, \fIEC_POINT_set_Jprojective_coordinates_GFp()\fR,
-\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR,
-\&\fIEC_POINT_set_affine_coordinates_GFp()\fR, \fIEC_POINT_get_affine_coordinates_GFp()\fR,
-\&\fIEC_POINT_set_compressed_coordinates_GFp()\fR,
-\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR, \fIEC_POINT_get_affine_coordinates_GF2m()\fR,
-\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR and \fIEC_POINT_oct2point()\fR.
+The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR,
+\&\fBEC_POINT_set_to_infinity()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR,
+\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR,
+\&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR,
+\&\fBEC_POINT_set_compressed_coordinates_GFp()\fR,
+\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR,
+\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR.
 .PP
 EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0
 .PP
-\&\fIEC_POINT_point2oct()\fR and \fIEC_POINT_point2buf()\fR return the length of the required
+\&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required
 buffer or 0 on error.
 .PP
-\&\fIEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on
+\&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on
 error.
 .PP
-\&\fIEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on
+\&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on
 error.
 .PP
-\&\fIEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error.
+\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error.
 .PP
-\&\fIEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on
+\&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on
 error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3),
-\&\fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3),
-\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3)
+\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3),
+\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
+\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ENGINE_add.3 b/secure/lib/libcrypto/man/ENGINE_add.3
index c4bc47d90c99c..13eebdee6fd63 100644
--- a/secure/lib/libcrypto/man/ENGINE_add.3
+++ b/secure/lib/libcrypto/man/ENGINE_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ENGINE_ADD 3"
-.TH ENGINE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ENGINE_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -312,11 +316,11 @@ ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structur
 reference is sufficient if you only need to query or manipulate the data of
 an \s-1ENGINE\s0 implementation rather than use its functionality.
 .PP
-The \fIENGINE_new()\fR function returns a structural reference to a new (empty)
+The \fBENGINE_new()\fR function returns a structural reference to a new (empty)
 \&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural
-references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR,
-\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be
-released by a corresponding to call to the \fIENGINE_free()\fR function \- the
+references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR,
+\&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be
+released by a corresponding to call to the \fBENGINE_free()\fR function \- the
 \&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when
 the last structural reference is released.
 .PP
@@ -324,13 +328,13 @@ It should also be noted that many \s-1ENGINE API\s0 function calls that accept a
 structural reference will internally obtain another reference \- typically
 this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after
 the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to
-OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success,
+OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success,
 then OpenSSL will have stored a new structural reference internally so the
 caller is still responsible for freeing their own reference with
-\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some
+\&\fBENGINE_free()\fR when they are finished with it. In a similar way, some
 functions will automatically release the structural reference passed to it
-if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and
-\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal
+if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and
+\&\fBENGINE_get_prev()\fR functions are used for iterating across the internal
 \&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or
 previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the
 list, but in either case the structural reference passed to the function is
@@ -349,17 +353,17 @@ reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default
 operational \s-1ENGINE\s0 for a given cryptographic purpose.
 .PP
 To obtain a functional reference from an existing structural reference,
-call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not
+call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not
 already operational and couldn't be successfully initialised (eg. lack of
 system drivers, no special hardware attached, etc), otherwise it will
 return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will
 have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional
-references are released by calling \fIENGINE_finish()\fR (which removes the
+references are released by calling \fBENGINE_finish()\fR (which removes the
 implicit structural reference as well).
 .PP
 The second way to get a functional reference is by asking OpenSSL for a
-default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR,
-\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next
+default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR,
+\&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next
 section, though they are not usually required by application programmers as
 they are used automatically when creating and using the relevant
 algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc.
@@ -394,10 +398,10 @@ needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0
 response if no \s-1ENGINE\s0 was available so that future queries won't repeat the
 same iteration unless the state table changes. This behaviour can also be
 changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using
-\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place,
+\&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place,
 instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the
 \&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg.
-\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except
+\&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except
 that it also sets the state table's cached response for the \*(L"get_default\*(R"
 query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are
 indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
@@ -434,7 +438,7 @@ source code to openssl's builtin utilities as guides.
 If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL
 will not allocate any internal resources.  Prior to OpenSSL 1.1.0, however,
 if any ENGINEs are loaded, even if not registered or used, it was necessary to
-call \fIENGINE_cleanup()\fR before the program exits.
+call \fBENGINE_cleanup()\fR before the program exits.
 .PP
 \&\fIUsing a specific \s-1ENGINE\s0 implementation\fR
 .PP
@@ -488,7 +492,7 @@ it should be used. The following code illustrates how this can work;
 .PP
 That's all that's required. Eg. the next time OpenSSL tries to set up an
 \&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to
-\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the
+\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the
 default for \s-1RSA\s0 use from then on.
 .SS "Advanced configuration support"
 .IX Subsection "Advanced configuration support"
@@ -517,9 +521,9 @@ driver or config files it needs to load, required network addresses,
 smart-card identifiers, passwords to initialise protected devices,
 logging information, etc etc. This class of commands typically needs to be
 passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before
-calling \fIENGINE_init()\fR. The other class of commands consist of settings or
+calling \fBENGINE_init()\fR. The other class of commands consist of settings or
 operations that tweak certain behaviour or cause certain operations to take
-place, and these commands may work either before or after \fIENGINE_init()\fR, or
+place, and these commands may work either before or after \fBENGINE_init()\fR, or
 in some cases both. \s-1ENGINE\s0 implementations should provide indications of
 this in the descriptions attached to builtin control commands and/or in
 external product documentation.
@@ -577,7 +581,7 @@ boolean success or failure.
 \& }
 .Ve
 .PP
-Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can
+Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can
 relax the semantics of the function \- if set non-zero it will only return
 failure if the \s-1ENGINE\s0 supported the given command name but failed while
 executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply
@@ -591,7 +595,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions
 and input parameters of the control commands supported by an \s-1ENGINE\s0 using a
 structural reference. Note that some control commands are defined by OpenSSL
 itself and it will intercept and handle these control commands on behalf of the
-\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command.
+\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command.
 openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands
 implemented by ENGINEs should be numbered from. Any command value lower than
 this symbol is considered a \*(L"generic\*(R" command is handled directly by the
@@ -615,10 +619,10 @@ commands implemented by a given \s-1ENGINE,\s0 specifically the commands:
 Whilst these commands are automatically processed by the OpenSSL framework code,
 they use various properties exposed by each \s-1ENGINE\s0 to process these
 queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves;
-it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in
+it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in
 the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions.
 If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will
-simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR
+simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR
 handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to
 reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the
 OpenSSL framework code will work with the following rules:
@@ -657,10 +661,10 @@ possible values:
 .PP
 If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely
 informational to the caller \- this flag will prevent the command being usable
-for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR.
+for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR.
 \&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration
 by applications, administrations, users, etc. These can support arbitrary
-operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control
+operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control
 commands data of any arbitrary type. These commands are supported in the
 discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0
 supports certain specific commands it might want to use (eg. application \*(L"foo\*(R"
@@ -675,83 +679,83 @@ The path to the engines directory.
 Ignored in set-user-ID and set-group-ID programs.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR and \fIENGINE_get_prev()\fR
+\&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR
 return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIENGINE_add()\fR and \fIENGINE_remove()\fR return 1 on success or 0 on error.
+\&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error.
 .PP
-\&\fIENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred.
+\&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIENGINE_init()\fR and \fIENGINE_finish()\fR return 1 on success or 0 on error.
+\&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error.
 .PP
-All \fIENGINE_get_default_TYPE()\fR functions, \fIENGINE_get_cipher_engine()\fR and
-\&\fIENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0
+All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and
+\&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0
 if an error occurred.
 .PP
-All \fIENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error.
+All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error.
 .PP
-\&\fIENGINE_set_default()\fR returns 1 on success or 0 on error.
+\&\fBENGINE_set_default()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIENGINE_get_table_flags()\fR returns an unsigned integer value representing the
+\&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the
 global table flags which are used to control the registration behaviour of
 \&\fB\s-1ENGINE\s0\fR implementations.
 .PP
-All \fIENGINE_register_TYPE()\fR functions return 1 on success or 0 on error.
+All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error.
 .PP
-\&\fIENGINE_register_complete()\fR and \fIENGINE_register_all_complete()\fR return 1 on success
+\&\fBENGINE_register_complete()\fR and \fBENGINE_register_all_complete()\fR return 1 on success
 or 0 on error.
 .PP
-\&\fIENGINE_ctrl()\fR returns a positive value on success or others on error.
+\&\fBENGINE_ctrl()\fR returns a positive value on success or others on error.
 .PP
-\&\fIENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise.
+\&\fBENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise.
 .PP
-\&\fIENGINE_ctrl_cmd()\fR and \fIENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error.
+\&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error.
 .PP
-\&\fIENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error
+\&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error
 occurred.
 .PP
-\&\fIENGINE_free()\fR returns 1 on success or 0 on error.
+\&\fBENGINE_free()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIENGINE_up_ref()\fR returns 1 on success or 0 on error.
+\&\fBENGINE_up_ref()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIENGINE_set_id()\fR and \fIENGINE_set_name()\fR return 1 on success or 0 on error.
+\&\fBENGINE_set_id()\fR and \fBENGINE_set_name()\fR return 1 on success or 0 on error.
 .PP
 All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error.
 .PP
-\&\fIENGINE_get_id()\fR and \fIENGINE_get_name()\fR return a string representing the identifier
+\&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier
 and the name of the \s-1ENGINE\s0 \fBe\fR respectively.
 .PP
-\&\fIENGINE_get_RSA()\fR, \fIENGINE_get_DSA()\fR, \fIENGINE_get_DH()\fR and \fIENGINE_get_RAND()\fR
+\&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR
 return corresponding method structures for each algorithms.
 .PP
-\&\fIENGINE_get_destroy_function()\fR, \fIENGINE_get_init_function()\fR,
-\&\fIENGINE_get_finish_function()\fR, \fIENGINE_get_ctrl_function()\fR,
-\&\fIENGINE_get_load_privkey_function()\fR, \fIENGINE_get_load_pubkey_function()\fR,
-\&\fIENGINE_get_ciphers()\fR and \fIENGINE_get_digests()\fR return corresponding function
+\&\fBENGINE_get_destroy_function()\fR, \fBENGINE_get_init_function()\fR,
+\&\fBENGINE_get_finish_function()\fR, \fBENGINE_get_ctrl_function()\fR,
+\&\fBENGINE_get_load_privkey_function()\fR, \fBENGINE_get_load_pubkey_function()\fR,
+\&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function
 pointers of the callbacks.
 .PP
-\&\fIENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0
+\&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0
 if an error occurred.
 .PP
-\&\fIENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an
+\&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an
 error occurred.
 .PP
-\&\fIENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are
+\&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are
 used to control various behaviours of an \s-1ENGINE.\s0
 .PP
-\&\fIENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's
+\&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's
 not set.
 .PP
-\&\fIENGINE_load_private_key()\fR and \fIENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR
+\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR
 structure on success or \s-1NULL\s0 if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIOPENSSL_init_crypto\fR\|(3), \fIRSA_new_method\fR\|(3), \fIDSA_new\fR\|(3), \fIDH_new\fR\|(3),
-\&\fIRAND_bytes\fR\|(3), \fIconfig\fR\|(5)
+\&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3),
+\&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup
-done by \fIOPENSSL_cleanup()\fR
+\&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup
+done by \fBOPENSSL_cleanup()\fR
 and should not be used.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index 46248538cff5f..ec0c060f319b9 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_GET_LIB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,11 +155,11 @@ ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The error code returned by \fIERR_get_error()\fR consists of a library
-number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR
-and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these.
+The error code returned by \fBERR_get_error()\fR consists of a library
+number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR
+and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these.
 .PP
-\&\s-1\fIERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error.
+\&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error.
 .PP
 The library number and function code describe where the error
 occurred, the reason code is the information about what went wrong.
@@ -169,7 +173,7 @@ reasons.
 unique. However, when checking for sub-library specific reason codes,
 be sure to also compare the library number.
 .PP
-\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR, \s-1\fIERR_GET_REASON\s0()\fR, and \s-1\fIERR_FATAL_ERROR\s0()\fR
+\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR
  are macros.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -177,10 +181,10 @@ The library number, function code, reason code, and whether the error
 is fatal, respectively.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in
+\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in
 all versions of OpenSSL.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index a3b82dbe9b4bc..6a5fea6d308d8 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_CLEAR_ERROR 3"
-.TH ERR_CLEAR_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_CLEAR_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,13 +149,13 @@ ERR_clear_error \- clear the error queue
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_clear_error()\fR empties the current thread's error queue.
+\&\fBERR_clear_error()\fR empties the current thread's error queue.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_clear_error()\fR has no return value.
+\&\fBERR_clear_error()\fR has no return value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index 10c6e61d52840..b5f6c65316985 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_ERROR_STRING 3"
-.TH ERR_ERROR_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_ERROR_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,17 +154,17 @@ ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_strin
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_error_string()\fR generates a human-readable string representing the
+\&\fBERR_error_string()\fR generates a human-readable string representing the
 error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256
 bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a
 static buffer.
 Note that this function is not thread-safe and does no checks on the size
-of the buffer; use \fIERR_error_string_n()\fR instead.
+of the buffer; use \fBERR_error_string_n()\fR instead.
 .PP
-\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes
+\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes
 at most \fIlen\fR characters (including the terminating 0)
 and truncates the string if necessary.
-For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR.
+For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR.
 .PP
 The string will have the following format:
 .PP
@@ -171,27 +175,27 @@ The string will have the following format:
 \&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR,
 \&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text.
 .PP
-\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and
-\&\fIERR_reason_error_string()\fR return the library name, function
+\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and
+\&\fBERR_reason_error_string()\fR return the library name, function
 name and reason string respectively.
 .PP
 If there is no text string registered for the given error code,
 the error string will contain the numeric code.
 .PP
-\&\fIERR_print_errors\fR\|(3) can be used to print
+\&\fBERR_print_errors\fR\|(3) can be used to print
 all error codes currently in the queue.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the
+\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the
 string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise.
 .PP
-\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and
-\&\fIERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if
+\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and
+\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if
 none is registered for the error code.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fIERR_print_errors\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBERR_print_errors\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index 83b8fd9c381c8..55334855d008b 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_GET_ERROR 3"
-.TH ERR_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_GET_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -158,42 +162,42 @@ ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_get_error()\fR returns the earliest error code from the thread's error
+\&\fBERR_get_error()\fR returns the earliest error code from the thread's error
 queue and removes the entry. This function can be called repeatedly
 until there are no more error codes to return.
 .PP
-\&\fIERR_peek_error()\fR returns the earliest error code from the thread's
+\&\fBERR_peek_error()\fR returns the earliest error code from the thread's
 error queue without modifying it.
 .PP
-\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's
+\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's
 error queue without modifying it.
 .PP
-See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining information about
+See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about
 location and reason of the error, and
-\&\fIERR_error_string\fR\|(3) for human-readable error
+\&\fBERR_error_string\fR\|(3) for human-readable error
 messages.
 .PP
-\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and
-\&\fIERR_peek_last_error_line()\fR are the same as the above, but they
+\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and
+\&\fBERR_peek_last_error_line()\fR are the same as the above, but they
 additionally store the file name and line number where
 the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR.
 .PP
-\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and
-\&\fIERR_peek_last_error_line_data()\fR store additional data and flags
+\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and
+\&\fBERR_peek_last_error_line_data()\fR store additional data and flags
 associated with the error code in *\fBdata\fR
 and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string
 if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true.
 .PP
 An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers
-returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled
+returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled
 automatically by the error library.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The error code, or 0 if there is no error in the queue.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_error_string\fR\|(3),
-\&\s-1\fIERR_GET_LIB\s0\fR\|(3)
+\&\fBERR_error_string\fR\|(3),
+\&\s-1\fBERR_GET_LIB\s0\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index c3ead8f6345d6..4b8aed0154c57 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_LOAD_CRYPTO_STRINGS 3"
-.TH ERR_LOAD_CRYPTO_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_LOAD_CRYPTO_STRINGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,24 +160,24 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_load_crypto_strings()\fR registers the error strings for all
-\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same,
+\&\fBERR_load_crypto_strings()\fR registers the error strings for all
+\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same,
 but also registers the \fBlibssl\fR error strings.
 .PP
 In versions prior to OpenSSL 1.1.0,
-\&\fIERR_free_strings()\fR releases any resources created by the above functions.
+\&\fBERR_free_strings()\fR releases any resources created by the above functions.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and
-\&\fIERR_free_strings()\fR return no values.
+\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and
+\&\fBERR_free_strings()\fR return no values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_error_string\fR\|(3)
+\&\fBERR_error_string\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR, and
-\&\fIERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by
-\&\fIOPENSSL_init_crypto()\fR and \fIOPENSSL_init_ssl()\fR and should not be used.
+The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and
+\&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by
+\&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 9fbf91857c9cc..883aedf12ac06 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_LOAD_STRINGS 3"
-.TH ERR_LOAD_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_LOAD_STRINGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,7 +153,7 @@ ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error s
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR.
+\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR.
 .PP
 \&\fBstr\fR is an array of error string data:
 .PP
@@ -163,20 +167,20 @@ ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error s
 .PP
 The error code is generated from the library number and a function and
 reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR).
-\&\s-1\fIERR_PACK\s0()\fR is a macro.
+\&\s-1\fBERR_PACK\s0()\fR is a macro.
 .PP
 The last entry in the array is {0,0}.
 .PP
-\&\fIERR_get_next_error_library()\fR can be used to assign library numbers
+\&\fBERR_get_next_error_library()\fR can be used to assign library numbers
 to user libraries at runtime.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_load_strings()\fR returns no value. \s-1\fIERR_PACK\s0()\fR return the error code.
-\&\fIERR_get_next_error_library()\fR returns zero on failure, otherwise a new
+\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code.
+\&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new
 library number.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_load_strings\fR\|(3)
+\&\fBERR_load_strings\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index a8b8bc4cb7ad7..a90bcf02e283d 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_PRINT_ERRORS 3"
-.TH ERR_PRINT_ERRORS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_PRINT_ERRORS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,14 +151,14 @@ ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error mess
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_print_errors()\fR is a convenience function that prints the error
+\&\fBERR_print_errors()\fR is a convenience function that prints the error
 strings for all errors that OpenSSL has recorded to \fBbp\fR, thus
 emptying the error queue.
 .PP
-\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a
+\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a
 \&\fB\s-1FILE\s0\fR.
 .PP
-\&\fIERR_print_errors_cb()\fR is the same, except that the callback function,
+\&\fBERR_print_errors_cb()\fR is the same, except that the callback function,
 \&\fBcb\fR, is called for each error line with the string, length, and userdata
 \&\fBu\fR as the callback parameters.
 .PP
@@ -172,11 +176,11 @@ If there is no text string registered for the given error code,
 the error string will contain the numeric code.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values.
+\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_error_string\fR\|(3),
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_error_string\fR\|(3),
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index 4e5c5aac2c9b7..7edf07b5243c7 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_PUT_ERROR 3"
-.TH ERR_PUT_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_PUT_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,25 +152,25 @@ ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It
+\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It
 signals that the error of reason code \fBreason\fR occurred in function
 \&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR.
 This function is usually called by a macro.
 .PP
-\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string
+\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string
 arguments with the error code added last.
-\&\fIERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR.
+\&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR.
 .PP
-\&\fIERR_load_strings\fR\|(3) can be used to register
+\&\fBERR_load_strings\fR\|(3) can be used to register
 error strings so that the application can a generate human-readable
 error messages for the error code.
 .SS "Reporting errors"
 .IX Subsection "Reporting errors"
-Each sub-library has a specific macro \fIXXXerr()\fR that is used to report
+Each sub-library has a specific macro \fBXXXerr()\fR that is used to report
 errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second
 argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived
 from the function names; reason codes consist of textual error
-descriptions. For example, the function \fIssl3_read_bytes()\fR reports a
+descriptions. For example, the function \fBssl3_read_bytes()\fR reports a
 \&\*(L"handshake failure\*(R" as follows:
 .PP
 .Vb 1
@@ -185,14 +189,14 @@ into lower case and underscores changed to spaces.
 Although a library will normally report errors using its own specific
 XXXerr macro, another library's macro can be used. This is normally
 only done when a library wants to include \s-1ASN1\s0 code which must use
-the \fIASN1err()\fR macro.
+the \fBASN1err()\fR macro.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_put_error()\fR and \fIERR_add_error_data()\fR return
+\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return
 no values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_load_strings\fR\|(3)
+\&\fBERR_load_strings\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index ee335a31dcf08..2fa7aff024293 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_REMOVE_STATE 3"
-.TH ERR_REMOVE_STATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_REMOVE_STATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,20 +155,20 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_remove_state()\fR frees the error queue associated with the specified
+\&\fBERR_remove_state()\fR frees the error queue associated with the specified
 thread, identified by \fBtid\fR.
-\&\fIERR_remove_thread_state()\fR does the same thing, except the identifier is
+\&\fBERR_remove_thread_state()\fR does the same thing, except the identifier is
 an opaque pointer.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_remove_state()\fR and \fIERR_remove_thread_state()\fR return no value.
+\&\fBERR_remove_state()\fR and \fBERR_remove_thread_state()\fR return no value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-L\fIOPENSSL_init_crypto\fR\|(3)
+L\fBOPENSSL_init_crypto\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and
-\&\fIERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions
+\&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and
+\&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions
 and should not be used.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
index f9ff981ae7f44..616042dc2a639 100644
--- a/secure/lib/libcrypto/man/ERR_set_mark.3
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_SET_MARK 3"
-.TH ERR_SET_MARK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERR_SET_MARK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,16 +151,16 @@ ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there
+\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there
 is one.
 .PP
-\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found.
+\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found.
 The mark is then removed.  If there is no mark, the whole stack is removed.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1.
+\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1.
 .PP
-\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which
+\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which
 implies that the stack became empty, otherwise 1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
index 8fd3b341dc9d2..0099102e9edad 100644
--- a/secure/lib/libcrypto/man/EVP_BytesToKey.3
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_BYTESTOKEY 3"
-.TH EVP_BYTESTOKEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_BYTESTOKEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,7 +152,7 @@ EVP_BytesToKey \- password based encryption routine
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
+\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
 the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use.
 The \fBsalt\fR parameter is used as a salt in the derivation: it should point to
 an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing
@@ -187,15 +191,15 @@ The initial bytes are used for the key and the subsequent bytes for
 the \s-1IV.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If \fBdata\fR is \s-1NULL,\s0 then \fIEVP_BytesToKey()\fR returns the number of bytes
+If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes
 needed to store the derived key.
-Otherwise, \fIEVP_BytesToKey()\fR returns the size of the derived key in bytes,
+Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes,
 or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3),
-\&\s-1\fIPKCS5_PBKDF2_HMAC\s0\fR\|(3),
-\&\fIEVP_EncryptInit\fR\|(3)
+\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3),
+\&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3),
+\&\fBEVP_EncryptInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
index 9088cb4891047..d63c2d6c67a40 100644
--- a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
+++ b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3"
-.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,27 +150,27 @@ EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to in
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher
+The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher
 data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the
 particular implementation of the cipher. For example this data can be used by
 engines to store engine specific information. The data is automatically
 allocated and freed by OpenSSL, so applications and engines should not normally
 free this directly (but see below).
 .PP
-The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to
+The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to
 replace the cipher data with new data. A pointer to any existing cipher data is
 returned from this function. If the old data is no longer required then it
-should be freed through a call to \fIOPENSSL_free()\fR.
+should be freed through a call to \fBOPENSSL_free()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current
+The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current
 cipher data for the \s-1EVP_CIPHER_CTX.\s0
 .PP
-The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old
+The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old
 cipher data for the \s-1EVP_CIPHER_CTX.\s0
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIEVP_CIPHER_CTX_get_cipher_data()\fR and \fIEVP_CIPHER_CTX_set_cipher_data()\fR
+The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR
 functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
index 6f31f3f3174a1..009c634d31863 100644
--- a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_CIPHER_METH_NEW 3"
-.TH EVP_CIPHER_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_CIPHER_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -192,16 +196,16 @@ EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_
 The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method
 implementation.
 .PP
-\&\fIEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure.
+\&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure.
 .PP
-\&\fIEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR.
+\&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR.
 .PP
-\&\fIEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure.
+\&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure.
 .PP
-\&\fIEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0
+\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0
 This is only needed when the implemented cipher mode requires it.
 .PP
-\&\fIEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional
+\&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional
 behaviours in the particular \fBcipher\fR.
 With the exception of cipher modes, of which only one may be present,
 several flags can be or'd together.
@@ -218,18 +222,18 @@ Storing and initialising the \s-1IV\s0 is left entirely to the
 implementation.
 .IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4
 .IX Item "EVP_CIPH_ALWAYS_CALL_INIT"
-Set this if the implementation's \fIinit()\fR function should be called even
+Set this if the implementation's \fBinit()\fR function should be called even
 if \fBkey\fR is \fB\s-1NULL\s0\fR.
 .IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4
 .IX Item "EVP_CIPH_CTRL_INIT"
-Set this to have the implementation's \fIctrl()\fR function called with
+Set this to have the implementation's \fBctrl()\fR function called with
 command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup.
 .IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4
 .IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH"
 Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR
 is left to the implementation.
-Whenever someone uses \fIEVP_CIPHER_CTX_set_key_length()\fR on a
-\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fIctrl()\fR function
+Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a
+\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function
 will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and
 the key length in \fBarg\fR.
 .IP "\s-1EVP_CIPH_NO_PADDING\s0" 4
@@ -238,19 +242,19 @@ Don't use standard block padding.
 .IP "\s-1EVP_CIPH_RAND_KEY\s0" 4
 .IX Item "EVP_CIPH_RAND_KEY"
 Making a key with random content is left to the implementation.
-This is done by calling the implementation's \fIctrl()\fR function with the
+This is done by calling the implementation's \fBctrl()\fR function with the
 control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory
 storage in \fBptr\fR.
 .IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4
 .IX Item "EVP_CIPH_CUSTOM_COPY"
-Set this to have the implementation's \fIctrl()\fR function called with
-command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fIEVP_CIPHER_CTX_copy()\fR.
+Set this to have the implementation's \fBctrl()\fR function called with
+command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR.
 The intended use is for further things to deal with after the
 implementation specific data block has been copied.
 The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the
 \&\fBptr\fR parameter.
 The implementation specific data block is reached with
-\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR.
+\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR.
 .IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4
 .IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1"
 Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0
@@ -273,52 +277,52 @@ This indicates that this is an \s-1AEAD\s0 cipher implementation.
 Allow interleaving of crypto blocks, a particular optimization only applicable
 to certain \s-1TLS\s0 ciphers.
 .PP
-\&\fIEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's
+\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's
 implementation context so that it can be automatically allocated.
 .PP
-\&\fIEVP_CIPHER_meth_set_init()\fR sets the cipher init function for
+\&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for
 \&\fBcipher\fR.
-The cipher init function is called by \fIEVP_CipherInit()\fR,
-\&\fIEVP_CipherInit_ex()\fR, \fIEVP_EncryptInit()\fR, \fIEVP_EncryptInit_ex()\fR,
-\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptInit_ex()\fR.
+The cipher init function is called by \fBEVP_CipherInit()\fR,
+\&\fBEVP_CipherInit_ex()\fR, \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR,
+\&\fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR.
 .PP
-\&\fIEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for
+\&\fBEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for
 \&\fBcipher\fR.
-The cipher function is called by \fIEVP_CipherUpdate()\fR,
-\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherFinal()\fR,
-\&\fIEVP_EncryptFinal()\fR, \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal()\fR and
-\&\fIEVP_DecryptFinal_ex()\fR.
+The cipher function is called by \fBEVP_CipherUpdate()\fR,
+\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR, \fBEVP_CipherFinal()\fR,
+\&\fBEVP_EncryptFinal()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal()\fR and
+\&\fBEVP_DecryptFinal_ex()\fR.
 .PP
-\&\fIEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do
+\&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do
 extra cleanup before the method's private data structure is cleaned
 out and freed.
 Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the
 private data structure is then available with
-\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR.
-This cleanup function is called by \fIEVP_CIPHER_CTX_reset()\fR and
-\&\fIEVP_CIPHER_CTX_free()\fR.
+\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR.
+This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and
+\&\fBEVP_CIPHER_CTX_free()\fR.
 .PP
-\&\fIEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR
+\&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR
 to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher.
-This function is called by \fIEVP_CIPHER_param_to_asn1()\fR.
-\&\fIEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR
+This function is called by \fBEVP_CIPHER_param_to_asn1()\fR.
+\&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR
 that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier
 \&\*(L"parameter\*(R".
 Both these functions are needed when there is a need for custom data
 (more or other than the cipher \s-1IV\s0).
-They are called by \fIEVP_CIPHER_param_to_asn1()\fR and
-\&\fIEVP_CIPHER_asn1_to_param()\fR respectively if defined.
+They are called by \fBEVP_CIPHER_param_to_asn1()\fR and
+\&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined.
 .PP
-\&\fIEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR.
+\&\fBEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR.
 .PP
-\&\fIEVP_CIPHER_meth_get_init()\fR, \fIEVP_CIPHER_meth_get_do_cipher()\fR,
-\&\fIEVP_CIPHER_meth_get_cleanup()\fR, \fIEVP_CIPHER_meth_get_set_asn1_params()\fR,
-\&\fIEVP_CIPHER_meth_get_get_asn1_params()\fR and \fIEVP_CIPHER_meth_get_ctrl()\fR
+\&\fBEVP_CIPHER_meth_get_init()\fR, \fBEVP_CIPHER_meth_get_do_cipher()\fR,
+\&\fBEVP_CIPHER_meth_get_cleanup()\fR, \fBEVP_CIPHER_meth_get_set_asn1_params()\fR,
+\&\fBEVP_CIPHER_meth_get_get_asn1_params()\fR and \fBEVP_CIPHER_meth_get_ctrl()\fR
 are all used to retrieve the method data given with the
 EVP_CIPHER_meth_set_*() functions above.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_CIPHER_meth_new()\fR and \fIEVP_CIPHER_meth_dup()\fR return a pointer to a
+\&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a
 newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure.
 All EVP_CIPHER_meth_set_*() functions return 1.
 All EVP_CIPHER_meth_get_*() functions return pointers to their
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index 5f59cda8f4162..380757a93d6c3 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_DIGESTINIT 3"
-.TH EVP_DIGESTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_DIGESTINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -184,116 +188,116 @@ EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, EVP_MD_CT
 .IX Header "DESCRIPTION"
 The \s-1EVP\s0 digest routines are a high level interface to message digests,
 and should be used instead of the cipher-specific functions.
-.IP "\fIEVP_MD_CTX_new()\fR" 4
+.IP "\fBEVP_MD_CTX_new()\fR" 4
 .IX Item "EVP_MD_CTX_new()"
 Allocates and returns a digest context.
-.IP "\fIEVP_MD_CTX_reset()\fR" 4
+.IP "\fBEVP_MD_CTX_reset()\fR" 4
 .IX Item "EVP_MD_CTX_reset()"
 Resets the digest context \fBctx\fR.  This can be used to reuse an already
 existing context.
-.IP "\fIEVP_MD_CTX_free()\fR" 4
+.IP "\fBEVP_MD_CTX_free()\fR" 4
 .IX Item "EVP_MD_CTX_free()"
 Cleans up digest context \fBctx\fR and frees up the space allocated to it.
-.IP "\fIEVP_MD_CTX_ctrl()\fR" 4
+.IP "\fBEVP_MD_CTX_ctrl()\fR" 4
 .IX Item "EVP_MD_CTX_ctrl()"
 Performs digest-specific control actions on context \fBctx\fR.
-.IP "\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR, \fIEVP_MD_CTX_test_flags()\fR" 4
+.IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4
 .IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()"
 Sets, clears and tests \fBctx\fR flags.  See \*(L"\s-1FLAGS\*(R"\s0 below for more information.
-.IP "\fIEVP_DigestInit_ex()\fR" 4
+.IP "\fBEVP_DigestInit_ex()\fR" 4
 .IX Item "EVP_DigestInit_ex()"
 Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR.
-\&\fBtype\fR will typically be supplied by a function such as \fIEVP_sha1()\fR.  If
+\&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR.  If
 \&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.
-.IP "\fIEVP_DigestUpdate()\fR" 4
+.IP "\fBEVP_DigestUpdate()\fR" 4
 .IX Item "EVP_DigestUpdate()"
 Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This
 function can be called several times on the same \fBctx\fR to hash additional
 data.
-.IP "\fIEVP_DigestFinal_ex()\fR" 4
+.IP "\fBEVP_DigestFinal_ex()\fR" 4
 .IX Item "EVP_DigestFinal_ex()"
 Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR
 parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the
 length of the digest) will be written to the integer at \fBs\fR, at most
-\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written.  After calling \fIEVP_DigestFinal_ex()\fR
-no additional calls to \fIEVP_DigestUpdate()\fR can be made, but
-\&\fIEVP_DigestInit_ex()\fR can be called to initialize a new digest operation.
-.IP "\fIEVP_DigestFinalXOF()\fR" 4
+\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written.  After calling \fBEVP_DigestFinal_ex()\fR
+no additional calls to \fBEVP_DigestUpdate()\fR can be made, but
+\&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation.
+.IP "\fBEVP_DigestFinalXOF()\fR" 4
 .IX Item "EVP_DigestFinalXOF()"
 Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0
 It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized <B>md.
-After calling this function no additional calls to \fIEVP_DigestUpdate()\fR can be
-made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new operation.
-.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4
+After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be
+made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation.
+.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4
 .IX Item "EVP_MD_CTX_copy_ex()"
 Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is
 useful if large amounts of data are to be hashed which only differ in the last
 few bytes.
-.IP "\fIEVP_DigestInit()\fR" 4
+.IP "\fBEVP_DigestInit()\fR" 4
 .IX Item "EVP_DigestInit()"
-Behaves in the same way as \fIEVP_DigestInit_ex()\fR except it always uses the
+Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the
 default digest implementation.
-.IP "\fIEVP_DigestFinal()\fR" 4
+.IP "\fBEVP_DigestFinal()\fR" 4
 .IX Item "EVP_DigestFinal()"
-Similar to \fIEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is
+Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is
 automatically cleaned up.
-.IP "\fIEVP_MD_CTX_copy()\fR" 4
+.IP "\fBEVP_MD_CTX_copy()\fR" 4
 .IX Item "EVP_MD_CTX_copy()"
-Similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to
+Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to
 be initialized.
-.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_CTX_size()\fR" 4
+.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4
 .IX Item "EVP_MD_size(), EVP_MD_CTX_size()"
 Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an
 \&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash.
-.IP "\fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4
+.IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4
 .IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()"
 Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an
 \&\fB\s-1EVP_MD_CTX\s0\fR structure.
-.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_CTX_type()\fR" 4
+.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4
 .IX Item "EVP_MD_type(), EVP_MD_CTX_type()"
 Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest
 when passed an \fB\s-1EVP_MD\s0\fR structure.  For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR
 returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs.
-.IP "\fIEVP_MD_CTX_md_data()\fR" 4
+.IP "\fBEVP_MD_CTX_md_data()\fR" 4
 .IX Item "EVP_MD_CTX_md_data()"
 Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR.
 The space is allocated by OpenSSL and has the size originally set with
-\&\fIEVP_MD_meth_set_app_datasize()\fR.
-.IP "\fIEVP_MD_CTX_md()\fR" 4
+\&\fBEVP_MD_meth_set_app_datasize()\fR.
+.IP "\fBEVP_MD_CTX_md()\fR" 4
 .IX Item "EVP_MD_CTX_md()"
 Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR.
-.IP "\fIEVP_MD_pkey_type()\fR" 4
+.IP "\fBEVP_MD_pkey_type()\fR" 4
 .IX Item "EVP_MD_pkey_type()"
 Returns the \s-1NID\s0 of the public key signing algorithm associated with this
-digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return
+digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return
 \&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no
 longer linked this function is only retained for compatibility reasons.
-.IP "\fIEVP_md_null()\fR" 4
+.IP "\fBEVP_md_null()\fR" 4
 .IX Item "EVP_md_null()"
 A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero
 length.
-.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4
+.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4
 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()"
 Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an
 \&\fB\s-1ASN1_OBJECT\s0\fR structure respectively.
-.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4
+.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4
 .IX Item "EVP_MD_CTX_set_pkey_ctx()"
 Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide
-a customzied \fB\s-1EVP_PKEY_CTX\s0\fR to \fIEVP_DigestSignInit\fR\|(3) or
-\&\fIEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed
+a customzied \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or
+\&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed
 by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR
 assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not
 depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created.
 .SH "FLAGS"
 .IX Header "FLAGS"
-\&\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR and \fIEVP_MD_CTX_test_flags()\fR
+\&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR
 can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags:
 .IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4
 .IX Item "EVP_MD_CTX_FLAG_ONESHOT"
 This flag instructs the digest to optimize for one update only, if possible.
 .IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4
 .IX Item "EVP_MD_CTX_FLAG_NO_INIT"
-This flag instructs \fIEVP_DigestInit()\fR and similar not to initialise the
+This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the
 implementation specific data.
 .IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4
 .IX Item "EVP_MD_CTX_FLAG_FINALISE"
@@ -303,30 +307,30 @@ This is inefficient if this functionality is not required, and can be
 disabled with this flag.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-.IP "\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR, \fIEVP_DigestFinal_ex()\fR" 4
+.IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4
 .IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()"
 Returns 1 for
 success and 0 for failure.
-.IP "\fIEVP_MD_CTX_ctrl()\fR" 4
+.IP "\fBEVP_MD_CTX_ctrl()\fR" 4
 .IX Item "EVP_MD_CTX_ctrl()"
 Returns 1 if successful or 0 for failure.
-.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4
+.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4
 .IX Item "EVP_MD_CTX_copy_ex()"
 Returns 1 if successful or 0 for failure.
-.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR, \fIEVP_MD_type()\fR" 4
+.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR, \fBEVP_MD_type()\fR" 4
 .IX Item "EVP_MD_type(), EVP_MD_pkey_type(), EVP_MD_type()"
 Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none
 exists.
-.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4
+.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4
 .IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()"
 Returns the digest or block size in bytes.
-.IP "\fIEVP_md_null()\fR" 4
+.IP "\fBEVP_md_null()\fR" 4
 .IX Item "EVP_md_null()"
 Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest.
-.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4
+.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4
 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()"
 Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs.
-.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4
+.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4
 .IX Item "EVP_MD_CTX_set_pkey_ctx()"
 This function has no return value.
 .SH "NOTES"
@@ -335,28 +339,28 @@ The \fB\s-1EVP\s0\fR interface to message digests should almost always be used i
 preference to the low level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
 .PP
-New applications should use the \s-1SHA\-2\s0 (such as \fIEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0
-digest algorithms (such as \fIEVP_sha3_512\fR\|(3)). The other digest algorithms
+New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0
+digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms
 are still in common use.
 .PP
-For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
+For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be
 set to \s-1NULL\s0 to use the default digest implementation.
 .PP
-The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are
+The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are
 obsolete but are retained to maintain compatibility with existing code. New
-applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and
-\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context
+applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and
+\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context
 instead of initializing and cleaning it up on each call and allow non default
 implementations of digests to be specified.
 .PP
 If digest contexts are not cleaned up after use,
 memory leaks will occur.
 .PP
-\&\fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR, \fIEVP_MD_CTX_type()\fR,
-\&\fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR are defined as
+\&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR,
+\&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as
 macros.
 .PP
-\&\fIEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration
+\&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration
 or control.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
@@ -405,33 +409,33 @@ digest name passed on the command line.
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIdgst\fR\|(1),
-\&\fIevp\fR\|(7)
+\&\fBdgst\fR\|(1),
+\&\fBevp\fR\|(7)
 .PP
 The full list of digest algorithms are provided below.
 .PP
-\&\fIEVP_blake2b512\fR\|(3),
-\&\fIEVP_md2\fR\|(3),
-\&\fIEVP_md4\fR\|(3),
-\&\fIEVP_md5\fR\|(3),
-\&\fIEVP_mdc2\fR\|(3),
-\&\fIEVP_ripemd160\fR\|(3),
-\&\fIEVP_sha1\fR\|(3),
-\&\fIEVP_sha224\fR\|(3),
-\&\fIEVP_sha3_224\fR\|(3),
-\&\fIEVP_sm3\fR\|(3),
-\&\fIEVP_whirlpool\fR\|(3)
+\&\fBEVP_blake2b512\fR\|(3),
+\&\fBEVP_md2\fR\|(3),
+\&\fBEVP_md4\fR\|(3),
+\&\fBEVP_md5\fR\|(3),
+\&\fBEVP_mdc2\fR\|(3),
+\&\fBEVP_ripemd160\fR\|(3),
+\&\fBEVP_sha1\fR\|(3),
+\&\fBEVP_sha224\fR\|(3),
+\&\fBEVP_sha3_224\fR\|(3),
+\&\fBEVP_sm3\fR\|(3),
+\&\fBEVP_whirlpool\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIEVP_MD_CTX_create()\fR and \fIEVP_MD_CTX_destroy()\fR were renamed to
-\&\fIEVP_MD_CTX_new()\fR and \fIEVP_MD_CTX_free()\fR in OpenSSL 1.1.0.
+The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to
+\&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively.
 .PP
 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
-later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0
+later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0
 .PP
-\&\fIEVP_dss1()\fR was removed in OpenSSL 1.1.0.
+The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0.
 .PP
-\&\fIEVP_MD_CTX_set_pkey_ctx()\fR was added in 1.1.1.
+The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
index d33bc7ea47cff..67cc1571e2ac7 100644
--- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_DIGESTSIGNINIT 3"
-.TH EVP_DIGESTSIGNINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_DIGESTSIGNINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,21 +158,21 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \-
 .IX Header "DESCRIPTION"
 The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
 .PP
-\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
+\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
 \&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with
-\&\fIEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
+\&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
 \&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can
 be used to set alternative signing options. Note that any existing value in
 \&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed
 directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before
-being passed to \fIEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created
-inside \fIEVP_DigestSignInit()\fR and it will be freed automatically when the
+being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created
+inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the
 \&\s-1EVP_MD_CTX\s0 is freed).
 .PP
 The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it.
 .PP
-No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigsetSignInit()\fR if the passed \fBctx\fR
-has already been assigned one via \fIEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fISM2\s0\fR\|(7).
+No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigsetSignInit()\fR if the passed \fBctx\fR
+has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7).
 .PP
 Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This
 includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of
@@ -204,71 +208,71 @@ Will ignore any digest provided.
 .PP
 If RSA-PSS is used and restrictions apply then the digest must match.
 .PP
-\&\fIEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
 signature context \fBctx\fR. This function can be called several times on the
 same \fBctx\fR to include additional data. This function is currently implemented
 using a macro.
 .PP
-\&\fIEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR.
+\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR.
 If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to
 the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the
 \&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the
 call is successful the signature is written to \fBsig\fR and the amount of data
 written to \fBsiglen\fR.
 .PP
-\&\fIEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the
+\&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the
 signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to
-\&\fIEVP_DigestSignFinal()\fR.
+\&\fBEVP_DigestSignFinal()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR, \fIEVP_DigestSignaFinal()\fR and
-\&\fIEVP_DigestSign()\fR return 1 for success and 0 or a negative value for failure. In
+\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignaFinal()\fR and
+\&\fBEVP_DigestSign()\fR return 1 for success and 0 or a negative value for failure. In
 particular, a return value of \-2 indicates the operation is not supported by the
 public key algorithm.
 .PP
-The error codes can be obtained from \fIERR_get_error\fR\|(3).
+The error codes can be obtained from \fBERR_get_error\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 .PP
-\&\fIEVP_DigestSign()\fR is a one shot operation which signs a single block of data
+\&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data
 in one function. For algorithms that support streaming it is equivalent to
-calling \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR. For algorithms which
+calling \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. For algorithms which
 do not support streaming (e.g. PureEdDSA) it is the only way to sign data.
 .PP
 In previous versions of OpenSSL there was a link between message digest types
-and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
+and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR
 needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
 the use of clone digest is now discouraged.
 .PP
 For some key types and parameters the random number generator must be seeded
 or the operation will fail.
 .PP
-The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest
-context. This means that calls to \fIEVP_DigestSignUpdate()\fR and
-\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data.
+The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest
+context. This means that calls to \fBEVP_DigestSignUpdate()\fR and
+\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data.
 .PP
 Since only a copy of the digest context is ever finalized, the context must
-be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak
+be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak
 will occur.
 .PP
-The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some
+The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some
 signature operations may have a signature length which depends on the
-parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value
+parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value
 which indicates the maximum possible signature for any set of parameters.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_DigestVerifyInit\fR\|(3),
-\&\fIEVP_DigestInit\fR\|(3),
-\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3),
-\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3),
-\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1)
+\&\fBEVP_DigestVerifyInit\fR\|(3),
+\&\fBEVP_DigestInit\fR\|(3),
+\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3),
+\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3),
+\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR
-were first added to OpenSSL 1.0.0.
+\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR
+were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
index 9b4fc7217faa8..df49e59189f9e 100644
--- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_DIGESTVERIFYINIT 3"
-.TH EVP_DIGESTVERIFYINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_DIGESTVERIFYINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,80 +157,80 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestV
 .IX Header "DESCRIPTION"
 The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
 .PP
-\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
+\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
 \&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created
-with \fIEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
+with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the
 \&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
 can be used to set alternative verification options. Note that any existing
 value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed
 directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before
-being passed to \fIEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created
-inside \fIEVP_DigestSignInit()\fR and it will be freed automatically when the
+being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created
+inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the
 \&\s-1EVP_MD_CTX\s0 is freed).
 .PP
-No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigsetSignInit()\fR if the passed \fBctx\fR
-has already been assigned one via \fIEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fISM2\s0\fR\|(7).
+No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigsetSignInit()\fR if the passed \fBctx\fR
+has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7).
 .PP
-\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
 verification context \fBctx\fR. This function can be called several times on the
 same \fBctx\fR to include additional data. This function is currently implemented
 using a macro.
 .PP
-\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in
+\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in
 \&\fBsig\fR of length \fBsiglen\fR.
 .PP
-\&\fIEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature
+\&\fBEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature
 in \fBsig\fR of length \fBsiglen\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0
+\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0
 for failure.
 .PP
-\&\fIEVP_DigestVerifyFinal()\fR and \fIEVP_DigestVerify()\fR return 1 for success; any other
+\&\fBEVP_DigestVerifyFinal()\fR and \fBEVP_DigestVerify()\fR return 1 for success; any other
 value indicates failure.  A return value of zero indicates that the signature
 did not verify successfully (that is, \fBtbs\fR did not match the original data or
 the signature had an invalid form), while other values indicate a more serious
 error (and sometimes also indicate an invalid signature form).
 .PP
-The error codes can be obtained from \fIERR_get_error\fR\|(3).
+The error codes can be obtained from \fBERR_get_error\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 .PP
-\&\fIEVP_DigestVerify()\fR is a one shot operation which verifies a single block of
+\&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of
 data in one function. For algorithms that support streaming it is equivalent
-to calling \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR. For
+to calling \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR. For
 algorithms which do not support streaming (e.g. PureEdDSA) it is the only way
 to verify data.
 .PP
 In previous versions of OpenSSL there was a link between message digest types
-and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
+and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR
 needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
 the use of clone digest is now discouraged.
 .PP
 For some key types and parameters the random number generator must be seeded
 or the operation will fail.
 .PP
-The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
-context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can
+The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
+context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can
 be called later to digest and verify additional data.
 .PP
 Since only a copy of the digest context is ever finalized, the context must
-be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak
+be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak
 will occur.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_DigestSignInit\fR\|(3),
-\&\fIEVP_DigestInit\fR\|(3),
-\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3),
-\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3),
-\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1)
+\&\fBEVP_DigestSignInit\fR\|(3),
+\&\fBEVP_DigestInit\fR\|(3),
+\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3),
+\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3),
+\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR
-were first added to OpenSSL 1.0.0.
+\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR
+were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3
index 0cc531b9eb7cb..e4da7962f90ab 100644
--- a/secure/lib/libcrypto/man/EVP_EncodeInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_ENCODEINIT 3"
-.TH EVP_ENCODEINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_ENCODEINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,10 +171,10 @@ plus some occasional newlines (see below). If the input data length is not a
 multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R"
 character.
 .PP
-\&\fIEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for
+\&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for
 the encode/decode functions.
 .PP
-\&\fIEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the
+\&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the
 space allocated to it.
 .PP
 Encoding of binary data is performed in blocks of 48 input bytes (or less for
@@ -181,38 +185,38 @@ bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
 still output for the final 1 or 2 bytes of input. Similarly a newline character
 will also be output.
 .PP
-\&\fIEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation.
+\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation.
 .PP
-\&\fIEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by
+\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by
 \&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output
 is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the
 buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full
 blocks of data (48 bytes) will be immediately processed and output by this
 function. Any remainder is held in the \fBctx\fR object and will be processed by a
-subsequent call to \fIEVP_EncodeUpdate()\fR or \fIEVP_EncodeFinal()\fR. To calculate the
+subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the
 required size of the output buffer add together the value of \fBinl\fR with the
 amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore
 any remainder). This gives the number of blocks of data that will be processed.
 Ensure the output buffer contains 65 bytes of storage for each block, plus an
-additional byte for a \s-1NUL\s0 terminator. \fIEVP_EncodeUpdate()\fR may be called
+additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called
 repeatedly to process large amounts of input data. In the event of an error
-\&\fIEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be
+\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be
 returned.
 .PP
-\&\fIEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will
+\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will
 process any partial block of data remaining in the \fBctx\fR object. The output
 data will be stored in \fBout\fR and the length of the data written will be stored
 in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is
 sufficiently large to accommodate the output data which will never be more than
 65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total).
 .PP
-\&\fIEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context
+\&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context
 \&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function.
 .PP
-\&\fIEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to
+\&\fBEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to
 be encoded or decoded that are pending in the \fBctx\fR object.
 .PP
-\&\fIEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length
+\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length
 \&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of
 output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is
 encoded as a final block of data and the output is padded such that it is always
@@ -221,16 +225,16 @@ example if 16 bytes of input data is provided then 24 bytes of encoded data is
 created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of
 the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function.
 .PP
-\&\fIEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation.
+\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation.
 .PP
-\&\fIEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed
+\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed
 to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes
 output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that
 the buffer at \fBout\fR is sufficiently large to accommodate the output data. This
 function will attempt to decode as much data as possible in 4 byte chunks. Any
 whitespace, newline or carriage return characters are ignored. Any partial chunk
 of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
-the \fBctx\fR object and processed by a subsequent call to \fIEVP_DecodeUpdate()\fR. If
+the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If
 any illegal base 64 characters are encountered or if the base 64 padding
 character \*(L"=\*(R" is encountered in the middle of the data then the function returns
 \&\-1 to indicate an error. A return value of 0 or 1 indicates successful
@@ -241,12 +245,12 @@ every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
 line feeds), 3 bytes of binary output data will be produced (or less at the end
 of the data where the padding character \*(L"=\*(R" has been used).
 .PP
-\&\fIEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there
+\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there
 is any unprocessed data still in \fBctx\fR then the input data must not have been
 a multiple of 4 and therefore an error has occurred. The function will return \-1
 in this case. Otherwise the function returns 1 on success.
 .PP
-\&\fIEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data
+\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data
 contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be
 trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0
 characters. After such trimming the length of the data in \fBf\fR must be divisible
@@ -256,26 +260,26 @@ always 3 bytes for every 4 input bytes. This function will return the length of
 the data decoded or \-1 on error.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0
+\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0
 object or \s-1NULL\s0 on error.
 .PP
-\&\fIEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in
+\&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in
 \&\fBctx\fR.
 .PP
-\&\fIEVP_EncodeUpdate()\fR returns 0 on error or 1 on success.
+\&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success.
 .PP
-\&\fIEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0
+\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0
 terminator.
 .PP
-\&\fIEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned
+\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned
 then no more non-padding base 64 characters are expected.
 .PP
-\&\fIEVP_DecodeFinal()\fR returns \-1 on error or 1 on success.
+\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success.
 .PP
-\&\fIEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error.
+\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7)
+\&\fBevp\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index ace2df58d457f..d2e3a60bc5399 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_ENCRYPTINIT 3"
-.TH EVP_ENCRYPTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_ENCRYPTINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -210,18 +214,18 @@ EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_e
 The \s-1EVP\s0 cipher routines are a high level interface to certain
 symmetric ciphers.
 .PP
-\&\fIEVP_CIPHER_CTX_new()\fR creates a cipher context.
+\&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context.
 .PP
-\&\fIEVP_CIPHER_CTX_free()\fR clears all information from a cipher context
+\&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context
 and free up any allocated memory associate with it, including \fBctx\fR
 itself. This function should be called after all operations using a
 cipher are complete so sensitive information does not remain in
 memory.
 .PP
-\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
+\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
 with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created
 before calling this function. \fBtype\fR is normally supplied
-by a function such as \fIEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
+by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
 default implementation is used. \fBkey\fR is the symmetric key to use
 and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes
 used for the key and \s-1IV\s0 depends on the cipher. It is possible to set
@@ -230,7 +234,7 @@ the remaining parameters in subsequent calls, all of which have \fBtype\fR
 set to \s-1NULL.\s0 This is done when the default cipher parameters are not
 appropriate.
 .PP
-\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
+\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
 writes the encrypted version to \fBout\fR. This function can be called
 multiple times to encrypt successive blocks of data. The amount
 of data written depends on the block alignment of the encrypted data:
@@ -240,178 +244,178 @@ room. The actual number of bytes written is placed in \fBoutl\fR. It also
 checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are
 0 is returned to indicate failure.
 .PP
-If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts
+If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts
 the \*(L"final\*(R" data, that is any data that remains in a partial block.
 It uses standard block padding (aka \s-1PKCS\s0 padding) as described in
 the \s-1NOTES\s0 section, below. The encrypted
 final data is written to \fBout\fR which should have sufficient space for
 one cipher block. The number of bytes written is placed in \fBoutl\fR. After
 this function is called the encryption operation is finished and no further
-calls to \fIEVP_EncryptUpdate()\fR should be made.
+calls to \fBEVP_EncryptUpdate()\fR should be made.
 .PP
-If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more
+If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more
 data and it will return an error if any data remains in a partial block:
 that is if the total data length is not a multiple of the block size.
 .PP
-\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the
-corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an
+\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the
+corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an
 error code if padding is enabled and the final block is not correctly
 formatted. The parameters and restrictions are identical to the encryption
 operations except that if padding is enabled the decrypted data buffer \fBout\fR
-passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for
+passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for
 (\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in
 which case \fBinl\fR bytes is sufficient.
 .PP
-\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are
+\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are
 functions that can be used for decryption or encryption. The operation
 performed depends on the value of the \fBenc\fR parameter. It should be set
 to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged
 (the actual value of 'enc' being supplied in a previous call).
 .PP
-\&\fIEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context
+\&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context
 and free up any allocated memory associate with it, except the \fBctx\fR
 itself. This function should be called anytime \fBctx\fR is to be reused
-for another \fIEVP_CipherInit()\fR / \fIEVP_CipherUpdate()\fR / \fIEVP_CipherFinal()\fR
+for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR
 series of calls.
 .PP
-\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a
-similar way to \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR and
-\&\fIEVP_CipherInit_ex()\fR except they always use the default cipher implementation.
+\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a
+similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and
+\&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation.
 .PP
-\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR are
-identical to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and
-\&\fIEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up
-the \fBctx\fR, but this is no longer done and \fIEVP_CIPHER_CTX_clean()\fR
+\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are
+identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and
+\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up
+the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR
 must be called to free any context resources.
 .PP
-\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
+\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR
 return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an
 \&\s-1ASN1_OBJECT\s0 structure.
 .PP
-\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
+\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
 passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure.  The actual \s-1NID\s0
 value is an internal value which may not have a corresponding \s-1OBJECT
 IDENTIFIER.\s0
 .PP
-\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This
+\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This
 function should be called after the context is set up for encryption
-or decryption with \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR or
-\&\fIEVP_CipherInit_ex()\fR. By default encryption operations are padded using
+or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or
+\&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using
 standard block padding and the padding is checked and removed when
 decrypting. If the \fBpad\fR parameter is zero then no padding is
 performed, the total amount of data encrypted or decrypted must then
 be a multiple of the block size or an error will occur.
 .PP
-\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
+\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key
 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
 structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length
-for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a
-given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different
+for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a
+given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different
 for variable key length ciphers.
 .PP
-\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx.
+\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx.
 If the cipher is a fixed length cipher then attempting to set the key
 length to any value other than the fixed value is an error.
 .PP
-\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
+\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR.
 It will return zero if the cipher does not use an \s-1IV.\s0  The constant
 \&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
 .PP
-\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
+\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block
 size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
 structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block
 length for all ciphers.
 .PP
-\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed
+\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed
 cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT
 IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
 128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object
 identifier or does not have \s-1ASN1\s0 support this function will return
 \&\fBNID_undef\fR.
 .PP
-\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed
+\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed
 an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.
 .PP
-\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode:
+\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode:
 \&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE,
 EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE,
 EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then
 \&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned.
 .PP
-\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
+\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
 on the passed cipher. This will typically include any parameters and an
 \&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call
 should be made before the cipher is actually \*(L"used\*(R" (before any
-\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function
+\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function
 may fail if the cipher does not have any \s-1ASN1\s0 support.
 .PP
-\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
+\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
 AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher
 In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length.
 This function should be called after the base cipher type is set but before
-the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
-key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
-\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
+the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
+key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally
+\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
 possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support
 or the parameters cannot be set (for example the \s-1RC2\s0 effective key length
 is not supported.
 .PP
-\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined
+\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined
 and set.
 .PP
-\&\fIEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length
+\&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length
 based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key
 generation routine to support keys of a specific form. \fBKey\fR must point to a
-buffer at least as big as the value returned by \fIEVP_CIPHER_CTX_key_length()\fR.
+buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created
+\&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created
 \&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure.
 .PP
-\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR
+\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR
 return 1 for success and 0 for failure.
 .PP
-\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure.
-\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success.
+\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure.
+\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success.
 .PP
-\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure.
-\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success.
+\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure.
+\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success.
 .PP
-\&\fIEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure.
+\&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure.
 .PP
-\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
+\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR
 return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error.
 .PP
-\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0
+\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0
 .PP
-\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
+\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block
 size.
 .PP
-\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
+\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key
 length.
 .PP
-\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1.
+\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1.
 .PP
-\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
+\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
 length or zero if the cipher does not use an \s-1IV.\s0
 .PP
-\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
+\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
 \&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0
 .PP
-\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
+\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
 .PP
-\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return greater
+\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater
 than zero for success and zero or a negative number on failure.
 .PP
-\&\fIEVP_CIPHER_CTX_rand_key()\fR returns 1 for success.
+\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success.
 .SH "CIPHER LISTING"
 .IX Header "CIPHER LISTING"
 All algorithms have a fixed key length unless otherwise stated.
 .PP
 Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0
 interface.
-.IP "\fIEVP_enc_null()\fR" 4
+.IP "\fBEVP_enc_null()\fR" 4
 .IX Item "EVP_enc_null()"
 Null cipher: does nothing.
 .SH "AEAD Interface"
@@ -420,11 +424,11 @@ The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1
 modes are subtly altered and several additional \fIctrl\fR operations are supported
 depending on the mode specified.
 .PP
-To specify additional authenticated data (\s-1AAD\s0), a call to \fIEVP_CipherUpdate()\fR,
-\&\fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made with the output
+To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR,
+\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output
 parameter \fBout\fR set to \fB\s-1NULL\s0\fR.
 .PP
-When decrypting, the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR
+When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR
 indicates whether the operation was successful. If it does not indicate success,
 the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used
 as it is corrupted.
@@ -442,7 +446,7 @@ maximum is 15.
 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)"
 Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR.
 This call can only be made when encrypting data and \fBafter\fR all data has been
-processed (e.g. after an \fIEVP_EncryptFinal()\fR call).
+processed (e.g. after an \fBEVP_EncryptFinal()\fR call).
 .Sp
 For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via
 \&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR.
@@ -469,7 +473,7 @@ The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s
 few additional requirements and different \fIctrl\fR values.
 .PP
 For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to
-\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR with the output
+\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output
 and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in
 the \fBinl\fR parameter.
 .PP
@@ -500,7 +504,7 @@ nonce length is 16 (\fB\s-1CHACHA_CTR_SIZE\s0\fR, i.e. 128\-bits).
 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)"
 Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR.
 This call can only be made when encrypting data and \fBafter\fR all data has been
-processed (e.g. after an \fIEVP_EncryptFinal()\fR call).
+processed (e.g. after an \fBEVP_EncryptFinal()\fR call).
 .Sp
 \&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or
 less.
@@ -535,14 +539,14 @@ the input data earlier on will not produce a final decrypt error.
 If padding is disabled then the decryption operation will always succeed if
 the total amount of data decrypted is a multiple of the block size.
 .PP
-The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR,
-\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for
-compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR,
-\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR,
-\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an
+The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR,
+\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for
+compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR,
+\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR,
+\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an
 existing context without allocating and freeing it up on each call.
 .PP
-\&\fIEVP_get_cipherbynid()\fR, and \fIEVP_get_cipherbyobj()\fR are implemented as macros.
+\&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros.
 .SH "BUGS"
 .IX Header "BUGS"
 \&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal
@@ -667,32 +671,32 @@ with a 128\-bit key:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7)
+\&\fBevp\fR\|(7)
 .PP
 Supported ciphers are listed in:
 .PP
-\&\fIEVP_aes\fR\|(3),
-\&\fIEVP_aria\fR\|(3),
-\&\fIEVP_bf\fR\|(3),
-\&\fIEVP_camellia\fR\|(3),
-\&\fIEVP_cast5\fR\|(3),
-\&\fIEVP_chacha20\fR\|(3),
-\&\fIEVP_des\fR\|(3),
-\&\fIEVP_desx\fR\|(3),
-\&\fIEVP_idea\fR\|(3),
-\&\fIEVP_rc2\fR\|(3),
-\&\fIEVP_rc4\fR\|(3),
-\&\fIEVP_rc5\fR\|(3),
-\&\fIEVP_seed\fR\|(3),
-\&\fIEVP_sm4\fR\|(3)
+\&\fBEVP_aes\fR\|(3),
+\&\fBEVP_aria\fR\|(3),
+\&\fBEVP_bf\fR\|(3),
+\&\fBEVP_camellia\fR\|(3),
+\&\fBEVP_cast5\fR\|(3),
+\&\fBEVP_chacha20\fR\|(3),
+\&\fBEVP_des\fR\|(3),
+\&\fBEVP_desx\fR\|(3),
+\&\fBEVP_idea\fR\|(3),
+\&\fBEVP_rc2\fR\|(3),
+\&\fBEVP_rc4\fR\|(3),
+\&\fBEVP_rc5\fR\|(3),
+\&\fBEVP_seed\fR\|(3),
+\&\fBEVP_sm4\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-Support for \s-1OCB\s0 mode was added in OpenSSL 1.1.0
+Support for \s-1OCB\s0 mode was added in OpenSSL 1.1.0.
 .PP
 \&\fB\s-1EVP_CIPHER_CTX\s0\fR was made opaque in OpenSSL 1.1.0.  As a result,
-\&\fIEVP_CIPHER_CTX_reset()\fR appeared and \fIEVP_CIPHER_CTX_cleanup()\fR
-disappeared.  \fIEVP_CIPHER_CTX_init()\fR remains as an alias for
-\&\fIEVP_CIPHER_CTX_reset()\fR.
+\&\fBEVP_CIPHER_CTX_reset()\fR appeared and \fBEVP_CIPHER_CTX_cleanup()\fR
+disappeared.  \fBEVP_CIPHER_CTX_init()\fR remains as an alias for
+\&\fBEVP_CIPHER_CTX_reset()\fR.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/EVP_MD_meth_new.3
index 3fb1079a55afd..bdd8768b6fff8 100644
--- a/secure/lib/libcrypto/man/EVP_MD_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_MD_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_MD_METH_NEW 3"
-.TH EVP_MD_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_MD_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -183,23 +187,23 @@ The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation.
 It can also have associated public/private key signing and verifying
 routines.
 .PP
-\&\fIEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure.
+\&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure.
 .PP
-\&\fIEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR.
+\&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR.
 .PP
-\&\fIEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure.
+\&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure.
 .PP
-\&\fIEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size
+\&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size
 for the method \fBmd\fR to \fBblocksize\fR bytes.
 .PP
-\&\fIEVP_MD_meth_set_result_size()\fR sets the size of the result that the
+\&\fBEVP_MD_meth_set_result_size()\fR sets the size of the result that the
 digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes.
 .PP
 The digest method may have its own private data, which OpenSSL will
-allocate for it.  \fIEVP_MD_meth_set_app_datasize()\fR should be used to
+allocate for it.  \fBEVP_MD_meth_set_app_datasize()\fR should be used to
 set the size for it to \fBdatasize\fR.
 .PP
-\&\fIEVP_MD_meth_set_flags()\fR sets the flags to describe optional
+\&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional
 behaviours in the particular \fBmd\fR.  Several flags can be or'd
 together.  The available flags are:
 .IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4
@@ -222,58 +226,58 @@ Custom DigestAlgorithmIdentifier handling via ctrl, with
 \&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR
 Currently unused.
 .PP
-\&\fIEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR.
-The digest init function is called by \fIEVP_DigestInit()\fR,
-\&\fIEVP_DigestInit_ex()\fR, EVP_SignInit, \fIEVP_SignInit_ex()\fR, \fIEVP_VerifyInit()\fR
-and \fIEVP_VerifyInit_ex()\fR.
+\&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR.
+The digest init function is called by \fBEVP_DigestInit()\fR,
+\&\fBEVP_DigestInit_ex()\fR, EVP_SignInit, \fBEVP_SignInit_ex()\fR, \fBEVP_VerifyInit()\fR
+and \fBEVP_VerifyInit_ex()\fR.
 .PP
-\&\fIEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR.
-The digest update function is called by \fIEVP_DigestUpdate()\fR,
-\&\fIEVP_SignUpdate()\fR.
+\&\fBEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR.
+The digest update function is called by \fBEVP_DigestUpdate()\fR,
+\&\fBEVP_SignUpdate()\fR.
 .PP
-\&\fIEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR.
-The digest final function is called by \fIEVP_DigestFinal()\fR,
-\&\fIEVP_DigestFinal_ex()\fR, \fIEVP_SignFinal()\fR and \fIEVP_VerifyFinal()\fR.
+\&\fBEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR.
+The digest final function is called by \fBEVP_DigestFinal()\fR,
+\&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR.
 .PP
-\&\fIEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra
+\&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra
 computations after the method's private data structure has been copied
 from one \fB\s-1EVP_MD_CTX\s0\fR to another.  If all that's needed is to copy
 the data, there is no need for this copy function.
 Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private
-data structure is then available with \fIEVP_MD_CTX_md_data()\fR.
-This copy function is called by \fIEVP_MD_CTX_copy()\fR and
-\&\fIEVP_MD_CTX_copy_ex()\fR.
+data structure is then available with \fBEVP_MD_CTX_md_data()\fR.
+This copy function is called by \fBEVP_MD_CTX_copy()\fR and
+\&\fBEVP_MD_CTX_copy_ex()\fR.
 .PP
-\&\fIEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra
+\&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra
 cleanup before the method's private data structure is cleaned out and
 freed.
 Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the
-private data structure is then available with \fIEVP_MD_CTX_md_data()\fR.
-This cleanup function is called by \fIEVP_MD_CTX_reset()\fR and
-\&\fIEVP_MD_CTX_free()\fR.
+private data structure is then available with \fBEVP_MD_CTX_md_data()\fR.
+This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and
+\&\fBEVP_MD_CTX_free()\fR.
 .PP
-\&\fIEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR.
+\&\fBEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR.
 .PP
-\&\fIEVP_MD_meth_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR,
-\&\fIEVP_MD_meth_get_app_datasize()\fR, \fIEVP_MD_meth_get_flags()\fR,
-\&\fIEVP_MD_meth_get_init()\fR, \fIEVP_MD_meth_get_update()\fR,
-\&\fIEVP_MD_meth_get_final()\fR, \fIEVP_MD_meth_get_copy()\fR,
-\&\fIEVP_MD_meth_get_cleanup()\fR and \fIEVP_MD_meth_get_ctrl()\fR are all used
+\&\fBEVP_MD_meth_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR,
+\&\fBEVP_MD_meth_get_app_datasize()\fR, \fBEVP_MD_meth_get_flags()\fR,
+\&\fBEVP_MD_meth_get_init()\fR, \fBEVP_MD_meth_get_update()\fR,
+\&\fBEVP_MD_meth_get_final()\fR, \fBEVP_MD_meth_get_copy()\fR,
+\&\fBEVP_MD_meth_get_cleanup()\fR and \fBEVP_MD_meth_get_ctrl()\fR are all used
 to retrieve the method data given with the EVP_MD_meth_set_*()
 functions above.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_MD_meth_new()\fR and \fIEVP_MD_meth_dup()\fR return a pointer to a newly
+\&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly
 created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure.
 All EVP_MD_meth_set_*() functions return 1.
-\&\fIEVP_MD_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR,
-\&\fIEVP_MD_meth_get_app_datasize()\fR and \fIEVP_MD_meth_get_flags()\fR return the
+\&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR,
+\&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the
 indicated sizes or flags.
 All other EVP_CIPHER_meth_get_*() functions return pointers to their
 respective \fBmd\fR function.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_DigestInit\fR\|(3), \fIEVP_SignInit\fR\|(3), \fIEVP_VerifyInit\fR\|(3)
+\&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
index dbea8cf6caa56..5d8f33860b51f 100644
--- a/secure/lib/libcrypto/man/EVP_OpenInit.3
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_OPENINIT 3"
-.TH EVP_OPENINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_OPENINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,19 +157,19 @@ The \s-1EVP\s0 envelope routines are a high level interface to envelope
 decryption. They decrypt a public key encrypted symmetric key and
 then decrypt data using it.
 .PP
-\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption
+\&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption
 with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length
 \&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR.
 The \s-1IV\s0 is supplied in the \fBiv\fR parameter.
 .PP
-\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties
-as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as
-documented on the \fIEVP_EncryptInit\fR\|(3) manual
+\&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties
+as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as
+documented on the \fBEVP_EncryptInit\fR\|(3) manual
 page.
 .SH "NOTES"
 .IX Header "NOTES"
-It is possible to call \fIEVP_OpenInit()\fR twice in the same way as
-\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0
+It is possible to call \fBEVP_OpenInit()\fR twice in the same way as
+\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0
 and (after setting any cipher parameters) it should be called again
 with \fBtype\fR set to \s-1NULL.\s0
 .PP
@@ -175,17 +179,17 @@ key length. If the cipher is a fixed length cipher then the recovered
 key length must match the fixed cipher length.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the
+\&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the
 recovered secret key size) if successful.
 .PP
-\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure.
+\&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure.
 .PP
-\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success.
+\&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_SealInit\fR\|(3)
+\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_SealInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
index 0e302ea4ffe80..d85770bdc8c19 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_ASN1_METHOD 3"
-.TH EVP_PKEY_ASN1_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_ASN1_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -260,7 +264,7 @@ There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are
 stored: one is a built-in array representing the standard methods for
 different algorithms, and the other one is a stack of user-defined
 application-specific methods, which can be manipulated by using
-\&\fIEVP_PKEY_asn1_add0\fR\|(3).
+\&\fBEVP_PKEY_asn1_add0\fR\|(3).
 .SS "Methods"
 .IX Subsection "Methods"
 The methods are the underlying implementations of a particular public
@@ -274,20 +278,20 @@ key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object.
 \&                   ASN1_PCTX *pctx);
 .Ve
 .PP
-The \fIpub_decode()\fR and \fIpub_encode()\fR methods are called to decode /
+The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode /
 encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR.
 They \s-1MUST\s0 return 0 on error, 1 on success.
-They're called by \fIX509_PUBKEY_get0\fR\|(3) and \fIX509_PUBKEY_set\fR\|(3).
+They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3).
 .PP
-The \fIpub_cmp()\fR method is called when two public keys are to be
+The \fBpub_cmp()\fR method is called when two public keys are to be
 compared.
 It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise.
-It's called by \fIEVP_PKEY_cmp\fR\|(3).
+It's called by \fBEVP_PKEY_cmp\fR\|(3).
 .PP
-The \fIpub_print()\fR method is called to print a public key in humanly
+The \fBpub_print()\fR method is called to print a public key in humanly
 readable text to \fBout\fR, indented \fBindent\fR spaces.
 It \s-1MUST\s0 return 0 on error, 1 on success.
-It's called by \fIEVP_PKEY_print_public\fR\|(3).
+It's called by \fBEVP_PKEY_print_public\fR\|(3).
 .PP
 .Vb 4
 \& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
@@ -296,15 +300,15 @@ It's called by \fIEVP_PKEY_print_public\fR\|(3).
 \&                    ASN1_PCTX *pctx);
 .Ve
 .PP
-The \fIpriv_decode()\fR and \fIpriv_encode()\fR methods are called to decode /
+The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode /
 encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR.
 They \s-1MUST\s0 return 0 on error, 1 on success.
-They're called by \s-1\fIEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fIEVP_PKEY2PKCS8\s0\fR\|(3).
+They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3).
 .PP
-The \fIpriv_print()\fR method is called to print a private key in humanly
+The \fBpriv_print()\fR method is called to print a private key in humanly
 readable text to \fBout\fR, indented \fBindent\fR spaces.
 It \s-1MUST\s0 return 0 on error, 1 on success.
-It's called by \fIEVP_PKEY_print_private\fR\|(3).
+It's called by \fBEVP_PKEY_print_private\fR\|(3).
 .PP
 .Vb 3
 \& int (*pkey_size) (const EVP_PKEY *pk);
@@ -312,11 +316,11 @@ It's called by \fIEVP_PKEY_print_private\fR\|(3).
 \& int (*pkey_security_bits) (const EVP_PKEY *pk);
 .Ve
 .PP
-The \fIpkey_size()\fR method returns the key size in bytes.
-It's called by \fIEVP_PKEY_size\fR\|(3).
+The \fBpkey_size()\fR method returns the key size in bytes.
+It's called by \fBEVP_PKEY_size\fR\|(3).
 .PP
-The \fIpkey_bits()\fR method returns the key size in bits.
-It's called by \fIEVP_PKEY_bits\fR\|(3).
+The \fBpkey_bits()\fR method returns the key size in bits.
+It's called by \fBEVP_PKEY_bits\fR\|(3).
 .PP
 .Vb 8
 \& int (*param_decode) (EVP_PKEY *pkey,
@@ -329,29 +333,29 @@ It's called by \fIEVP_PKEY_bits\fR\|(3).
 \&                     ASN1_PCTX *pctx);
 .Ve
 .PP
-The \fIparam_decode()\fR and \fIparam_encode()\fR methods are called to decode /
+The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode /
 encode \s-1DER\s0 formatted parameters to / from \fBpk\fR.
 They \s-1MUST\s0 return 0 on error, 1 on success.
-They're called by \fIPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR
-\&\s-1\fIOSSL_STORE_LOADER\s0\fR\|(3).
+They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR
+\&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3).
 .PP
-The \fIparam_missing()\fR method returns 0 if a key parameter is missing,
+The \fBparam_missing()\fR method returns 0 if a key parameter is missing,
 otherwise 1.
-It's called by \fIEVP_PKEY_missing_parameters\fR\|(3).
+It's called by \fBEVP_PKEY_missing_parameters\fR\|(3).
 .PP
-The \fIparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR.
+The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR.
 It \s-1MUST\s0 return 0 on error, 1 on success.
-It's called by \fIEVP_PKEY_copy_parameters\fR\|(3).
+It's called by \fBEVP_PKEY_copy_parameters\fR\|(3).
 .PP
-The \fIparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR.
+The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR.
 It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a
 negative number on error.
-It's called by \fIEVP_PKEY_cmp_parameters\fR\|(3).
+It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3).
 .PP
-The \fIparam_print()\fR method prints the private key parameters in humanly
+The \fBparam_print()\fR method prints the private key parameters in humanly
 readable text to \fBout\fR, indented \fBindent\fR spaces.
 It \s-1MUST\s0 return 0 on error, 1 on success.
-It's called by \fIEVP_PKEY_print_params\fR\|(3).
+It's called by \fBEVP_PKEY_print_params\fR\|(3).
 .PP
 .Vb 3
 \& int (*sig_print) (BIO *out,
@@ -359,31 +363,31 @@ It's called by \fIEVP_PKEY_print_params\fR\|(3).
 \&                   int indent, ASN1_PCTX *pctx);
 .Ve
 .PP
-The \fIsig_print()\fR method prints a signature in humanly readable text to
+The \fBsig_print()\fR method prints a signature in humanly readable text to
 \&\fBout\fR, indented \fBindent\fR spaces.
 \&\fBsigalg\fR contains the exact signature algorithm.
 If the signature in \fBsig\fR doesn't correspond to what this method
-expects, \fIX509_signature_dump()\fR must be used as a last resort.
+expects, \fBX509_signature_dump()\fR must be used as a last resort.
 It \s-1MUST\s0 return 0 on error, 1 on success.
-It's called by \fIX509_signature_print\fR\|(3).
+It's called by \fBX509_signature_print\fR\|(3).
 .PP
 .Vb 1
 \& void (*pkey_free) (EVP_PKEY *pkey);
 .Ve
 .PP
-The \fIpkey_free()\fR method helps freeing the internals of \fBpkey\fR.
-It's called by \fIEVP_PKEY_free\fR\|(3), \fIEVP_PKEY_set_type\fR\|(3),
-\&\fIEVP_PKEY_set_type_str\fR\|(3), and \fIEVP_PKEY_assign\fR\|(3).
+The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR.
+It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3),
+\&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3).
 .PP
 .Vb 1
 \& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
 .Ve
 .PP
-The \fIpkey_ctrl()\fR method adds extra algorithm specific control.
-It's called by \fIEVP_PKEY_get_default_digest_nid\fR\|(3),
-\&\fIEVP_PKEY_set1_tls_encodedpoint\fR\|(3),
-\&\fIEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fIPKCS7_SIGNER_INFO_set\fR\|(3),
-\&\fIPKCS7_RECIP_INFO_set\fR\|(3), ...
+The \fBpkey_ctrl()\fR method adds extra algorithm specific control.
+It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3),
+\&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3),
+\&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3),
+\&\fBPKCS7_RECIP_INFO_set\fR\|(3), ...
 .PP
 .Vb 3
 \& int (*old_priv_decode) (EVP_PKEY *pkey,
@@ -391,14 +395,14 @@ It's called by \fIEVP_PKEY_get_default_digest_nid\fR\|(3),
 \& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
 .Ve
 .PP
-The \fIold_priv_decode()\fR and \fIold_priv_encode()\fR methods decode / encode
+The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode
 they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array.
 These are exclusively used to help decoding / encoding older (pre
 PKCS#8) \s-1PEM\s0 formatted encrypted private keys.
-\&\fIold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success.
-\&\fIold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as
-\&\fIi2d_PrivateKey()\fR.
-They're called by \fId2i_PrivateKey\fR\|(3) and \fIi2d_PrivateKey\fR\|(3).
+\&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success.
+\&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as
+\&\fBi2d_PrivateKey()\fR.
+They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3).
 .PP
 .Vb 5
 \& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
@@ -408,53 +412,53 @@ They're called by \fId2i_PrivateKey\fR\|(3) and \fIi2d_PrivateKey\fR\|(3).
 \&                   ASN1_BIT_STRING *sig);
 .Ve
 .PP
-The \fIitem_sign()\fR and  \fIitem_verify()\fR methods make it possible to have
+The \fBitem_sign()\fR and  \fBitem_verify()\fR methods make it possible to have
 algorithm specific signatures and verification of them.
 .PP
-\&\fIitem_sign()\fR \s-1MUST\s0 return one of:
+\&\fBitem_sign()\fR \s-1MUST\s0 return one of:
 .IP "<=0" 4
 .IX Item "<=0"
 error
 .IP "1" 4
 .IX Item "1"
-\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the
+\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the
 signature length back.
 .IP "2" 4
 .IX Item "2"
-\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are
+\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are
 expected to continue with the default signature production.
 .IP "3" 4
 .IX Item "3"
-\&\fIitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR,
+\&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR,
 OpenSSL internals should just sign using those algorithms.
 .PP
-\&\fIitem_verify()\fR \s-1MUST\s0 return one of:
+\&\fBitem_verify()\fR \s-1MUST\s0 return one of:
 .IP "<=0" 4
 .IX Item "<=0"
 error
 .IP "1" 4
 .IX Item "1"
-\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the
+\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the
 signature length back.
 .IP "2" 4
 .IX Item "2"
-\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are
+\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are
 expected to continue with the default signature production.
 .PP
-\&\fIitem_verify()\fR and \fIitem_sign()\fR are called by \fIASN1_item_verify\fR\|(3) and
-\&\fIASN1_item_sign\fR\|(3), and by extension, \fIX509_verify\fR\|(3),
-\&\fIX509_REQ_verify\fR\|(3), \fIX509_sign\fR\|(3), \fIX509_REQ_sign\fR\|(3), ...
+\&\fBitem_verify()\fR and \fBitem_sign()\fR are called by \fBASN1_item_verify\fR\|(3) and
+\&\fBASN1_item_sign\fR\|(3), and by extension, \fBX509_verify\fR\|(3),
+\&\fBX509_REQ_verify\fR\|(3), \fBX509_sign\fR\|(3), \fBX509_REQ_sign\fR\|(3), ...
 .PP
 .Vb 2
 \& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
 \&                    const ASN1_STRING *sig);
 .Ve
 .PP
-The \fIsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR
+The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR
 parameters.
 It \s-1MUST\s0 return 0 on error, or 1 on success.
-It's called as part of \fIX509_check_purpose\fR\|(3), \fIX509_check_ca\fR\|(3)
-and \fIX509_check_issued\fR\|(3).
+It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3)
+and \fBX509_check_issued\fR\|(3).
 .PP
 .Vb 3
 \& int (*pkey_check) (const EVP_PKEY *pk);
@@ -462,25 +466,25 @@ and \fIX509_check_issued\fR\|(3).
 \& int (*pkey_param_check) (const EVP_PKEY *pk);
 .Ve
 .PP
-The \fIpkey_check()\fR, \fIpkey_public_check()\fR and \fIpkey_param_check()\fR methods are used
+The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used
 to check the validity of \fBpk\fR for key-pair, public component and parameters,
 respectively.
 They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key.
-They are called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and
-\&\fIEVP_PKEY_param_check\fR\|(3) respectively.
+They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and
+\&\fBEVP_PKEY_param_check\fR\|(3) respectively.
 .PP
 .Vb 2
 \& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
 \& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
 .Ve
 .PP
-The \fIset_priv_key()\fR and \fIset_pub_key()\fR methods are used to set the raw private and
+The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and
 public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success.
-They are called by \fIEVP_PKEY_new_raw_private_key\fR\|(3), and
-\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) respectively.
+They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and
+\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively.
 .SS "Functions"
 .IX Subsection "Functions"
-\&\fIEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR
+\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR
 object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and
 \&\fBinfo\fR.
 \&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a
@@ -495,49 +499,49 @@ If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm
 parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise
 they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is
 omitted).
-See \fIX509_ALGOR_set0\fR\|(3) for more information.
+See \fBX509_ALGOR_set0\fR\|(3) for more information.
 .PP
-\&\fIEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from
+\&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from
 \&\fBsrc\fR to \fBdst\fR.
 This function is not thread safe, it's recommended to only use this
 when initializing the application.
 .PP
-\&\fIEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed
+\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed
 by \fBameth\fR.
 .PP
-\&\fIEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of
+\&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of
 methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is
 already there.
 This function is not thread safe, it's recommended to only use this
 when initializing the application.
 .PP
-\&\fIEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the
+\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the
 \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another
 \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added.
 This function is not thread safe, it's recommended to only use this
 when initializing the application.
 .PP
-\&\fIEVP_PKEY_asn1_set_public()\fR, \fIEVP_PKEY_asn1_set_private()\fR,
-\&\fIEVP_PKEY_asn1_set_param()\fR, \fIEVP_PKEY_asn1_set_free()\fR,
-\&\fIEVP_PKEY_asn1_set_ctrl()\fR, \fIEVP_PKEY_asn1_set_item()\fR,
-\&\fIEVP_PKEY_asn1_set_siginf()\fR, \fIEVP_PKEY_asn1_set_check()\fR,
-\&\fIEVP_PKEY_asn1_set_public_check()\fR, \fIEVP_PKEY_asn1_set_param_check()\fR,
-\&\fIEVP_PKEY_asn1_set_security_bits()\fR, \fIEVP_PKEY_asn1_set_set_priv_key()\fR,
-\&\fIEVP_PKEY_asn1_set_set_pub_key()\fR, \fIEVP_PKEY_asn1_set_get_priv_key()\fR and
-\&\fIEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given
+\&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR,
+\&\fBEVP_PKEY_asn1_set_param()\fR, \fBEVP_PKEY_asn1_set_free()\fR,
+\&\fBEVP_PKEY_asn1_set_ctrl()\fR, \fBEVP_PKEY_asn1_set_item()\fR,
+\&\fBEVP_PKEY_asn1_set_siginf()\fR, \fBEVP_PKEY_asn1_set_check()\fR,
+\&\fBEVP_PKEY_asn1_set_public_check()\fR, \fBEVP_PKEY_asn1_set_param_check()\fR,
+\&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR,
+\&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and
+\&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given
 \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object.
 .PP
-\&\fIEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated
+\&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated
 with the key \fBpkey\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an
+\&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an
 \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise.
 .PP
-\&\fIEVP_PKEY_asn1_add0()\fR and \fIEVP_PKEY_asn1_add_alias()\fR return 0 on error,
+\&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error,
 or 1 on success.
 .PP
-\&\fIEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant
+\&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant
 \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 209076cc7f223..1731160abb5a0 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_CTRL 3"
-.TH EVP_PKEY_CTX_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CTX_CTRL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -217,7 +221,7 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context
+The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context
 \&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter
 \&\fBoptype\fR is a mask indicating which operations the control can be applied to.
 The control command is indicated in \fBcmd\fR and any additional arguments in
@@ -226,50 +230,50 @@ The control command is indicated in \fBcmd\fR and any additional arguments in
 For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key,
 and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0
 .PP
-Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will
+Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will
 instead call one of the algorithm specific macros below.
 .PP
-The function \fIEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a
-uint64 value as \fBp2\fR to \fIEVP_PKEY_CTX_ctrl()\fR.
+The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a
+uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR.
 .PP
-The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm
+The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm
 specific control operation to a context \fBctx\fR in string form. This is
 intended to be used for options specified on the command line or in text
 files. The commands supported are documented in the openssl utility
 command line pages for the option \fB\-pkeyopt\fR which is supported by the
 \&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands.
 .PP
-The function \fIEVP_PKEY_CTX_md()\fR sends a message digest control operation
+The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation
 to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR.
 .PP
 All the remaining \*(L"functions\*(R" are implemented as macros.
 .PP
-The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used
+The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used
 in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms.
 .PP
-The \fIEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a
+The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a
 signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms.
 .PP
 Key generation typically involves setting up parameters to be used and
 generating the private and public key data. Some algorithm implementations
-allow private key data to be set explicitly using the \fIEVP_PKEY_CTX_set_mac_key()\fR
+allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR
 macro. In this case key generation is simply the process of setting up the
 parameters for the key and then setting the raw key data to the value explicitly
 provided by that macro. Normally applications would call
-\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro.
+\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro.
 .PP
-The \fIEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms
-supported by the \fIEVP_PKEY_new_raw_private_key\fR\|(3) function.
+The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms
+supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function.
 .SS "\s-1RSA\s0 parameters"
 .IX Subsection "RSA parameters"
-The \fIEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR.
+The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR.
 The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1
 padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for
 no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and
 decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations
 only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only).
 .PP
-Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR
+Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR
 is used. If this macro is called for PKCS#1 padding the plaintext buffer is
 an actual digest value and is encapsulated in a DigestInfo structure according
 to PKCS#1 when signing and this structure is expected (and stripped off) when
@@ -279,9 +283,9 @@ padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and rem
 if this control is called. If it is not called then the first byte of the plaintext
 buffer is expected to be the algorithm identifier byte.
 .PP
-The \fIEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR.
+The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR.
 .PP
-The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to
+The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to
 \&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special
 values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the
 digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum
@@ -290,81 +294,81 @@ to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If
 macro is not called maximum salt length is used when signing and auto detection
 when verifying is used by default.
 .PP
-The \fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length
+The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length
 for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for
+The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for
 \&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used.
 .PP
-The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value
+The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value
 for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The
 \&\fBpubexp\fR pointer is used internally by this function so it should not be
 modified or freed after the call. If not specified 65537 is used.
 .PP
-The \fIEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for
+The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for
 \&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used.
 .PP
-The \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding
+The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding
 schemes to \fBmd\fR. If not explicitly set the signing digest is used. The
 padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR
 or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR.
+The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR.
 If not explicitly set the signing digest is used. The padding mode must have
 been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used
+The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used
 in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to
 \&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used
+The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used
 in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to
 \&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to
+The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to
 \&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0,
 the label is cleared. The library takes ownership of the label so the
 caller should not free the original memory pointed to by \fBlabel\fR.
 The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to
+The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to
 \&\fBlabel\fR. The return value is the label length. The padding mode
 must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned
 by the library and should not be freed by the caller.
 .SS "\s-1DSA\s0 parameters"
 .IX Subsection "DSA parameters"
-The \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used
+The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used
 for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used.
 .SS "\s-1DH\s0 parameters"
 .IX Subsection "DH parameters"
-The \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0
+The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0
 prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called
 then 1024 is used. Only accepts lengths greater than or equal to 256.
 .PP
-The \fIEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0
+The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0
 optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is
 256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0
 paramgen type must have been set to x9.42.
 .PP
-The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR
+The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR
 for \s-1DH\s0 parameter generation. If not specified 2 is used.
 .PP
-The \fIEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0
+The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0
 parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0
 The default is 0.
 .PP
-The \fIEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is
+The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is
 1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR.
 If \fBpad\fR is zero (the default) then no padding is performed.
 .PP
-\&\fIEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to
+\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to
 \&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR,
 \&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR
 or \fBNID_undef\fR to clear the stored value. This macro can be called during
 parameter or key generation.
 The nid parameter and the rfc5114 parameter are mutually exclusive.
 .PP
-The \fIEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fIEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are
+The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are
 synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The
 \&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections
 2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called
@@ -375,142 +379,143 @@ The rfc5114 parameter and the nid parameter are mutually exclusive.
 .IX Subsection "DH key derivation function parameters"
 Note that all of the following functions require that the \fBctx\fR parameter has
 a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of
-\&\fIEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret.
+\&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret.
 The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn
 encrypts a Content Encryption Key (\s-1CEK\s0).
 .PP
-The \fIEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type
+The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type
 to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR
 and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0
 (based on the keying algorithm described in X9.42). When using key derivation,
 the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified.
 .PP
-The \fIEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type
+The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type
 for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR
 and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function
+The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function
 object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify
 the algorithm to be used with the Content Encryption Key.
 The library takes ownership of the object identifier so the caller should not
 free the original memory pointed to by \fBoid\fR.
 .PP
-The \fIEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid
+The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid
 for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the
 library and should not be freed by the caller.
 .PP
-The \fIEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function
+The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function
 message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies
 that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests.
 .PP
-The \fIEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function
+The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function
 message digest for \fBctx\fR used for \s-1DH\s0 key derivation.
 .PP
-The \fIEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function
+The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function
 output length to \fBlen\fR for \s-1DH\s0 key derivation.
 .PP
-The \fIEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function
+The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function
 output length for \fBctx\fR used for \s-1DH\s0 key derivation.
 .PP
-The \fIEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to
+The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to
 \&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional
 and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification
 requires that it is 512 bits long but this is not enforced by OpenSSL.
 The library takes ownership of the user key material so the caller should not
 free the original memory pointed to by \fBukm\fR.
 .PP
-The \fIEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR.
+The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR.
 The return value is the user key material length. The resulting pointer is owned
 by the library and should not be freed by the caller.
 .SS "\s-1EC\s0 parameters"
 .IX Subsection "EC parameters"
-The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter
+The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter
 generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called
 or an error occurs because there is no default curve.
 This function can also be called to set the curve explicitly when
 generating an \s-1EC\s0 key.
 .PP
-The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to
+The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to
 \&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be
 \&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions
 of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form.
 For maximum compatibility the named curve form should be used. Note: the
-\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was only added to OpenSSL 1.1.0; previous
+\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous
 versions should use 0 instead.
 .SS "\s-1ECDH\s0 parameters"
 .IX Subsection "ECDH parameters"
-The \fIEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to
+The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to
 \&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable
 cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor
 mode and fallback to the private key cofactor mode.
 .PP
-The \fIEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for
+The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for
 \&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key
 derivation is enabled and 0 otherwise.
 .SS "\s-1ECDH\s0 key derivation function parameters"
 .IX Subsection "ECDH key derivation function parameters"
-The \fIEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type
+The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type
 to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR
 and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63.
 When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must
 also be specified.
 .PP
-The \fIEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function
+The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function
 type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are
 \&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR.
 .PP
-The \fIEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function
+The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function
 message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies
 that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests.
 .PP
-The \fIEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function
+The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function
 message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation.
 .PP
-The \fIEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function
+The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function
 output length to \fBlen\fR for \s-1ECDH\s0 key derivation.
 .PP
-The \fIEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function
+The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function
 output length for \fBctx\fR used for \s-1ECDH\s0 key derivation.
 .PP
-The \fIEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR
+The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR
 for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the
 shared info in X9.63 terms. The library takes ownership of the user key material
 so the caller should not free the original memory pointed to by \fBukm\fR.
 .PP
-The \fIEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR.
+The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR.
 The return value is the user key material length. The resulting pointer is owned
 by the library and should not be freed by the caller.
 .SS "Other parameters"
 .IX Subsection "Other parameters"
-The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR
+The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR
 macros are used to manipulate the special identifier field for specific signature
-algorithms such as \s-1SM2.\s0 The \fIEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with
+algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with
 the length \fBid_len\fR to the library. The library takes a copy of the id so that
 the caller can safely free the original memory pointed to by \fBid\fR. The
-\&\fIEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous
-call to \fIEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate
-memory for further calls to \fIEVP_PKEY_CTX_get1_id()\fR. The \fIEVP_PKEY_CTX_get1_id()\fR
+\&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous
+call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate
+memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR
 macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should
-allocate adequate memory space for the \fBid\fR before calling \fIEVP_PKEY_CTX_get1_id()\fR.
+allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0
+\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0
 or a negative value for failure. In particular a return value of \-2
 indicates the operation is not supported by the public key algorithm.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_encrypt\fR\|(3),
-\&\fIEVP_PKEY_decrypt\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3),
-\&\fIEVP_PKEY_keygen\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3),
+\&\fBEVP_PKEY_keygen\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR
-macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0.
+The
+\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR
+macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
index 4cb06710825b1..b91336b4bcdb4 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_NEW 3"
-.TH EVP_PKEY_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,17 +152,17 @@ EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- pu
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using
+The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using
 the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR.
 .PP
-The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context
+The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context
 using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used
 when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example
 during parameter generation of key generation for some algorithms.
 .PP
-\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR.
+\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR.
 .PP
-\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR.
+\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR.
 If \fBctx\fR is \s-1NULL,\s0 nothing is done.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -168,16 +172,16 @@ threads: that is it is not permissible to use the same context simultaneously
 in two threads.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either
+\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either
 the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIEVP_PKEY_CTX_free()\fR does not return a value.
+\&\fBEVP_PKEY_CTX_free()\fR does not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_new\fR\|(3)
+\&\fBEVP_PKEY_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
index 87cf931a203fe..ac2bc0bbcca44 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3"
-.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,12 +152,12 @@ EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions
 .IX Header "DESCRIPTION"
 These functions are generic support functions for all \s-1KDF\s0 algorithms.
 .PP
-\&\fIEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first
+\&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first
 bytes from \fBpass\fR.
 .SH "STRING CTRLS"
 .IX Header "STRING CTRLS"
 There is also support for string based control operations via
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3).
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3).
 The \fBpassword\fR can be directly specified using the \fBtype\fR parameter
 \&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter.
 .SH "NOTES"
@@ -166,9 +170,9 @@ In particular a return value of \-2 indicates the operation is not supported by
 the public key algorithm.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
index 7eec64fa96785..d87266844f1e0 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3"
-.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -163,11 +167,11 @@ and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second sta
 \&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output
 of the \s-1KDF\s0).
 .PP
-\&\fIEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three
+\&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three
 modes that are currently defined:
 .IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4
 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND"
-This is the default mode. Calling \fIEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set
+This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set
 up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go.
 The derived key returned will be the result after the expand operation. The
 intermediate fixed-length pseudorandom key K is not returned.
@@ -176,7 +180,7 @@ In this mode the digest, key, salt and info values must be set before a key is
 derived or an error occurs.
 .IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4
 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY"
-In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the extract
+In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract
 operation. The value returned will be the intermediate fixed-length pseudorandom
 key K.
 .Sp
@@ -184,28 +188,28 @@ The digest, key and salt values must be set before a key is derived or an
 error occurs.
 .IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4
 .IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY"
-In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the expand
+In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand
 operation. The input key should be set to the intermediate fixed-length
 pseudorandom key K returned from a previous extract operation.
 .Sp
 The digest, key and info values must be set before a key is derived or an
 error occurs.
 .PP
-\&\fIEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0
+\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0
 .PP
-\&\fIEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the
+\&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the
 buffer \fBsalt\fR. Any existing value is replaced.
 .PP
-\&\fIEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer
+\&\fBEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer
 \&\fBkey\fR. Any existing value is replaced.
 .PP
-\&\fIEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the
+\&\fBEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the
 buffer \fBinfo\fR. If a value is already set, it is appended to the existing
 value.
 .SH "STRING CTRLS"
 .IX Header "STRING CTRLS"
 \&\s-1HKDF\s0 also supports string based control operations via
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3).
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3).
 The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest
 algorithm to use.
 The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R",
@@ -228,11 +232,11 @@ The total length of the info buffer cannot exceed 1024 bytes in length: this
 should be more than enough for any normal use of \s-1HKDF.\s0
 .PP
 The output length of an \s-1HKDF\s0 expand operation is specified via the length
-parameter to the \fIEVP_PKEY_derive\fR\|(3) function.
+parameter to the \fBEVP_PKEY_derive\fR\|(3) function.
 Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means
 to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that
 performs an expand operation. Instead, the caller must allocate a buffer of the
-desired length, and pass that buffer to \fIEVP_PKEY_derive\fR\|(3) along with (a
+desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a
 pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain
 the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0
 .PP
@@ -271,9 +275,9 @@ salt value \*(L"salt\*(R" and info value \*(L"label\*(R":
 \&\s-1RFC 5869\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
index 33d70752a1f38..c2d3d758b0166 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3"
-.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,29 +154,29 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-These are the functions that implement \s-1\fIRSA\-PSS\s0\fR\|(7).
+These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7).
 .SS "Signing and Verification"
 .IX Subsection "Signing and Verification"
-The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is
+The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is
 returned if an attempt is made to set the padding mode to anything other
 than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version.
 .PP
-The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length.
+The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length.
 If the key has usage restrictions then an error is returned if an attempt is
 made to set the salt length below the minimum value. It is otherwise similar
 to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using
 \&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has
 usage restrictions.
 .PP
-The \fIEVP_PKEY_CTX_set_signature_md()\fR and \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros
+The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros
 are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has
 usage restrictions then an error is returned if an attempt is made to set the
 digest to anything other than the restricted value. Otherwise these are
 similar to the \fB\s-1RSA\s0\fR versions.
 .SS "Key Generation"
 .IX Subsection "Key Generation"
-As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR
-and \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS:
+As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR
+and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS:
 they have exactly the same meaning as for the \s-1RSA\s0 algorithm.
 .PP
 Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key.
@@ -182,13 +186,13 @@ restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in plac
 then they are reflected in the corresponding parameters of the public key
 when (for example) a certificate request is signed.
 .PP
-\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the
+\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the
 generated key can use to \fBmd\fR.
 .PP
-\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the
+\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the
 generated key can use to \fBmd\fR.
 .PP
-\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length
+\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length
 to \fBsaltlen\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -204,10 +208,10 @@ In particular a return value of \-2 indicates the operation is not supported by
 the public key algorithm.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIRSA\-PSS\s0\fR\|(7),
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\s-1\fBRSA\-PSS\s0\fR\|(7),
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
index a34d354ab383b..bc482a7e4d923 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3"
-.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,22 +161,22 @@ EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scryp
 .IX Header "DESCRIPTION"
 These functions are used to set up the necessary data to use the
 scrypt \s-1KDF.\s0
-For more information on scrypt, see \fIscrypt\fR\|(7).
+For more information on scrypt, see \fBscrypt\fR\|(7).
 .PP
-\&\fIEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt
+\&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt
 value.
 .PP
-\&\fIEVP_PKEY_CTX_set_scrypt_N()\fR, \fIEVP_PKEY_CTX_set_scrypt_r()\fR and
-\&\fIEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p.
+\&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and
+\&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p.
 .PP
-\&\fIEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key
+\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key
 derivation may maximally use, given in bytes.
 If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the
 key derivation will fail.
 .SH "STRING CTRLS"
 .IX Header "STRING CTRLS"
 scrypt also supports string based control operations via
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3).
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3).
 Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR
 parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter.
 The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be
@@ -180,9 +184,9 @@ set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxme
 respectively.
 .SH "NOTES"
 .IX Header "NOTES"
-The scrypt \s-1KDF\s0 also uses \fIEVP_PKEY_CTX_set1_pbe_pass()\fR as well as
+The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as
 the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R".
-See \fIEVP_PKEY_CTX_set1_pbe_pass\fR\|(3).
+See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3).
 .PP
 All the functions described here are implemented as macros.
 .SH "RETURN VALUES"
@@ -193,10 +197,10 @@ In particular a return value of \-2 indicates the operation is not
 supported by the public key algorithm.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIscrypt\fR\|(7),
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBscrypt\fR\|(7),
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
index 1b08c52862622..1ef02e37986a3 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3"
-.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,22 +155,22 @@ EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_ad
 .IX Header "DESCRIPTION"
 The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for
 \&\s-1TLS.\s0 It has no associated private key and only implements key derivation
-using \fIEVP_PKEY_derive\fR\|(3).
+using \fBEVP_PKEY_derive\fR\|(3).
 .PP
-\&\fIEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the
-\&\s-1TLS PRF.\s0 \fIEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0
+\&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the
+\&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0
 algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1.
 .PP
-\&\fIEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0
+\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0
 to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced
 and any seed is reset.
 .PP
-\&\fIEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR.
+\&\fBEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR.
 If a seed is already set it is appended to the existing value.
 .SH "STRING CTRLS"
 .IX Header "STRING CTRLS"
 The \s-1TLS PRF\s0 also supports string based control operations using
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3).
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3).
 The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest
 algorithm to use.
 The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter
@@ -190,7 +194,7 @@ The total length of all seeds cannot exceed 1024 bytes in length: this should
 be more than enough for any normal use of the \s-1TLS PRF.\s0
 .PP
 The output length of the \s-1PRF\s0 is specified by the length parameter in the
-\&\fIEVP_PKEY_derive()\fR function. Since the output length is variable, setting
+\&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting
 the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0
 .PP
 Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0
@@ -223,9 +227,9 @@ and seed value \*(L"seed\*(R":
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
index 93e27d9732d8d..8e01573f79d79 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_ASN1_GET_COUNT 3"
-.TH EVP_PKEY_ASN1_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_ASN1_GET_COUNT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,49 +157,49 @@ EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_as
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIEVP_PKEY_asn1_count()\fR returns a count of the number of public key
+\&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key
 \&\s-1ASN.1\s0 methods available: it includes standard methods and any methods
 added by the application.
 .PP
-\&\fIEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR.
-The value of \fBidx\fR must be between zero and \fIEVP_PKEY_asn1_get_count()\fR
+\&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR.
+The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR
 \&\- 1.
 .PP
-\&\fIEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0
+\&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0
 \&\fBtype\fR.
 If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a
 \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead,
 and also set \fB*pe\fR to point at the engine that implements it.
 .PP
-\&\fIEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0
+\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0
 type string \fBstr\fR.
-Just like \fIEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will
+Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will
 look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0
 \&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the
 engine that implements it.
 .PP
-\&\fIEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key
+\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key
 \&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string
 associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR.
 .PP
-\&\fIEVP_PKEY_asn1_count()\fR, \fIEVP_PKEY_asn1_get0()\fR, \fIEVP_PKEY_asn1_find()\fR and
-\&\fIEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all
+\&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and
+\&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all
 \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets
-threaded, using them is safe.  See \fIEVP_PKEY_asn1_add0\fR\|(3).
+threaded, using them is safe.  See \fBEVP_PKEY_asn1_add0\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_asn1_count()\fR returns the number of available public key methods.
+\&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods.
 .PP
-\&\fIEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is
+\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is
 out of range.
 .PP
-\&\fIEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success.
+\&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_asn1_new\fR\|(3), \fIEVP_PKEY_asn1_add0\fR\|(3)
+\&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
index 44c4fc1ffa072..c5936fc323024 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CMP 3"
-.TH EVP_PKEY_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_CMP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,46 +153,46 @@ EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key
+The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key
 parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm
 doesn't use parameters.
 .PP
-The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key
+The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key
 \&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in
 \&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters
 in \fBfrom\fR and \fBto\fR are both present and match this function has no effect.
 .PP
-The function \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys
+The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys
 \&\fBa\fR and \fBb\fR.
 .PP
-The function \fIEVP_PKEY_cmp()\fR compares the public key components and parameters
+The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters
 (if present) of keys \fBa\fR and \fBb\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and
-\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the
+The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and
+\&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the
 parameters are sometimes omitted from a public key if they are inherited from
 the \s-1CA\s0 that signed it.
 .PP
 Since OpenSSL private keys contain public key components too the function
-\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches
+\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches
 a public key.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key
+The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key
 parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm
 doesn't use parameters.
 .PP
-These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for
+These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for
 failure.
 .PP
-The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the
+The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the
 keys match, 0 if they don't match, \-1 if the key types are different and
 \&\-2 if the operation is not supported.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_keygen\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_keygen\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
index 03a1e5c36dead..ae561b2887383 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_DECRYPT 3"
-.TH EVP_PKEY_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_DECRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,10 +152,10 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm
+The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm
 context using key \fBpkey\fR for a decryption operation.
 .PP
-The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation
+The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation
 using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and
 \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
 buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then
@@ -160,15 +164,15 @@ before the call the \fBoutlen\fR parameter should contain the length of the
 \&\fBout\fR and the amount of data written to \fBoutlen\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control
+After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control
 operations can be performed to set any appropriate parameters for the
 operation.
 .PP
-The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same
+The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same
 context if several operations are performed using the same parameters.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0
+\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0
 or a negative value for failure. In particular a return value of \-2
 indicates the operation is not supported by the public key algorithm.
 .SH "EXAMPLE"
@@ -213,15 +217,15 @@ Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys):
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_encrypt\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
index 58c0eb082c88e..4c666f6820f19 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_DERIVE 3"
-.TH EVP_PKEY_DERIVE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_DERIVE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,13 +151,13 @@ EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_derive_init()\fR function initializes a public key algorithm
+The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm
 context using key \fBpkey\fR for shared secret derivation.
 .PP
-The \fIEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally
+The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally
 be a public key.
 .PP
-The \fIEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR.
+The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR.
 If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to
 the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the
 \&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call
@@ -161,15 +165,15 @@ is successful the shared secret is written to \fBkey\fR and the amount of data
 written to \fBkeylen\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-After the call to \fIEVP_PKEY_derive_init()\fR algorithm specific control
+After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control
 operations can be performed to set any appropriate parameters for the
 operation.
 .PP
-The function \fIEVP_PKEY_derive()\fR can be called more than once on the same
+The function \fBEVP_PKEY_derive()\fR can be called more than once on the same
 context if several operations are performed using the same parameters.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 for success and 0
+\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0
 or a negative value for failure. In particular a return value of \-2
 indicates the operation is not supported by the public key algorithm.
 .SH "EXAMPLE"
@@ -211,15 +215,15 @@ Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys):
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_encrypt\fR\|(3),
-\&\fIEVP_PKEY_decrypt\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
index 08bdd09dfee56..0201d4f9700e5 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_ENCRYPT 3"
-.TH EVP_PKEY_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,10 +152,10 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm
+The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm
 context using key \fBpkey\fR for an encryption operation.
 .PP
-The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation
+The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation
 using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and
 \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
 buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then
@@ -160,21 +164,21 @@ before the call the \fBoutlen\fR parameter should contain the length of the
 \&\fBout\fR and the amount of data written to \fBoutlen\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control
+After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control
 operations can be performed to set any appropriate parameters for the
 operation.
 .PP
-The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same
+The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same
 context if several operations are performed using the same parameters.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0
+\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0
 or a negative value for failure. In particular a return value of \-2
 indicates the operation is not supported by the public key algorithm.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
-Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or
-\&\fId2i_X509\fR\|(3) for means to load a public key. You may also simply
+Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or
+\&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply
 set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation:
 .PP
 .Vb 3
@@ -216,17 +220,17 @@ set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementa
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIENGINE_by_id\fR\|(3),
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_decrypt\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBENGINE_by_id\fR\|(3),
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
index 0b55bb1d25a55..4f8a52dbcd4d8 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3"
-.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -144,7 +148,7 @@ EVP_PKEY_get_default_digest_nid \- get default signature digest
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default
+The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default
 message digest \s-1NID\s0 for the public key signature operations associated with key
 \&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use
 a digest during signing. In this case \fBpnid\fR will be set to NID_undef.
@@ -153,20 +157,20 @@ a digest during signing. In this case \fBpnid\fR will be set to NID_undef.
 For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The \fIEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest
+The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest
 is advisory (that is other digests can be used) and 2 if it is mandatory (other
 digests can not be used).  It returns 0 or a negative value for failure. In
 particular a return value of \-2 indicates the operation is not supported by the
 public key algorithm.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
 .SH "HISTORY"
 .IX Header "HISTORY"
-This function was first added to OpenSSL 1.0.0.
+This function was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
index 9eaf4acac95ed..43b88b9fd8e40 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_KEYGEN 3"
-.TH EVP_PKEY_KEYGEN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_KEYGEN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -162,52 +166,52 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm
+The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm
 context using key \fBpkey\fR for a key generation operation.
 .PP
-The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the
+The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the
 generated key is written to \fBppkey\fR.
 .PP
-The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar
+The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar
 except parameters are generated.
 .PP
-The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback
-to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter
+The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback
+to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter
 generation callback.
 .PP
-The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated
+The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated
 with the generation operation. If \fBidx\fR is \-1 the total number of
 parameters available is returned. Any non negative value returns the value of
-that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for
+that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for
 \&\fBidx\fR should only be called within the generation callback.
 .PP
 If the callback returns 0 then the key generation operation is aborted and an
 error occurs. This might occur during a time consuming operation where
 a user clicks on a \*(L"cancel\*(R" button.
 .PP
-The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set
+The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set
 and retrieve an opaque pointer. This can be used to set some application
 defined value which can be retrieved in the callback: for example a handle
 which is used to update a \*(L"progress dialog\*(R".
 .PP
-\&\fIEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries
+\&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries
 to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise
 it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR.
 .PP
-\&\fIEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR.
+\&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR.
 This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR
 if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR.
 .PP
-\&\fIEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR.
+\&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR.
 This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR
 if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm
+After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm
 specific control operations can be performed to set any appropriate parameters
 for the operation.
 .PP
-The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than
+The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than
 once on the same context if several operations are performed using the same
 parameters.
 .PP
@@ -226,12 +230,12 @@ equivalent to what some libraries call a \*(L"key pair\*(R". A private key can b
 in functions which require the use of a public key or parameters.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and
-\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure.
+\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and
+\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure.
 In particular a return value of \-2 indicates the operation is not supported by
 the public key algorithm.
 .PP
-\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR return 1
+\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1
 for success or others for failure. They return \-2 if the operation is not supported
 for the specific algorithm.
 .SH "EXAMPLES"
@@ -308,18 +312,18 @@ Example of generation callback for OpenSSL public key implementations:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_encrypt\fR\|(3),
-\&\fIEVP_PKEY_decrypt\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .PP
-\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR were added
+\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added
 in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
index 0c378ff5d29d0..fd2082c064271 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_METH_GET_COUNT 3"
-.TH EVP_PKEY_METH_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_METH_GET_COUNT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,26 +152,26 @@ EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerat
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIEVP_PKEY_meth_count()\fR returns a count of the number of public key methods
+\&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods
 available: it includes standard methods and any methods added by the
 application.
 .PP
-\&\fIEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR
-must be between zero and \fIEVP_PKEY_meth_get_count()\fR \- 1.
+\&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR
+must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1.
 .PP
-\&\fIEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags
+\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags
 associated with the public key method \fB*meth\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_meth_count()\fR returns the number of available public key methods.
+\&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods.
 .PP
-\&\fIEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is
+\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is
 out of range.
 .PP
-\&\fIEVP_PKEY_meth_get0_info()\fR does not return a value.
+\&\fBEVP_PKEY_meth_get0_info()\fR does not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_new\fR\|(3)
+\&\fBEVP_PKEY_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
index 4e9fe173b13f3..1570c5e8eef97 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_METH_NEW 3"
-.TH EVP_PKEY_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -336,7 +340,7 @@ verifying, encrypting or decrypting, etc.
 There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one
 is a built-in static array representing the standard methods for different
 algorithms, and the other one is a stack of user-defined application-specific
-methods, which can be manipulated by using \fIEVP_PKEY_meth_add0\fR\|(3).
+methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3).
 .PP
 The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR
 objects.
@@ -351,19 +355,19 @@ algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object.
 \& void (*cleanup) (EVP_PKEY_CTX *ctx);
 .Ve
 .PP
-The \fIinit()\fR method is called to initialize algorithm-specific data when a new
-\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fIinit()\fR, the \fIcleanup()\fR method is called
-when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fIcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR
-is being duplicated. Refer to \fIEVP_PKEY_CTX_new\fR\|(3), \fIEVP_PKEY_CTX_new_id\fR\|(3),
-\&\fIEVP_PKEY_CTX_free\fR\|(3) and \fIEVP_PKEY_CTX_dup\fR\|(3).
+The \fBinit()\fR method is called to initialize algorithm-specific data when a new
+\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called
+when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR
+is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3),
+\&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3).
 .PP
 .Vb 2
 \& int (*paramgen_init) (EVP_PKEY_CTX *ctx);
 \& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
 .Ve
 .PP
-The \fIparamgen_init()\fR and \fIparamgen()\fR methods deal with key parameter generation.
-They are called by \fIEVP_PKEY_paramgen_init\fR\|(3) and \fIEVP_PKEY_paramgen\fR\|(3) to
+The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation.
+They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to
 handle the parameter generation process.
 .PP
 .Vb 2
@@ -371,9 +375,9 @@ handle the parameter generation process.
 \& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
 .Ve
 .PP
-The \fIkeygen_init()\fR and \fIkeygen()\fR methods are used to generate the actual key for
-the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and
-\&\fIEVP_PKEY_keygen\fR\|(3).
+The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for
+the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and
+\&\fBEVP_PKEY_keygen\fR\|(3).
 .PP
 .Vb 3
 \& int (*sign_init) (EVP_PKEY_CTX *ctx);
@@ -381,9 +385,9 @@ the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and
 \&              const unsigned char *tbs, size_t tbslen);
 .Ve
 .PP
-The \fIsign_init()\fR and \fIsign()\fR methods are used to generate the signature of a
-piece of data using a private key. They are called by \fIEVP_PKEY_sign_init\fR\|(3)
-and \fIEVP_PKEY_sign\fR\|(3).
+The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a
+piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3)
+and \fBEVP_PKEY_sign\fR\|(3).
 .PP
 .Vb 4
 \& int (*verify_init) (EVP_PKEY_CTX *ctx);
@@ -392,8 +396,8 @@ and \fIEVP_PKEY_sign\fR\|(3).
 \&                const unsigned char *tbs, size_t tbslen);
 .Ve
 .PP
-The \fIverify_init()\fR and \fIverify()\fR methods are used to verify whether a signature is
-valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify\fR\|(3).
+The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is
+valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3).
 .PP
 .Vb 4
 \& int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
@@ -402,10 +406,10 @@ valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify
 \&                        const unsigned char *sig, size_t siglen);
 .Ve
 .PP
-The \fIverify_recover_init()\fR and \fIverify_recover()\fR methods are used to verify a
+The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a
 signature and then recover the digest from the signature (for instance, a
 signature that was generated by \s-1RSA\s0 signing algorithm). They are called by
-\&\fIEVP_PKEY_verify_recover_init\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3).
+\&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3).
 .PP
 .Vb 3
 \& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
@@ -413,9 +417,9 @@ signature that was generated by \s-1RSA\s0 signing algorithm). They are called b
 \&                 EVP_MD_CTX *mctx);
 .Ve
 .PP
-The \fIsignctx_init()\fR and \fIsignctx()\fR methods are used to sign a digest present by
+The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by
 a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See
-\&\fIEVP_DigestSignInit\fR\|(3) for detail.
+\&\fBEVP_DigestSignInit\fR\|(3) for detail.
 .PP
 .Vb 3
 \& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
@@ -423,9 +427,9 @@ a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign function
 \&                   EVP_MD_CTX *mctx);
 .Ve
 .PP
-The \fIverifyctx_init()\fR and \fIverifyctx()\fR methods are used to verify a signature
+The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature
 against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various
-EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for detail.
+EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for detail.
 .PP
 .Vb 3
 \& int (*encrypt_init) (EVP_PKEY_CTX *ctx);
@@ -433,8 +437,8 @@ EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for detail.
 \&                 const unsigned char *in, size_t inlen);
 .Ve
 .PP
-The \fIencrypt_init()\fR and \fIencrypt()\fR methods are used to encrypt a piece of data.
-They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\|(3).
+The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data.
+They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3).
 .PP
 .Vb 3
 \& int (*decrypt_init) (EVP_PKEY_CTX *ctx);
@@ -442,25 +446,25 @@ They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\|
 \&                 const unsigned char *in, size_t inlen);
 .Ve
 .PP
-The \fIdecrypt_init()\fR and \fIdecrypt()\fR methods are used to decrypt a piece of data.
-They are called by \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3).
+The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data.
+They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3).
 .PP
 .Vb 2
 \& int (*derive_init) (EVP_PKEY_CTX *ctx);
 \& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 .Ve
 .PP
-The \fIderive_init()\fR and \fIderive()\fR methods are used to derive the shared secret
+The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret
 from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by
-\&\fIEVP_PKEY_derive_init\fR\|(3) and \fIEVP_PKEY_derive\fR\|(3).
+\&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3).
 .PP
 .Vb 2
 \& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
 \& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
 .Ve
 .PP
-The \fIctrl()\fR and \fIctrl_str()\fR methods are used to adjust algorithm-specific
-settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail.
+The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific
+settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail.
 .PP
 .Vb 5
 \& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
@@ -470,9 +474,9 @@ settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for detail.
 \&                      size_t tbslen);
 .Ve
 .PP
-The \fIdigestsign()\fR and \fIdigestverify()\fR methods are used to generate or verify
-a signature in a one-shot mode. They could be called by \fIEVP_DigetSign\fR\|(3)
-and \fIEVP_DigestVerify\fR\|(3).
+The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify
+a signature in a one-shot mode. They could be called by \fBEVP_DigetSign\fR\|(3)
+and \fBEVP_DigestVerify\fR\|(3).
 .PP
 .Vb 3
 \& int (*check) (EVP_PKEY *pkey);
@@ -480,24 +484,24 @@ and \fIEVP_DigestVerify\fR\|(3).
 \& int (*param_check) (EVP_PKEY *pkey);
 .Ve
 .PP
-The \fIcheck()\fR, \fIpublic_check()\fR and \fIparam_check()\fR methods are used to validate a
+The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a
 key-pair, the public component and parameters respectively for a given \fBpkey\fR.
-They could be called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and
-\&\fIEVP_PKEY_param_check\fR\|(3) respectively.
+They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and
+\&\fBEVP_PKEY_param_check\fR\|(3) respectively.
 .PP
 .Vb 1
 \& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
 .Ve
 .PP
-The \fIdigest_custom()\fR method is used to generate customized digest content before
-the real message is passed to functions like \fIEVP_DigestSignUpdate\fR\|(3) or
-\&\fIEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key
+The \fBdigest_custom()\fR method is used to generate customized digest content before
+the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or
+\&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key
 signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to
-be signed. The \fIdigest_custom()\fR function will be called by \fIEVP_DigestSignInit\fR\|(3)
-and \fIEVP_DigestVerifyInit\fR\|(3).
+be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3)
+and \fBEVP_DigestVerifyInit\fR\|(3).
 .SS "Functions"
 .IX Subsection "Functions"
-\&\fIEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object,
+\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object,
 and associates the given \fBid\fR and \fBflags\fR. The following flags are
 supported:
 .PP
@@ -511,26 +515,26 @@ maximum size of the output buffer will be automatically calculated or checked
 in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of
 these methods don't need to care about handling the case of returning output
 buffer size by themselves. For details on the output buffer size, refer to
-\&\fIEVP_PKEY_sign\fR\|(3).
+\&\fBEVP_PKEY_sign\fR\|(3).
 .PP
-The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fIsignctx()\fR method
+The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method
 of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a
-digest signing operation by calling \fIEVP_DigestSignFinal\fR\|(3).
+digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3).
 .PP
-\&\fIEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by
+\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by
 \&\fBpmeth\fR.
 .PP
-\&\fIEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR
+\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR
 to \fBdst\fR.
 .PP
-\&\fIEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR.
+\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR.
 This function first searches through the user-defined method objects and
 then the built-in objects.
 .PP
-\&\fIEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods.
+\&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods.
 .PP
-\&\fIEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by
-\&\fIEVP_PKEY_meth_add0()\fR.
+\&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by
+\&\fBEVP_PKEY_meth_add0()\fR.
 .PP
 The EVP_PKEY_meth_set functions set the corresponding fields of
 \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed.
@@ -539,18 +543,18 @@ The EVP_PKEY_meth_get functions get the corresponding fields of
 \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR
+\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR
 object or returns \s-1NULL\s0 on error.
 .PP
-\&\fIEVP_PKEY_meth_free()\fR and \fIEVP_PKEY_meth_copy()\fR do not return values.
+\&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values.
 .PP
-\&\fIEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR
+\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR
 object or returns \s-1NULL\s0 if not found.
 .PP
-\&\fIEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0
+\&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0
 if an error occurred.
 .PP
-\&\fIEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or
+\&\fBEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or
 0 if an error occurred.
 .PP
 All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3
index 15c9d567aa481..a5050598a00a3 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_NEW 3"
-.TH EVP_PKEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,16 +165,16 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is
+The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is
 used by OpenSSL to store public and private keys. The reference count is set to
 \&\fB1\fR.
 .PP
-\&\fIEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR.
+\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR.
 .PP
-\&\fIEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference
+\&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference
 count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done.
 .PP
-\&\fIEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL
+\&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL
 then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The
 \&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0
 for a public key algorithm that supports raw private keys, i.e. one of
@@ -181,21 +185,21 @@ The length should be appropriate for the type of the key. The public key data
 will be automatically derived from the given private key data (if appropriate
 for the algorithm type).
 .PP
-\&\fIEVP_PKEY_new_raw_public_key()\fR works in the same way as
-\&\fIEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key
+\&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as
+\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key
 data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key
 information. Algorithm types that support raw public keys are
 \&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR.
 .PP
-\&\fIEVP_PKEY_new_CMAC_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR
+\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR
 except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the
 raw private key data, it also takes a cipher algorithm to be used during
 creation of a \s-1CMAC\s0 in the \fBcipher\fR argument.
 .PP
-\&\fIEVP_PKEY_new_mac_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR.
-New applications should use \fIEVP_PKEY_new_raw_private_key()\fR instead.
+\&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR.
+New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead.
 .PP
-\&\fIEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw
+\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw
 private key data. The number of bytes written is populated in \fB*len\fR. If the
 buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes
 required to hold the key. The calling application is responsible for ensuring
@@ -204,7 +208,7 @@ only works for algorithms that support raw private keys. Currently this is:
 \&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR,
 \&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR.
 .PP
-\&\fIEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw
+\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw
 public key data. The number of bytes written is populated in \fB*len\fR. If the
 buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes
 required to hold the key. The calling application is responsible for ensuring
@@ -216,30 +220,33 @@ only works for algorithms that support raw public  keys. Currently this is:
 The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a
 general private key without reference to any particular algorithm.
 .PP
-The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a private or public
+The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public
 key to this empty structure use the appropriate functions described in
-\&\fIEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or
+\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or
 EVP_PKEY_set1_EC_KEY.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_new()\fR, \fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR,
-\&\fIEVP_PKEY_new_CMAC_key()\fR and \fIEVP_PKEY_new_mac_key()\fR return either the newly
+\&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR,
+\&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly
 allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIEVP_PKEY_up_ref()\fR, \fIEVP_PKEY_get_raw_private_key()\fR and
-\&\fIEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure.
+\&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and
+\&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or
+\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or
 EVP_PKEY_set1_EC_KEY
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIEVP_PKEY_new()\fR and \fIEVP_PKEY_free()\fR exist in all versions of OpenSSL.
+The
+\&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL.
 .PP
-\&\fIEVP_PKEY_up_ref()\fR was first added to OpenSSL 1.1.0.
-\&\fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR,
-\&\fIEVP_PKEY_new_CMAC_key()\fR, \fIEVP_PKEY_new_raw_private_key()\fR and
-\&\fIEVP_PKEY_get_raw_public_key()\fR were first added to OpenSSL 1.1.1.
+The \fBEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0.
+.PP
+The
+\&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR,
+\&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and
+\&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
index a0c80534dbb45..43ebf4e5f8385 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_PRINT_PRIVATE 3"
-.TH EVP_PKEY_PRINT_PRIVATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_PRINT_PRIVATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,8 +154,8 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public k
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and
-\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components
+The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and
+\&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components
 of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable
 form. The parameter \fBindent\fR indicated how far the printout should be indented.
 .PP
@@ -164,7 +168,7 @@ Currently no public key algorithms include any options in the \fBpctx\fR paramet
 .PP
 If the key does not include all the components indicated by the function then
 only those contained in the key will be printed. For example passing a public
-key to \fIEVP_PKEY_print_private()\fR will only print the public components.
+key to \fBEVP_PKEY_print_private()\fR will only print the public components.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions all return 1 for success and 0 or a negative value for failure.
@@ -172,11 +176,11 @@ In particular a return value of \-2 indicates the operation is not supported by
 the public key algorithm.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_keygen\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_keygen\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
index 411d592a5364c..3276d3c408001 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_SET1_RSA 3"
-.TH EVP_PKEY_SET1_RSA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_SET1_RSA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -175,44 +179,44 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and
-\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR.
+\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and
+\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR.
 .PP
-\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and
-\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or
+\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and
+\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or
 \&\fB\s-1NULL\s0\fR if the key is not of the correct type.
 .PP
-\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_poly1305()\fR, \fIEVP_PKEY_get0_siphash()\fR,
-\&\fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR, \fIEVP_PKEY_get0_DH()\fR
-and \fIEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR
+\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR,
+\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR
+and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR
 if the key is not of the correct type but the reference count of the
 returned key is \fBnot\fR incremented and so must not be freed up after use.
 .PP
-\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR,
-\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR and
-\&\fIEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR
+\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR,
+\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and
+\&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR
 however these use the supplied \fBkey\fR internally and so \fBkey\fR
 will be freed when the parent \fBpkey\fR is freed.
 .PP
-\&\fIEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example
+\&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example
 an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR.
 .PP
-\&\fIEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys
+\&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys
 using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could
 use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to
 \&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of
 alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not
 often seen in practice.
 .PP
-\&\fIEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example
+\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example
 EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR.
 .PP
-\&\fIEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It
+\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It
 must be called after the key algorithm and components are set up.
 If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an
 error occurs.
 .PP
-\&\fIEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a
+\&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a
 different set of algorithms than the default. This is currently used
 to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0
 .SH "NOTES"
@@ -221,19 +225,19 @@ In accordance with the OpenSSL naming convention the key obtained
 from or assigned to the \fBpkey\fR using the \fB1\fR functions must be
 freed as well as \fBpkey\fR.
 .PP
-\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR,
-\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR
-and \fIEVP_PKEY_assign_SIPHASH()\fR are implemented as macros.
+\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR,
+\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR
+and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros.
 .PP
 Most applications wishing to know a key type will simply call
-\&\fIEVP_PKEY_base_id()\fR and will not care about the actual type:
+\&\fBEVP_PKEY_base_id()\fR and will not care about the actual type:
 which will be identical in almost all cases.
 .PP
 Previous versions of this document suggested using EVP_PKEY_type(pkey\->type)
 to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this
 is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).
 .PP
-\&\fIEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0
+\&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0
 key as part of its routine to load a private key.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
@@ -245,26 +249,26 @@ algorithms with EVP_PKEY_set_alias_type:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and
-\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure.
+\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and
+\&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure.
 .PP
-\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and
-\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if
+\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and
+\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if
 an error occurred.
 .PP
-\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR,
-\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR
-and \fIEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure.
+\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR,
+\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR
+and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure.
 .PP
-\&\fIEVP_PKEY_base_id()\fR, \fIEVP_PKEY_id()\fR and \fIEVP_PKEY_type()\fR return a key
+\&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key
 type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error.
 .PP
-\&\fIEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure.
+\&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure.
 .PP
-\&\fIEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error.
+\&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_new\fR\|(3)
+\&\fBEVP_PKEY_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
index bdc74d104dd8a..08df42d8ee536 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_SIGN 3"
-.TH EVP_PKEY_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,10 +152,10 @@ EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_sign_init()\fR function initializes a public key algorithm
+The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm
 context using key \fBpkey\fR for a signing operation.
 .PP
-The \fIEVP_PKEY_sign()\fR function performs a public key signing operation
+The \fBEVP_PKEY_sign()\fR function performs a public key signing operation
 using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and
 \&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
 buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then
@@ -160,20 +164,20 @@ before the call the \fBsiglen\fR parameter should contain the length of the
 \&\fBsig\fR and the amount of data written to \fBsiglen\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is
+\&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is
 normally used to sign digests. For signing arbitrary messages, see the
-\&\fIEVP_DigestSignInit\fR\|(3) and
-\&\fIEVP_SignInit\fR\|(3) signing interfaces instead.
+\&\fBEVP_DigestSignInit\fR\|(3) and
+\&\fBEVP_SignInit\fR\|(3) signing interfaces instead.
 .PP
-After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control
+After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control
 operations can be performed to set any appropriate parameters for the
-operation (see \fIEVP_PKEY_CTX_ctrl\fR\|(3)).
+operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)).
 .PP
-The function \fIEVP_PKEY_sign()\fR can be called more than once on the same
+The function \fBEVP_PKEY_sign()\fR can be called more than once on the same
 context if several operations are performed using the same parameters.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0
+\&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0
 or a negative value for failure. In particular a return value of \-2
 indicates the operation is not supported by the public key algorithm.
 .SH "EXAMPLE"
@@ -221,16 +225,16 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_CTX_ctrl\fR\|(3),
-\&\fIEVP_PKEY_encrypt\fR\|(3),
-\&\fIEVP_PKEY_decrypt\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_CTX_ctrl\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
index 88a2284e8b3fb..047cdba02c03d 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_VERIFY 3"
-.TH EVP_PKEY_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,26 +152,26 @@ EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public k
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_verify_init()\fR function initializes a public key algorithm
+The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm
 context using key \fBpkey\fR for a signature verification operation.
 .PP
-The \fIEVP_PKEY_verify()\fR function performs a public key verification operation
+The \fBEVP_PKEY_verify()\fR function performs a public key verification operation
 using \fBctx\fR. The signature is specified using the \fBsig\fR and
 \&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally
 signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters.
 .SH "NOTES"
 .IX Header "NOTES"
-After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control
+After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control
 operations can be performed to set any appropriate parameters for the
 operation.
 .PP
-The function \fIEVP_PKEY_verify()\fR can be called more than once on the same
+The function \fBEVP_PKEY_verify()\fR can be called more than once on the same
 context if several operations are performed using the same parameters.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was
+\&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was
 successful and 0 if it failed. Unlike other functions the return value 0 from
-\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not verify
+\&\fBEVP_PKEY_verify()\fR only indicates that the signature did not verify
 successfully (that is tbs did not match the original data or the signature was
 of invalid form) it is not an indication of a more serious error.
 .PP
@@ -211,15 +215,15 @@ Verify signature using PKCS#1 and \s-1SHA256\s0 digest:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_encrypt\fR\|(3),
-\&\fIEVP_PKEY_decrypt\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify_recover\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify_recover\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
index cd53ae3326373..dea4f31a27fed 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_VERIFY_RECOVER 3"
-.TH EVP_PKEY_VERIFY_RECOVER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_PKEY_VERIFY_RECOVER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,10 +152,10 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm
+The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm
 context using key \fBpkey\fR for a verify recover operation.
 .PP
-The \fIEVP_PKEY_verify_recover()\fR function recovers signed data
+The \fBEVP_PKEY_verify_recover()\fR function recovers signed data
 using \fBctx\fR. The signature is specified using the \fBsig\fR and
 \&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
 buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then
@@ -161,22 +165,22 @@ before the call the \fBroutlen\fR parameter should contain the length of the
 .SH "NOTES"
 .IX Header "NOTES"
 Normally an application is only interested in whether a signature verification
-operation is successful in those cases the \fIEVP_verify()\fR function should be
+operation is successful in those cases the \fBEVP_verify()\fR function should be
 used.
 .PP
 Sometimes however it is useful to obtain the data originally signed using a
 signing operation. Only certain public key algorithms can recover a signature
 in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode).
 .PP
-After the call to \fIEVP_PKEY_verify_recover_init()\fR algorithm specific control
+After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control
 operations can be performed to set any appropriate parameters for the
 operation.
 .PP
-The function \fIEVP_PKEY_verify_recover()\fR can be called more than once on the same
+The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same
 context if several operations are performed using the same parameters.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_PKEY_verify_recover_init()\fR and \fIEVP_PKEY_verify_recover()\fR return 1 for success
+\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success
 and 0 or a negative value for failure. In particular a return value of \-2
 indicates the operation is not supported by the public key algorithm.
 .SH "EXAMPLE"
@@ -222,15 +226,15 @@ Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_PKEY_CTX_new\fR\|(3),
-\&\fIEVP_PKEY_encrypt\fR\|(3),
-\&\fIEVP_PKEY_decrypt\fR\|(3),
-\&\fIEVP_PKEY_sign\fR\|(3),
-\&\fIEVP_PKEY_verify\fR\|(3),
-\&\fIEVP_PKEY_derive\fR\|(3)
+\&\fBEVP_PKEY_CTX_new\fR\|(3),
+\&\fBEVP_PKEY_encrypt\fR\|(3),
+\&\fBEVP_PKEY_decrypt\fR\|(3),
+\&\fBEVP_PKEY_sign\fR\|(3),
+\&\fBEVP_PKEY_verify\fR\|(3),
+\&\fBEVP_PKEY_derive\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3
index a836dbc9b648b..99531bd74e74b 100644
--- a/secure/lib/libcrypto/man/EVP_SealInit.3
+++ b/secure/lib/libcrypto/man/EVP_SealInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SEALINIT 3"
-.TH EVP_SEALINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SEALINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,9 +159,9 @@ encryption. They generate a random key and \s-1IV\s0 (if required) then
 \&\*(L"envelope\*(R" it by using public key encryption. Data can then be
 encrypted using this key.
 .PP
-\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
+\&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
 with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally
-supplied by a function such as \fIEVP_aes_256_cbc()\fR. The secret key is encrypted
+supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted
 using one or more public keys, this allows the same encrypted data to be
 decrypted using any of the corresponding private keys. \fBek\fR is an array of
 buffers where the public key encrypted secret key will be written, each buffer
@@ -173,20 +177,20 @@ example) EVP_CIPHER_iv_length(type).
 If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored
 and can be \fB\s-1NULL\s0\fR.
 .PP
-\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties
-as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as
-documented on the \fIEVP_EncryptInit\fR\|(3) manual
+\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties
+as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as
+documented on the \fBEVP_EncryptInit\fR\|(3) manual
 page.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful.
+\&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful.
 .PP
-\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for
+\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for
 failure.
 .SH "NOTES"
 .IX Header "NOTES"
 Because a random secret key is generated the random number generator
-must be seeded before calling \fIEVP_SealInit()\fR.
+must be seeded before calling \fBEVP_SealInit()\fR.
 .PP
 The public key must be \s-1RSA\s0 because it is the only OpenSSL public key
 algorithm that supports key transport.
@@ -197,15 +201,15 @@ but symmetric encryption is fast. So symmetric encryption is used for
 bulk encryption and the small random symmetric key used is transferred
 using public key encryption.
 .PP
-It is possible to call \fIEVP_SealInit()\fR twice in the same way as
-\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0
+It is possible to call \fBEVP_SealInit()\fR twice in the same way as
+\&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0
 and (after setting any cipher parameters) it should be called again
 with \fBtype\fR set to \s-1NULL.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_OpenInit\fR\|(3)
+\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_OpenInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3
index 1d7dff0770a2a..ef1e5f04cebe1 100644
--- a/secure/lib/libcrypto/man/EVP_SignInit.3
+++ b/secure/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SIGNINIT 3"
-.TH EVP_SIGNINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SIGNINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ EVP_PKEY_size, EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, EVP
 \&
 \& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 \&
-\& int EVP_PKEY_size(EVP_PKEY *pkey);
+\& int EVP_PKEY_size(const EVP_PKEY *pkey);
 \& int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
 .Ve
 .SH "DESCRIPTION"
@@ -155,39 +159,39 @@ EVP_PKEY_size, EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, EVP
 The \s-1EVP\s0 signature routines are a high level interface to digital
 signatures.
 .PP
-\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest
+\&\fBEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest
 \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created with
-\&\fIEVP_MD_CTX_new()\fR before calling this function.
+\&\fBEVP_MD_CTX_new()\fR before calling this function.
 .PP
-\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+\&\fBEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
 signature context \fBctx\fR. This function can be called several times on the
 same \fBctx\fR to include additional data.
 .PP
-\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and
+\&\fBEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and
 places the signature in \fBsig\fR. \fBsig\fR must be at least EVP_PKEY_size(pkey)
 bytes in size. \fBs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter.
 The number of bytes of data written (i.e. the length of the signature)
 will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes
 will be written.
 .PP
-\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default
+\&\fBEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default
 implementation of digest \fBtype\fR.
 .PP
-\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual
-signature returned by \fIEVP_SignFinal()\fR may be smaller.
+\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual
+signature returned by \fBEVP_SignFinal()\fR may be smaller.
 .PP
-\&\fIEVP_PKEY_security_bits()\fR returns the number of security bits of the given \fBpkey\fR,
+\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given \fBpkey\fR,
 bits of security is defined in \s-1NIST SP800\-57.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1
+\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1
 for success and 0 for failure.
 .PP
-\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes.
+\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .PP
-\&\fIEVP_PKEY_security_bits()\fR returns the number of security bits.
+\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits.
 .SH "NOTES"
 .IX Header "NOTES"
 The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
@@ -198,33 +202,33 @@ When signing with \s-1DSA\s0 private keys the random number generator must be se
 or the operation will fail. The random number generator does not need to be
 seeded for \s-1RSA\s0 signatures.
 .PP
-The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context.
-This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called
+The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context.
+This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called
 later to digest and sign additional data.
 .PP
 Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak
+be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak
 will occur.
 .SH "BUGS"
 .IX Header "BUGS"
 Older versions of this documentation wrongly stated that calls to
-\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR.
+\&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR.
 .PP
-Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error
+Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error
 relating to the private key (for example an unsuitable key and digest
 combination) will not be indicated until after potentially large amounts of
-data have been passed through \fIEVP_SignUpdate()\fR.
+data have been passed through \fBEVP_SignUpdate()\fR.
 .PP
 It is not possible to change the signing parameters using these function.
 .PP
 The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_VerifyInit\fR\|(3),
-\&\fIEVP_DigestInit\fR\|(3),
-\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3),
-\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3),
-\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1)
+\&\fBEVP_VerifyInit\fR\|(3),
+\&\fBEVP_DigestInit\fR\|(3),
+\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3),
+\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3),
+\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3
index 4b45b0cf21e29..eef0a83fa713a 100644
--- a/secure/lib/libcrypto/man/EVP_VerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_VERIFYINIT 3"
-.TH EVP_VERIFYINIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_VERIFYINIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,62 +157,62 @@ EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP si
 The \s-1EVP\s0 signature verification routines are a high level interface to digital
 signatures.
 .PP
-\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest
+\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest
 \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling
-\&\fIEVP_MD_CTX_new()\fR before calling this function.
+\&\fBEVP_MD_CTX_new()\fR before calling this function.
 .PP
-\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
 verification context \fBctx\fR. This function can be called several times on the
 same \fBctx\fR to include additional data.
 .PP
-\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR
+\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR
 and against the \fBsiglen\fR bytes at \fBsigbuf\fR.
 .PP
-\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default
+\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default
 implementation of digest \fBtype\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for
+\&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for
 failure.
 .PP
-\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some
+\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some
 other error occurred.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 .PP
-The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context.
-This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called
+The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context.
+This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called
 later to digest and verify additional data.
 .PP
 Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak
+be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak
 will occur.
 .SH "BUGS"
 .IX Header "BUGS"
 Older versions of this documentation wrongly stated that calls to
-\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR.
+\&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR.
 .PP
-Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error
+Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error
 relating to the private key (for example an unsuitable key and digest
 combination) will not be indicated until after potentially large amounts of
-data have been passed through \fIEVP_SignUpdate()\fR.
+data have been passed through \fBEVP_SignUpdate()\fR.
 .PP
 It is not possible to change the signing parameters using these function.
 .PP
 The previous two bugs are fixed in the newer EVP_VerifyDigest*() function.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_SignInit\fR\|(3),
-\&\fIEVP_DigestInit\fR\|(3),
-\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3),
-\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3),
-\&\s-1\fISHA1\s0\fR\|(3), \fIdgst\fR\|(1)
+\&\fBevp\fR\|(7),
+\&\fBEVP_SignInit\fR\|(3),
+\&\fBEVP_DigestInit\fR\|(3),
+\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3),
+\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3),
+\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_aes.3 b/secure/lib/libcrypto/man/EVP_aes.3
index c8edbb5b0ead2..8d968608812d6 100644
--- a/secure/lib/libcrypto/man/EVP_aes.3
+++ b/secure/lib/libcrypto/man/EVP_aes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_AES 3"
-.TH EVP_AES 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_AES 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,11 +153,11 @@ functions, such as \fIEVP_aes_128_cbc\fR.
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0
-.IP "\fIEVP_aes_128_cbc()\fR, \fIEVP_aes_192_cbc()\fR, \fIEVP_aes_256_cbc()\fR, \fIEVP_aes_128_cfb()\fR, \fIEVP_aes_192_cfb()\fR, \fIEVP_aes_256_cfb()\fR, \fIEVP_aes_128_cfb1()\fR, \fIEVP_aes_192_cfb1()\fR, \fIEVP_aes_256_cfb1()\fR, \fIEVP_aes_128_cfb8()\fR, \fIEVP_aes_192_cfb8()\fR, \fIEVP_aes_256_cfb8()\fR, \fIEVP_aes_128_cfb128()\fR, \fIEVP_aes_192_cfb128()\fR, \fIEVP_aes_256_cfb128()\fR, \fIEVP_aes_128_ctr()\fR, \fIEVP_aes_192_ctr()\fR, \fIEVP_aes_256_ctr()\fR, \fIEVP_aes_128_ecb()\fR, \fIEVP_aes_192_ecb()\fR, \fIEVP_aes_256_ecb()\fR, \fIEVP_aes_128_ofb()\fR, \fIEVP_aes_192_ofb()\fR, \fIEVP_aes_256_ofb()\fR" 4
+.IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4
 .IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()"
 \&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit
 shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0
-.IP "\fIEVP_aes_128_cbc_hmac_sha1()\fR, \fIEVP_aes_256_cbc_hmac_sha1()\fR" 4
+.IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4
 .IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()"
 Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of
 128 and 256 bits length respectively. The authentication tag is 160 bits long.
@@ -161,7 +165,7 @@ Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0
 \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of
 some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0
 interface.
-.IP "\fIEVP_aes_128_cbc_hmac_sha256()\fR, \fIEVP_aes_256_cbc_hmac_sha256()\fR" 4
+.IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4
 .IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()"
 Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as
 \&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag
@@ -170,17 +174,17 @@ is 256 bits long.
 \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of
 some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0
 interface.
-.IP "\fIEVP_aes_128_ccm()\fR, \fIEVP_aes_192_ccm()\fR, \fIEVP_aes_256_ccm()\fR, \fIEVP_aes_128_gcm()\fR, \fIEVP_aes_192_gcm()\fR, \fIEVP_aes_256_gcm()\fR, \fIEVP_aes_128_ocb()\fR, \fIEVP_aes_192_ocb()\fR, \fIEVP_aes_256_ocb()\fR" 4
+.IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4
 .IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()"
 \&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode
 (\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control
-operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3)
+operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3)
 section for details.
-.IP "\fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_128_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_192_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_256_wrap_pad()\fR" 4
+.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4
 .IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()"
 \&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section
 2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively.
-.IP "\fIEVP_aes_128_xts()\fR, \fIEVP_aes_256_xts()\fR" 4
+.IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4
 .IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()"
 \&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST
 SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing)
@@ -195,13 +199,13 @@ of a 512\-bit key to achieve \s-1AES\s0 256\-bit security.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_aria.3 b/secure/lib/libcrypto/man/EVP_aria.3
index e94c02d3c5c0f..1ed332aa4177b 100644
--- a/secure/lib/libcrypto/man/EVP_aria.3
+++ b/secure/lib/libcrypto/man/EVP_aria.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_ARIA 3"
-.TH EVP_ARIA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_ARIA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,25 +153,25 @@ functions, such as \fIEVP_aria_128_cbc\fR.
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0
-.IP "\fIEVP_aria_128_cbc()\fR, \fIEVP_aria_192_cbc()\fR, \fIEVP_aria_256_cbc()\fR, \fIEVP_aria_128_cfb()\fR, \fIEVP_aria_192_cfb()\fR, \fIEVP_aria_256_cfb()\fR, \fIEVP_aria_128_cfb1()\fR, \fIEVP_aria_192_cfb1()\fR, \fIEVP_aria_256_cfb1()\fR, \fIEVP_aria_128_cfb8()\fR, \fIEVP_aria_192_cfb8()\fR, \fIEVP_aria_256_cfb8()\fR, \fIEVP_aria_128_cfb128()\fR, \fIEVP_aria_192_cfb128()\fR, \fIEVP_aria_256_cfb128()\fR, \fIEVP_aria_128_ctr()\fR, \fIEVP_aria_192_ctr()\fR, \fIEVP_aria_256_ctr()\fR, \fIEVP_aria_128_ecb()\fR, \fIEVP_aria_192_ecb()\fR, \fIEVP_aria_256_ecb()\fR, \fIEVP_aria_128_ofb()\fR, \fIEVP_aria_192_ofb()\fR, \fIEVP_aria_256_ofb()\fR" 4
+.IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4
 .IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()"
 \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with
 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0
-.IP "\fIEVP_aria_128_ccm()\fR, \fIEVP_aria_192_ccm()\fR, \fIEVP_aria_256_ccm()\fR, \fIEVP_aria_128_gcm()\fR, \fIEVP_aria_192_gcm()\fR, \fIEVP_aria_256_gcm()\fR," 4
+.IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4
 .IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm(),"
 \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter
 Mode (\s-1GCM\s0). These ciphers require additional control operations to function
-correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for details.
+correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_bf_cbc.3 b/secure/lib/libcrypto/man/EVP_bf_cbc.3
index bdd02a6d04c97..b823e87b401a4 100644
--- a/secure/lib/libcrypto/man/EVP_bf_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_bf_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_BF_CBC 3"
-.TH EVP_BF_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_BF_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,19 +156,19 @@ EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish c
 The Blowfish encryption algorithm for \s-1EVP.\s0
 .PP
 This is a variable key length cipher.
-.IP "\fIEVP_bf_cbc()\fR, \fIEVP_bf_cfb()\fR, \fIEVP_bf_cfb64()\fR, \fIEVP_bf_ecb()\fR, \fIEVP_bf_ofb()\fR" 4
+.IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4
 .IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()"
 Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_blake2b512.3 b/secure/lib/libcrypto/man/EVP_blake2b512.3
index ebe656dc5fc49..631e45e608ce2 100644
--- a/secure/lib/libcrypto/man/EVP_blake2b512.3
+++ b/secure/lib/libcrypto/man/EVP_blake2b512.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_BLAKE2B512 3"
-.TH EVP_BLAKE2B512 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_BLAKE2B512 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,16 +153,16 @@ EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP
 \&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0
 algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in
 \&\s-1RFC 7693.\s0
-.IP "\fIEVP_blake2s256()\fR" 4
+.IP "\fBEVP_blake2s256()\fR" 4
 .IX Item "EVP_blake2s256()"
 The BLAKE2s algorithm that produces a 256\-bit output from a given input.
-.IP "\fIEVP_blake2b512()\fR" 4
+.IP "\fBEVP_blake2b512()\fR" 4
 .IX Item "EVP_blake2b512()"
 The BLAKE2b algorithm that produces a 512\-bit output from a given input.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
@@ -170,8 +174,8 @@ this implementation outputs a digest of a fixed length (the maximum length
 supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_camellia.3 b/secure/lib/libcrypto/man/EVP_camellia.3
index 42c383f8060ec..36f44fa036149 100644
--- a/secure/lib/libcrypto/man/EVP_camellia.3
+++ b/secure/lib/libcrypto/man/EVP_camellia.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_CAMELLIA 3"
-.TH EVP_CAMELLIA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_CAMELLIA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,20 +153,20 @@ functions, such as \fIEVP_camellia_128_cbc\fR.
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The Camellia encryption algorithm for \s-1EVP.\s0
-.IP "\fIEVP_camellia_128_cbc()\fR, \fIEVP_camellia_192_cbc()\fR, \fIEVP_camellia_256_cbc()\fR, \fIEVP_camellia_128_cfb()\fR, \fIEVP_camellia_192_cfb()\fR, \fIEVP_camellia_256_cfb()\fR, \fIEVP_camellia_128_cfb1()\fR, \fIEVP_camellia_192_cfb1()\fR, \fIEVP_camellia_256_cfb1()\fR, \fIEVP_camellia_128_cfb8()\fR, \fIEVP_camellia_192_cfb8()\fR, \fIEVP_camellia_256_cfb8()\fR, \fIEVP_camellia_128_cfb128()\fR, \fIEVP_camellia_192_cfb128()\fR, \fIEVP_camellia_256_cfb128()\fR, \fIEVP_camellia_128_ctr()\fR, \fIEVP_camellia_192_ctr()\fR, \fIEVP_camellia_256_ctr()\fR, \fIEVP_camellia_128_ecb()\fR, \fIEVP_camellia_192_ecb()\fR, \fIEVP_camellia_256_ecb()\fR, \fIEVP_camellia_128_ofb()\fR, \fIEVP_camellia_192_ofb()\fR, \fIEVP_camellia_256_ofb()\fR" 4
+.IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4
 .IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()"
 Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with
 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_cast5_cbc.3 b/secure/lib/libcrypto/man/EVP_cast5_cbc.3
index e4f45eb9411d4..3e5005cccda8a 100644
--- a/secure/lib/libcrypto/man/EVP_cast5_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_cast5_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_CAST5_CBC 3"
-.TH EVP_CAST5_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_CAST5_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,19 +156,19 @@ EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\-
 The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0
 .PP
 This is a variable key length cipher.
-.IP "\fIEVP_cast5_cbc()\fR, \fIEVP_cast5_ecb()\fR, \fIEVP_cast5_cfb()\fR, \fIEVP_cast5_cfb64()\fR, \fIEVP_cast5_ofb()\fR" 4
+.IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4
 .IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()"
 \&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_chacha20.3 b/secure/lib/libcrypto/man/EVP_chacha20.3
index 0aecec394ccac..6694e4eee2e53 100644
--- a/secure/lib/libcrypto/man/EVP_chacha20.3
+++ b/secure/lib/libcrypto/man/EVP_chacha20.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_CHACHA20 3"
-.TH EVP_CHACHA20 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_CHACHA20 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,25 +151,25 @@ EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The ChaCha20 stream cipher for \s-1EVP.\s0
-.IP "\fIEVP_chacha20()\fR" 4
+.IP "\fBEVP_chacha20()\fR" 4
 .IX Item "EVP_chacha20()"
 The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 96 bits long.
-.IP "\fIEVP_chacha20_poly1305()\fR" 4
+.IP "\fBEVP_chacha20_poly1305()\fR" 4
 .IX Item "EVP_chacha20_poly1305()"
-Authenticated encryption with ChaCha20\-Poly1305. Like \fIEVP_chacha20()\fR, the key
+Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key
 is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data
 (\s-1AAD\s0) and produces a 128\-bit authentication tag. See the
-\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for more information.
+\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_des.3 b/secure/lib/libcrypto/man/EVP_des.3
index 54319776111ec..c71f520665406 100644
--- a/secure/lib/libcrypto/man/EVP_des.3
+++ b/secure/lib/libcrypto/man/EVP_des.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_DES 3"
-.TH EVP_DES 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_DES 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,30 +153,30 @@ functions, such as \fIEVP_des_cbc\fR.
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0
-.IP "\fIEVP_des_cbc()\fR, \fIEVP_des_ecb()\fR, \fIEVP_des_cfb()\fR, \fIEVP_des_cfb1()\fR, \fIEVP_des_cfb8()\fR, \fIEVP_des_cfb64()\fR, \fIEVP_des_ofb()\fR" 4
+.IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4
 .IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()"
 \&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit
 shift and \s-1OFB\s0 modes.
-.IP "\fIEVP_des_ede()\fR, \fIEVP_des_ede_cbc()\fR, \fIEVP_des_ede_cfb()\fR, \fIEVP_des_ede_cfb64()\fR, \fIEVP_des_ede_ecb()\fR, \fIEVP_des_ede_ofb()\fR" 4
+.IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4
 .IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()"
 Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes.
-.IP "\fIEVP_des_ede3()\fR, \fIEVP_des_ede3_cbc()\fR, \fIEVP_des_ede3_cfb()\fR, \fIEVP_des_ede3_cfb1()\fR, \fIEVP_des_ede3_cfb8()\fR, \fIEVP_des_ede3_cfb64()\fR, \fIEVP_des_ede3_ecb()\fR, \fIEVP_des_ede3_ofb()\fR" 4
+.IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4
 .IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()"
 Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift,
 \&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes.
-.IP "\fIEVP_des_ede3_wrap()\fR" 4
+.IP "\fBEVP_des_ede3_wrap()\fR" 4
 .IX Item "EVP_des_ede3_wrap()"
 Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_desx_cbc.3 b/secure/lib/libcrypto/man/EVP_desx_cbc.3
index 27705c77bb0ef..66ece0a828591 100644
--- a/secure/lib/libcrypto/man/EVP_desx_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_desx_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_DESX_CBC 3"
-.TH EVP_DESX_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_DESX_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,19 +152,19 @@ EVP_desx_cbc \&\- EVP DES\-X cipher
 The DES-X encryption algorithm for \s-1EVP.\s0
 .PP
 All modes below use a key length of 128 bits and acts on blocks of 128\-bits.
-.IP "\fIEVP_desx_cbc()\fR" 4
+.IP "\fBEVP_desx_cbc()\fR" 4
 .IX Item "EVP_desx_cbc()"
 The DES-X algorithm in \s-1CBC\s0 mode.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_idea_cbc.3 b/secure/lib/libcrypto/man/EVP_idea_cbc.3
index 89baa25db8b7c..28b831542c4fe 100644
--- a/secure/lib/libcrypto/man/EVP_idea_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_idea_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_IDEA_CBC 3"
-.TH EVP_IDEA_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_IDEA_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,19 +154,19 @@ EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0
-.IP "\fIEVP_idea_cbc()\fR, \fIEVP_idea_cfb()\fR, \fIEVP_idea_cfb64()\fR, \fIEVP_idea_ecb()\fR, \fIEVP_idea_ofb()\fR" 4
+.IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4
 .IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()"
 The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_md2.3 b/secure/lib/libcrypto/man/EVP_md2.3
index 320a29ab19b54..209f81f6deb47 100644
--- a/secure/lib/libcrypto/man/EVP_md2.3
+++ b/secure/lib/libcrypto/man/EVP_md2.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_MD2 3"
-.TH EVP_MD2 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_MD2 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,21 +151,21 @@ EVP_md2 \&\- MD2 For EVP
 .IX Header "DESCRIPTION"
 \&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by
 Ronald Rivest.
-.IP "\fIEVP_md2()\fR" 4
+.IP "\fBEVP_md2()\fR" 4
 .IX Item "EVP_md2()"
 The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1IETF RFC 1319.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_md4.3 b/secure/lib/libcrypto/man/EVP_md4.3
index b6d3bc78de7cd..e4fc9798d24c9 100644
--- a/secure/lib/libcrypto/man/EVP_md4.3
+++ b/secure/lib/libcrypto/man/EVP_md4.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_MD4 3"
-.TH EVP_MD4 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_MD4 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,21 +151,21 @@ EVP_md4 \&\- MD4 For EVP
 .IX Header "DESCRIPTION"
 \&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by
 Ronald Rivest, first published in 1990.
-.IP "\fIEVP_md4()\fR" 4
+.IP "\fBEVP_md4()\fR" 4
 .IX Item "EVP_md4()"
 The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1IETF RFC 1320.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_md5.3 b/secure/lib/libcrypto/man/EVP_md5.3
index 0286bf4f67aa7..25712040d976d 100644
--- a/secure/lib/libcrypto/man/EVP_md5.3
+++ b/secure/lib/libcrypto/man/EVP_md5.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_MD5 3"
-.TH EVP_MD5 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_MD5 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,10 +155,10 @@ Ronald Rivest.
 .PP
 The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further
 use since its security has been severely compromised.
-.IP "\fIEVP_md5()\fR" 4
+.IP "\fBEVP_md5()\fR" 4
 .IX Item "EVP_md5()"
 The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input.
-.IP "\fIEVP_md5_sha1()\fR" 4
+.IP "\fBEVP_md5_sha1()\fR" 4
 .IX Item "EVP_md5_sha1()"
 A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as decirbed in \s-1RFC
 6101.\s0
@@ -163,15 +167,15 @@ A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1IETF RFC 1321.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_mdc2.3 b/secure/lib/libcrypto/man/EVP_mdc2.3
index b4b30330b827a..68575aeaf2766 100644
--- a/secure/lib/libcrypto/man/EVP_mdc2.3
+++ b/secure/lib/libcrypto/man/EVP_mdc2.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_MDC2 3"
-.TH EVP_MDC2 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_MDC2 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,22 +151,22 @@ EVP_mdc2 \&\- MDC\-2 For EVP
 .IX Header "DESCRIPTION"
 \&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic
 hash function based on a block cipher.
-.IP "\fIEVP_mdc2()\fR" 4
+.IP "\fBEVP_mdc2()\fR" 4
 .IX Item "EVP_mdc2()"
 The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a
 128\-bit output from a given input.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_rc2_cbc.3 b/secure/lib/libcrypto/man/EVP_rc2_cbc.3
index 53bb1c88f100a..9b6e18ca4f3f9 100644
--- a/secure/lib/libcrypto/man/EVP_rc2_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_rc2_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_RC2_CBC 3"
-.TH EVP_RC2_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_RC2_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,29 +156,29 @@ EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cb
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0
-.IP "\fIEVP_rc2_cbc()\fR, \fIEVP_rc2_cfb()\fR, \fIEVP_rc2_cfb64()\fR, \fIEVP_rc2_ecb()\fR, \fIEVP_rc2_ofb()\fR" 4
+.IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4
 .IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()"
 \&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a
 variable key length cipher with an additional parameter called \*(L"effective key
 bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits.
-.IP "\fIEVP_rc2_40_cbc()\fR, \fIEVP_rc2_64_cbc()\fR" 4
+.IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4
 .IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()"
 \&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of
 40 and 64 bits.
 .Sp
 \&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the
-\&\fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and \fIEVP_CIPHER_CTX_ctrl()\fR
+\&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR
 functions to set the key length and effective key length.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_rc4.3 b/secure/lib/libcrypto/man/EVP_rc4.3
index 3d5e6abfef0fb..2eb748f5ff044 100644
--- a/secure/lib/libcrypto/man/EVP_rc4.3
+++ b/secure/lib/libcrypto/man/EVP_rc4.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_RC4 3"
-.TH EVP_RC4 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_RC4 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,17 +152,17 @@ EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \s-1RC4\s0 stream cipher for \s-1EVP.\s0
-.IP "\fIEVP_rc4()\fR" 4
+.IP "\fBEVP_rc4()\fR" 4
 .IX Item "EVP_rc4()"
 \&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key
 length of 128 bits.
-.IP "\fIEVP_rc4_40()\fR" 4
+.IP "\fBEVP_rc4_40()\fR" 4
 .IX Item "EVP_rc4_40()"
 \&\s-1RC4\s0 stream cipher with 40 bit key length.
 .Sp
 \&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the
-\&\fIEVP_rc4()\fR and the \fIEVP_CIPHER_CTX_set_key_length()\fR functions.
-.IP "\fIEVP_rc4_hmac_md5()\fR" 4
+\&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions.
+.IP "\fBEVP_rc4_hmac_md5()\fR" 4
 .IX Item "EVP_rc4_hmac_md5()"
 Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0
 .Sp
@@ -168,13 +172,13 @@ interface.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 b/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
index cff0263820587..e0628ae0ca10c 100644
--- a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_RC5_32_12_16_CBC 3"
-.TH EVP_RC5_32_12_16_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_RC5_32_12_16_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,7 +154,7 @@ EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_1
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0
-.IP "\fIEVP_rc5_32_12_16_cbc()\fR, \fIEVP_rc5_32_12_16_cfb()\fR, \fIEVP_rc5_32_12_16_cfb64()\fR, \fIEVP_rc5_32_12_16_ecb()\fR, \fIEVP_rc5_32_12_16_ofb()\fR" 4
+.IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4
 .IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()"
 \&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a
 variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By
@@ -158,7 +162,7 @@ default the key length is set to 128 bits and 12 rounds.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "BUGS"
 .IX Header "BUGS"
@@ -166,9 +170,9 @@ Currently the number of rounds in \s-1RC5\s0 can only be set to 8, 12 or 16.
 This is a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_ripemd160.3 b/secure/lib/libcrypto/man/EVP_ripemd160.3
index 62a7288df44b8..92fcc317e05af 100644
--- a/secure/lib/libcrypto/man/EVP_ripemd160.3
+++ b/secure/lib/libcrypto/man/EVP_ripemd160.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_RIPEMD160 3"
-.TH EVP_RIPEMD160 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_RIPEMD160 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,21 +151,21 @@ EVP_ripemd160 \&\- RIPEMD160 For EVP
 .IX Header "DESCRIPTION"
 \&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging
 to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest).
-.IP "\fIEVP_ripemd160()\fR" 4
+.IP "\fBEVP_ripemd160()\fR" 4
 .IX Item "EVP_ripemd160()"
 The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_seed_cbc.3 b/secure/lib/libcrypto/man/EVP_seed_cbc.3
index 17c3178bf7a0f..79776ee2b23aa 100644
--- a/secure/lib/libcrypto/man/EVP_seed_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_seed_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SEED_CBC 3"
-.TH EVP_SEED_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SEED_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,19 +156,19 @@ EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP
 The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0
 .PP
 All modes below use a key length of 128 bits and acts on blocks of 128\-bits.
-.IP "\fIEVP_seed_cbc()\fR, \fIEVP_seed_cfb()\fR, \fIEVP_seed_cfb128()\fR, \fIEVP_seed_ecb()\fR, \fIEVP_seed_ofb()\fR" 4
+.IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4
 .IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()"
 The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_sha1.3 b/secure/lib/libcrypto/man/EVP_sha1.3
index 5f5ad182be679..cff8f467c50cf 100644
--- a/secure/lib/libcrypto/man/EVP_sha1.3
+++ b/secure/lib/libcrypto/man/EVP_sha1.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SHA1 3"
-.TH EVP_SHA1 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SHA1 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,21 +152,21 @@ EVP_sha1 \&\- SHA\-1 For EVP
 \&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized
 in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National
 Security Agency and initially published in 1995.
-.IP "\fIEVP_sha1()\fR" 4
+.IP "\fBEVP_sha1()\fR" 4
 .IX Item "EVP_sha1()"
 The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1NIST FIPS 180\-4.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_sha224.3 b/secure/lib/libcrypto/man/EVP_sha224.3
index be2d5054189b6..c27a68833e41b 100644
--- a/secure/lib/libcrypto/man/EVP_sha224.3
+++ b/secure/lib/libcrypto/man/EVP_sha224.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SHA224 3"
-.TH EVP_SHA224 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SHA224 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,7 +156,7 @@ EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \
 .IX Header "DESCRIPTION"
 \&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions
 standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001.
-.IP "\fIEVP_sha224()\fR, \fIEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fIEVP_sha384()\fR, \fIEVP_sha512()\fR" 4
+.IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4
 .IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()"
 The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0
 algorithms, which generate 224, 256, 224, 256, 384 and 512 bits
@@ -164,15 +168,15 @@ their outputs are of the same size.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1NIST FIPS 180\-4.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_sha3_224.3 b/secure/lib/libcrypto/man/EVP_sha3_224.3
index faaaed878a555..b6f915a7f8846 100644
--- a/secure/lib/libcrypto/man/EVP_sha3_224.3
+++ b/secure/lib/libcrypto/man/EVP_sha3_224.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SHA3_224 3"
-.TH EVP_SHA3_224 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SHA3_224 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,12 +158,12 @@ EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake2
 \&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions
 standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the
 Keccak algorithm.
-.IP "\fIEVP_sha3_224()\fR, \fIEVP_sha3_256()\fR, \fIEVP_sha3_384()\fR, \fIEVP_sha3_512()\fR" 4
+.IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4
 .IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()"
 The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms
 respectively. They produce 224, 256, 384 and 512 bits of output from a given
 input.
-.IP "\fIEVP_shake128()\fR, \fIEVP_shake256()\fR" 4
+.IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4
 .IX Item "EVP_shake128(), EVP_shake256()"
 The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate
 a variable hash length.
@@ -169,15 +173,15 @@ Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1NIST FIPS 202.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_sm3.3 b/secure/lib/libcrypto/man/EVP_sm3.3
index b847a97d53215..6fdfebcf05c20 100644
--- a/secure/lib/libcrypto/man/EVP_sm3.3
+++ b/secure/lib/libcrypto/man/EVP_sm3.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SM3 3"
-.TH EVP_SM3 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SM3 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,21 +151,21 @@ EVP_sm3 \&\- SM3 for EVP
 .IX Header "DESCRIPTION"
 \&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T
 32905\-2016.\s0
-.IP "\fIEVP_sm3()\fR" 4
+.IP "\fBEVP_sm3()\fR" 4
 .IX Item "EVP_sm3()"
 The \s-1SM3\s0 hash function.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_sm4_cbc.3 b/secure/lib/libcrypto/man/EVP_sm4_cbc.3
index da3e22b91cd2b..31874926abd5e 100644
--- a/secure/lib/libcrypto/man/EVP_sm4_cbc.3
+++ b/secure/lib/libcrypto/man/EVP_sm4_cbc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SM4_CBC 3"
-.TH EVP_SM4_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_SM4_CBC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,20 +157,20 @@ EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr
 The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0
 .PP
 All modes below use a key length of 128 bits and acts on blocks of 128 bits.
-.IP "\fIEVP_sm4_cbc()\fR, \fIEVP_sm4_ecb()\fR, \fIEVP_sm4_cfb()\fR, \fIEVP_sm4_cfb128()\fR, \fIEVP_sm4_ofb()\fR, \fIEVP_sm4_ctr()\fR" 4
+.IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4
 .IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()"
 The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes
 respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_CIPHER\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_EncryptInit\fR\|(3),
-\&\fIEVP_CIPHER_meth_new\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_EncryptInit\fR\|(3),
+\&\fBEVP_CIPHER_meth_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/EVP_whirlpool.3 b/secure/lib/libcrypto/man/EVP_whirlpool.3
index e917626b2d67d..dbd0bbc760dfd 100644
--- a/secure/lib/libcrypto/man/EVP_whirlpool.3
+++ b/secure/lib/libcrypto/man/EVP_whirlpool.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_WHIRLPOOL 3"
-.TH EVP_WHIRLPOOL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EVP_WHIRLPOOL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,22 +151,22 @@ EVP_whirlpool \&\- WHIRLPOOL For EVP
 .IX Header "DESCRIPTION"
 \&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0
 designed by Vincent Rijmen and Paulo S. L. M. Barreto.
-.IP "\fIEVP_whirlpool()\fR" 4
+.IP "\fBEVP_whirlpool()\fR" 4
 .IX Item "EVP_whirlpool()"
 The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given
 input.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the
-implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for
+implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for
 details of the \fB\s-1EVP_MD\s0\fR structure.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1ISO/IEC 10118\-3:2004.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7),
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBevp\fR\|(7),
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/HMAC.3 b/secure/lib/libcrypto/man/HMAC.3
index 39577fc8ee77a..88a1c799db3e5 100644
--- a/secure/lib/libcrypto/man/HMAC.3
+++ b/secure/lib/libcrypto/man/HMAC.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "HMAC 3"
-.TH HMAC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH HMAC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -176,7 +180,7 @@ Deprecated:
 function used for message authentication, which is based on a hash
 function.
 .PP
-\&\s-1\fIHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at
+\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at
 \&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is
 \&\fBkey_len\fR bytes long.
 .PP
@@ -186,86 +190,86 @@ If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array.  The size of
 the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0
 value for \fBmd\fR  to use the static array is not thread safe.
 .PP
-\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc.
+\&\fBevp_md\fR can be \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc.
 .PP
-\&\fIHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory.
+\&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory.
 .PP
-\&\fIHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated
+\&\fBHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated
 resources, making it suitable for new computations as if it was newly
-created with \fIHMAC_CTX_new()\fR.
+created with \fBHMAC_CTX_new()\fR.
 .PP
-\&\fIHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR,
+\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR,
 releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR
 itself.
 .PP
 The following functions may be used if the message is not completely
 stored in memory:
 .PP
-\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash
+\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash
 function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0
 and \fBevp_md\fR is the same as the previous call, then the
 existing key is
-reused. \fBctx\fR must have been created with \fIHMAC_CTX_new()\fR before the first use
+reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use
 of an \fB\s-1HMAC_CTX\s0\fR in this function.
 .PP
-If \fIHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the
+If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the
 same as the previous digest used by \fBctx\fR then an error is returned
 because reuse of an existing key with a different digest is not supported.
 .PP
-\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash
+\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash
 function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes
 long.
 .PP
-\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to
+\&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to
 be authenticated (\fBlen\fR bytes at \fBdata\fR).
 .PP
-\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which
+\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which
 must have space for the hash function output.
 .PP
-\&\fIHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR.
+\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR.
 .PP
-\&\fIHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs.
-These flags have the same meaning as for \fIEVP_MD_CTX_set_flags\fR\|(3).
+\&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs.
+These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3).
 .PP
-\&\fIHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the
+\&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the
 supplied \s-1HMAC_CTX.\s0
 .PP
-\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output.
+\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if
+\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if
 an error occurred.
 .PP
-\&\fIHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or
+\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or
 \&\fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIHMAC_CTX_reset()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and
-\&\fIHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred.
+\&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and
+\&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred.
 .PP
-\&\fIHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or
+\&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or
 \&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set.
 .PP
-\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output
+\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output
 or zero on error.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1RFC 2104\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fISHA1\s0\fR\|(3), \fIevp\fR\|(7)
+\&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIHMAC_CTX_init()\fR was replaced with \fIHMAC_CTX_reset()\fR in OpenSSL 1.1.0.
+\&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0.
 .PP
-\&\fIHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0.
+\&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0.
 .PP
-\&\fIHMAC_CTX_new()\fR, \fIHMAC_CTX_free()\fR and \fIHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0.
+\&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR and \fBHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0.
 .PP
-\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in
+\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in
 OpenSSL before version 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/MD5.3 b/secure/lib/libcrypto/man/MD5.3
index 1d5411b3621ee..28c4ecc835d63 100644
--- a/secure/lib/libcrypto/man/MD5.3
+++ b/secure/lib/libcrypto/man/MD5.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "MD5 3"
-.TH MD5 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH MD5 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -169,7 +173,7 @@ MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final,
 .IX Header "DESCRIPTION"
 \&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output.
 .PP
-\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest
+\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest
 of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space
 for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16
 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static
@@ -178,19 +182,19 @@ array.
 The following functions may be used if the message is not completely
 stored in memory:
 .PP
-\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure.
+\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure.
 .PP
-\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to
+\&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to
 be hashed (\fBlen\fR bytes at \fBdata\fR).
 .PP
-\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space
+\&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space
 for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR.
 .PP
-\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and
-\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure.
+\&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and
+\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure.
 .PP
 Applications should use the higher level functions
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBEVP_DigestInit\fR\|(3)
 etc. instead of calling the hash functions directly.
 .SH "NOTE"
 .IX Header "NOTE"
@@ -199,17 +203,17 @@ applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be
 preferred.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR return pointers to the hash value.
+\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value.
 .PP
-\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR,
-\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR return 1 for
+\&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR,
+\&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for
 success, 0 otherwise.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1RFC 1319, RFC 1320, RFC 1321\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/MDC2_Init.3 b/secure/lib/libcrypto/man/MDC2_Init.3
index 25aadc30f3786..6d2d8c884da1b 100644
--- a/secure/lib/libcrypto/man/MDC2_Init.3
+++ b/secure/lib/libcrypto/man/MDC2_Init.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "MDC2_INIT 3"
-.TH MDC2_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH MDC2_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,7 +159,7 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function
 block ciphers.  These functions are an implementation of \s-1MDC2\s0 with
 \&\s-1DES.\s0
 .PP
-\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR
+\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR
 bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
 \&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
 is placed in a static array.
@@ -163,28 +167,28 @@ is placed in a static array.
 The following functions may be used if the message is not completely
 stored in memory:
 .PP
-\&\fIMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure.
+\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure.
 .PP
-\&\fIMDC2_Update()\fR can be called repeatedly with chunks of the message to
+\&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to
 be hashed (\fBlen\fR bytes at \fBdata\fR).
 .PP
-\&\fIMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space
+\&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space
 for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR.
 .PP
 Applications should use the higher level functions
-\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the
+\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the
 hash functions directly.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\s-1\fIMDC2\s0()\fR returns a pointer to the hash value.
+\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value.
 .PP
-\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise.
+\&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3
index ebf38334c6468..7f5b0b4787952 100644
--- a/secure/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OBJ_NID2OBJ 3"
-.TH OBJ_NID2OBJ 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OBJ_NID2OBJ 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -183,23 +187,23 @@ are available as defined constants.  For the functions below, application
 code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as
 constants.
 .PP
-\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to
+\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to
 an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively,
 or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0
+\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0
 for the object \fBo\fR, the long name <ln> or the short name <sn> respectively
 or NID_undef if an error occurred.
 .PP
-\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be
+\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be
 a long name, a short name or the numerical representation of an object.
 .PP
-\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure.
+\&\fBOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure.
 If \fBno_name\fR is 0 then long names and short names will be interpreted
 as well as numerical forms. If \fBno_name\fR is 1 only the numerical form
 is acceptable.
 .PP
-\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation.
+\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation.
 The representation is written as a null terminated string to \fBbuf\fR
 at most \fBbuf_len\fR bytes are written, truncating the result if necessary.
 The total amount of space required is returned. If \fBno_name\fR is 0 then
@@ -207,23 +211,23 @@ if the object has a long or short name then that will be used, otherwise
 the numerical form will be used. If \fBno_name\fR is 1 then the numerical
 form will always be used.
 .PP
-\&\fIi2t_ASN1_OBJECT()\fR is the same as \fIOBJ_obj2txt()\fR with the \fBno_name\fR set to zero.
+\&\fBi2t_ASN1_OBJECT()\fR is the same as \fBOBJ_obj2txt()\fR with the \fBno_name\fR set to zero.
 .PP
-\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned.
+\&\fBOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned.
 .PP
-\&\fIOBJ_dup()\fR returns a copy of \fBo\fR.
+\&\fBOBJ_dup()\fR returns a copy of \fBo\fR.
 .PP
-\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the
+\&\fBOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the
 numerical form of the object, \fBsn\fR the short name and \fBln\fR the
 long name. A new \s-1NID\s0 is returned for the created object in case of
 success and NID_undef in case of failure.
 .PP
-\&\fIOBJ_length()\fR returns the size of the content octets of \fBobj\fR.
+\&\fBOBJ_length()\fR returns the size of the content octets of \fBobj\fR.
 .PP
-\&\fIOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR.
+\&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR.
 The returned pointer is an internal pointer which \fBmust not\fR be freed.
 .PP
-\&\fIOBJ_cleanup()\fR releases any resources allocated by creating new objects.
+\&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects.
 .SH "NOTES"
 .IX Header "NOTES"
 Objects in OpenSSL can have a short name, a long name and a numerical
@@ -239,7 +243,7 @@ For example the \s-1OID\s0 for commonName has the following definitions:
 \& #define NID_commonName                  13
 .Ve
 .PP
-New objects can be added by calling \fIOBJ_create()\fR.
+New objects can be added by calling \fBOBJ_create()\fR.
 .PP
 Table objects have certain advantages over other objects: for example
 their NIDs can be used in a C language switch statement. They are
@@ -249,14 +253,14 @@ is only a single constant structure for each table object.
 Objects which are not in the table have the \s-1NID\s0 value NID_undef.
 .PP
 Objects do not need to be in the internal tables to be processed,
-the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical
+the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical
 form of an \s-1OID.\s0
 .PP
 Some objects are used to represent algorithms which do not have a
 corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently
 exists for a particular algorithm). As a result they \fBcannot\fR be encoded or
 decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there
-is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fIOBJ_length()\fR is not zero.
+is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero.
 .PP
 These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can
 represent both an internal, constant, \s-1OID\s0 and a dynamically-created one.
@@ -290,7 +294,7 @@ Create a new object directly:
 .Ve
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the
+\&\fBOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the
 convention of other OpenSSL functions where the buffer can be set
 to \fB\s-1NULL\s0\fR to determine the amount of data that should be written.
 Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should
@@ -298,20 +302,20 @@ be set to a positive value. A buffer length of 80 should be more
 than enough to handle any \s-1OID\s0 encountered in practice.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an
+\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an
 error occurred.
 .PP
-\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR
+\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR
 on error.
 .PP
-\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return
+\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return
 a \s-1NID\s0 or \fBNID_undef\fR on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto\fR\|(3)
+\&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3)
 and should not be used.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 b/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
index da08771450f55..82f41c161174b 100644
--- a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
+++ b/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP_REQUEST_NEW 3"
-.TH OCSP_REQUEST_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP_REQUEST_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,51 +161,51 @@ OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OC
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure.
+\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure.
 .PP
-\&\fIOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR.
+\&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR.
 .PP
-\&\fIOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns
+\&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns
 the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional
 extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after
 the operation.
 .PP
-\&\fIOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate
+\&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate
 \&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates
 \&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates
 will be included in the request.
 .PP
-\&\fIOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The
+\&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The
 application is responsible for freeing up \fBcert\fR after use.
 .PP
-\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR
+\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR
 structures in \fBreq\fR.
 .PP
-\&\fIOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR
+\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR
 contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to
 OCSP_request_onereq_count(req) \- 1.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if
+\&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if
 an error occurred.
 .PP
-\&\fIOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR
+\&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR
 or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIOCSP_request_sign()\fR and \fIOCSP_request_add1_cert()\fR return 1 for success and 0
+\&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0
 for failure.
 .PP
-\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR
+\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR
 structures in \fBreq\fR.
 .PP
-\&\fIOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure
+\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure
 or \fB\s-1NULL\s0\fR if the index value is out or range.
 .SH "NOTES"
 .IX Header "NOTES"
 An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures
 corresponding to each certificate.
 .PP
-\&\fIOCSP_request_onereq_count()\fR and \fIOCSP_request_onereq_get0()\fR are mainly used by
+\&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by
 \&\s-1OCSP\s0 responders.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
@@ -228,12 +232,12 @@ Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with is
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7),
-\&\fIOCSP_cert_to_id\fR\|(3),
-\&\fIOCSP_request_add1_nonce\fR\|(3),
-\&\fIOCSP_resp_find_status\fR\|(3),
-\&\fIOCSP_response_status\fR\|(3),
-\&\fIOCSP_sendreq_new\fR\|(3)
+\&\fBcrypto\fR\|(7),
+\&\fBOCSP_cert_to_id\fR\|(3),
+\&\fBOCSP_request_add1_nonce\fR\|(3),
+\&\fBOCSP_resp_find_status\fR\|(3),
+\&\fBOCSP_response_status\fR\|(3),
+\&\fBOCSP_sendreq_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OCSP_cert_to_id.3 b/secure/lib/libcrypto/man/OCSP_cert_to_id.3
index 941b1a538a821..b3ed391304c6e 100644
--- a/secure/lib/libcrypto/man/OCSP_cert_to_id.3
+++ b/secure/lib/libcrypto/man/OCSP_cert_to_id.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP_CERT_TO_ID 3"
-.TH OCSP_CERT_TO_ID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP_CERT_TO_ID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,50 +164,50 @@ OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using
+\&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using
 message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If
 \&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used.
 .PP
-\&\fIOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and
+\&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and
 issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number
 \&\fBserialNumber\fR.
 .PP
-\&\fIOCSP_CERTID_free()\fR frees up \fBid\fR.
+\&\fBOCSP_CERTID_free()\fR frees up \fBid\fR.
 .PP
-\&\fIOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR.
+\&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR.
 .PP
-\&\fIOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR.
+\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR.
 .PP
-\&\fIOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and
+\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and
 serial number contained in \fBcid\fR. If any of the values are not required the
 corresponding parameter can be set to \fB\s-1NULL\s0\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOCSP_cert_to_id()\fR and \fIOCSP_cert_id_new()\fR return either a pointer to a valid
+\&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid
 \&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIOCSP_id_cmp()\fR and \fIOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero
+\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero
 otherwise.
 .PP
-\&\fIOCSP_CERTID_free()\fR does not return a value.
+\&\fBOCSP_CERTID_free()\fR does not return a value.
 .PP
-\&\fIOCSP_id_get0_info()\fR returns 1 for success and 0 for failure.
+\&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\s-1OCSP\s0 clients will typically only use \fIOCSP_cert_to_id()\fR or \fIOCSP_cert_id_new()\fR:
+\&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR:
 the other functions are used by responder applications.
 .PP
-The values returned by \fIOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST
+The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST
 NOT\s0\fR be freed up by an application: they will be freed when the corresponding
 \&\fB\s-1OCSP_CERTID\s0\fR structure is freed.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7),
-\&\fIOCSP_request_add1_nonce\fR\|(3),
-\&\fIOCSP_REQUEST_new\fR\|(3),
-\&\fIOCSP_resp_find_status\fR\|(3),
-\&\fIOCSP_response_status\fR\|(3),
-\&\fIOCSP_sendreq_new\fR\|(3)
+\&\fBcrypto\fR\|(7),
+\&\fBOCSP_request_add1_nonce\fR\|(3),
+\&\fBOCSP_REQUEST_new\fR\|(3),
+\&\fBOCSP_resp_find_status\fR\|(3),
+\&\fBOCSP_response_status\fR\|(3),
+\&\fBOCSP_sendreq_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 b/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
index b04578abd115c..60e883c317129 100644
--- a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
+++ b/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP_REQUEST_ADD1_NONCE 3"
-.TH OCSP_REQUEST_ADD1_NONCE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP_REQUEST_ADD1_NONCE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,25 +152,25 @@ OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonc
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to
+\&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to
 \&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR
 is zero or negative a default length will be used (currently 16 bytes).
 .PP
-\&\fIOCSP_basic_add1_nonce()\fR is identical to \fIOCSP_request_add1_nonce()\fR except
+\&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except
 it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR.
 .PP
-\&\fIOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR.
+\&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR.
 .PP
-\&\fIOCSP_copy_nonce()\fR copys any nonce value present in \fBreq\fR to \fBresp\fR.
+\&\fBOCSP_copy_nonce()\fR copys any nonce value present in \fBreq\fR to \fBresp\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOCSP_request_add1_nonce()\fR and \fIOCSP_basic_add1_nonce()\fR return 1 for success
+\&\fBOCSP_request_add1_nonce()\fR and \fBOCSP_basic_add1_nonce()\fR return 1 for success
 and 0 for failure.
 .PP
-\&\fIOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce
+\&\fBOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce
 was present in \fBreq\fR and 0 if an error occurred.
 .PP
-\&\fIOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR
+\&\fBOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR
 and \fBresp\fR. The return value indicates the result of the comparison.  If
 nonces are present and equal 1 is returned. If the nonces are absent 2 is
 returned. If a nonce is present in the response only 3 is returned. If nonces
@@ -175,7 +179,7 @@ only then \-1 is returned.
 .SH "NOTES"
 .IX Header "NOTES"
 For most purposes the nonce value in a request is set to a random value so
-the \fBval\fR parameter in \fIOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0
+the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0
 .PP
 An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks
 by checking the same nonce value appears in the response.
@@ -186,7 +190,7 @@ supplied.
 Some responders cache \s-1OCSP\s0 responses and do not sign each response for
 performance reasons. As a result they do not support nonces.
 .PP
-The return values of \fIOCSP_check_nonce()\fR can be checked to cover each case.  A
+The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case.  A
 positive return value effectively indicates success: nonces are both present
 and match, both absent or present in the response only. A non-zero return
 additionally covers the case where the nonce is present in the request only:
@@ -195,12 +199,12 @@ indicates present and mismatched nonces: this should be treated as an error
 condition.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7),
-\&\fIOCSP_cert_to_id\fR\|(3),
-\&\fIOCSP_REQUEST_new\fR\|(3),
-\&\fIOCSP_resp_find_status\fR\|(3),
-\&\fIOCSP_response_status\fR\|(3),
-\&\fIOCSP_sendreq_new\fR\|(3)
+\&\fBcrypto\fR\|(7),
+\&\fBOCSP_cert_to_id\fR\|(3),
+\&\fBOCSP_REQUEST_new\fR\|(3),
+\&\fBOCSP_resp_find_status\fR\|(3),
+\&\fBOCSP_response_status\fR\|(3),
+\&\fBOCSP_sendreq_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/OCSP_resp_find_status.3
index 8cfea7b49cbb8..d98518403f03f 100644
--- a/secure/lib/libcrypto/man/OCSP_resp_find_status.3
+++ b/secure/lib/libcrypto/man/OCSP_resp_find_status.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP_RESP_FIND_STATUS 3"
-.TH OCSP_RESP_FIND_STATUS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP_RESP_FIND_STATUS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -182,7 +186,7 @@ OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_i
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is
+\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is
 successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR,
 \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR.  The \fB*status\fR value will be one of
 \&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or
@@ -195,50 +199,50 @@ will be set to the revocation reason which will be one of
 \&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR,
 \&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR.
 .PP
-\&\fIOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR.
+\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR.
 .PP
-\&\fIOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR
+\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR
 corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to
 OCSP_resp_count(bs) \- 1.
 .PP
-\&\fIOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first
+\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first
 matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1.
 .PP
-\&\fIOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR,
+\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR,
 \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR.
 .PP
-\&\fIOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the
+\&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the
 single response \fBbs\fR.
 .PP
-\&\fIOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR.
+\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR.
 .PP
-\&\fIOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR.
+\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR.
 .PP
-\&\fIOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR.
+\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR.
 .PP
-\&\fIOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR.
+\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR.
 .PP
-\&\fIOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly
+\&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly
 signed \fBbs\fR.  The \s-1OCSP\s0 protocol does not require that this certificate
 is included in the \fBcerts\fR field of the response, so additional certificates
 can be supplied in \fBextra_certs\fR if the certificates that may have
 signed the response are known via some out-of-band mechanism.
 .PP
-\&\fIOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is
+\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is
 a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the
 responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR
-is set to \s-1NULL.\s0 \fIOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR
+is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR
 with the caller, who is responsible for freeing them. Both functions return 1
-in case of success and 0 in case of failure. If \fIOCSP_resp_get1_id()\fR returns 0,
+in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0,
 no freeing of the results is necessary.
 .PP
-\&\fIOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values
-which will be typically obtained from \fIOCSP_resp_find_status()\fR or
-\&\fIOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds
+\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values
+which will be typically obtained from \fBOCSP_resp_find_status()\fR or
+\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds
 leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates
 the maximum age of \fBthisupd\fR in seconds.
 .PP
-\&\fIOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly
+\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly
 signed and that the signer certificate can be validated. It takes \fBst\fR as
 the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates.
 The function first tries to find the signer certificate of the response
@@ -260,51 +264,51 @@ criteria including potential delegation. If this does not succeed and the
 trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise.
+\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise.
 .PP
-\&\fIOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in
+\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in
 \&\fBbs\fR.
 .PP
-\&\fIOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or
+\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or
 \&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range.
 .PP
-\&\fIOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if
+\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if
 \&\fBid\fR was not found.
 .PP
-\&\fIOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error
+\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error
 occurred.
 .PP
-\&\fIOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located,
+\&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located,
 or 0 on error.
 .PP
-\&\fIOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such
+\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such
 as malloc failure.
 .SH "NOTES"
 .IX Header "NOTES"
-Applications will typically call \fIOCSP_resp_find_status()\fR using the certificate
-\&\s-1ID\s0 of interest and then check its validity using \fIOCSP_check_validity()\fR. They
+Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate
+\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They
 can then take appropriate action based on the status of the certificate.
 .PP
 An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR
 fields. Normally the current time should be between these two values. To
 account for clock skew the \fBmaxsec\fR field can be set to non-zero in
-\&\fIOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this
+\&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this
 would otherwise mean an ancient response would be considered valid: the
-\&\fBmaxsec\fR parameter to \fIOCSP_check_validity()\fR can be used to limit the permitted
+\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted
 age of responses.
 .PP
 The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by
-\&\fIOCSP_resp_find_status()\fR and \fIOCSP_single_get0_status()\fR are internal pointers
+\&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers
 which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these
 parameters can be set to \s-1NULL\s0 if their value is not required.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7),
-\&\fIOCSP_cert_to_id\fR\|(3),
-\&\fIOCSP_request_add1_nonce\fR\|(3),
-\&\fIOCSP_REQUEST_new\fR\|(3),
-\&\fIOCSP_response_status\fR\|(3),
-\&\fIOCSP_sendreq_new\fR\|(3)
+\&\fBcrypto\fR\|(7),
+\&\fBOCSP_cert_to_id\fR\|(3),
+\&\fBOCSP_request_add1_nonce\fR\|(3),
+\&\fBOCSP_REQUEST_new\fR\|(3),
+\&\fBOCSP_response_status\fR\|(3),
+\&\fBOCSP_sendreq_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OCSP_response_status.3 b/secure/lib/libcrypto/man/OCSP_response_status.3
index 3d009243efdec..7faaa3ed0542f 100644
--- a/secure/lib/libcrypto/man/OCSP_response_status.3
+++ b/secure/lib/libcrypto/man/OCSP_response_status.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP_RESPONSE_STATUS 3"
-.TH OCSP_RESPONSE_STATUS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP_RESPONSE_STATUS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -158,78 +162,78 @@ OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPO
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns
+\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns
 one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR,
 \&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR,
 \&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR
 \&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR.
 .PP
-\&\fIOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure
+\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure
 contained in \fBresp\fR.
 .PP
-\&\fIOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for
+\&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for
 \&\fBstatus\fR and optionally including basic response \fBbs\fR.
 .PP
-\&\fIOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR.
+\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR.
 .PP
-\&\fIOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the
+\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the
 subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder.
 .PP
-\&\fIOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the
+\&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the
 key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is
 stored as a \s-1SHA1\s0 hash.
 .PP
 Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling
-\&\fIOCSP_RESPID_set_by_name()\fR or \fIOCSP_RESPID_set_by_key()\fR will clear any existing
+\&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing
 setting.
 .PP
-\&\fIOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches
+\&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches
 with the X509 certificate \fBcert\fR.
 .PP
-\&\fIOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key
+\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key
 \&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option
 \&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the request. If the
 \&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0
-rather than by name. \fIOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but
+rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but
 uses the parameters contained in digest context \fBctx\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOCSP_RESPONSE_status()\fR returns a status value.
+\&\fBOCSP_RESPONSE_status()\fR returns a status value.
 .PP
-\&\fIOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or
+\&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or
 \&\fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR
+\&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR
 if an error occurred.
 .PP
-\&\fIOCSP_RESPONSE_free()\fR does not return a value.
+\&\fBOCSP_RESPONSE_free()\fR does not return a value.
 .PP
-\&\fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR, \fIOCSP_basic_sign()\fR, and
-\&\fIOCSP_basic_sign_ctx()\fR return 1 on success or 0
+\&\fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR, \fBOCSP_basic_sign()\fR, and
+\&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0
 on failure.
 .PP
-\&\fIOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match
+\&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match
 or 0 otherwise.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIOCSP_response_get1_basic()\fR is only called if the status of a response is
+\&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is
 \&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7)
-\&\fIOCSP_cert_to_id\fR\|(3)
-\&\fIOCSP_request_add1_nonce\fR\|(3)
-\&\fIOCSP_REQUEST_new\fR\|(3)
-\&\fIOCSP_resp_find_status\fR\|(3)
-\&\fIOCSP_sendreq_new\fR\|(3)
-\&\fIOCSP_RESPID_new\fR\|(3)
-\&\fIOCSP_RESPID_free\fR\|(3)
+\&\fBcrypto\fR\|(7)
+\&\fBOCSP_cert_to_id\fR\|(3)
+\&\fBOCSP_request_add1_nonce\fR\|(3)
+\&\fBOCSP_REQUEST_new\fR\|(3)
+\&\fBOCSP_resp_find_status\fR\|(3)
+\&\fBOCSP_sendreq_new\fR\|(3)
+\&\fBOCSP_RESPID_new\fR\|(3)
+\&\fBOCSP_RESPID_free\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR and \fIOCSP_RESPID_match()\fR
+The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR
 functions were added in OpenSSL 1.1.0a.
 .PP
-The \fIOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1.
+The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OCSP_sendreq_new.3 b/secure/lib/libcrypto/man/OCSP_sendreq_new.3
index f9ced2b333182..c91d8ce0a650b 100644
--- a/secure/lib/libcrypto/man/OCSP_sendreq_new.3
+++ b/secure/lib/libcrypto/man/OCSP_sendreq_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP_SENDREQ_NEW 3"
-.TH OCSP_SENDREQ_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP_SENDREQ_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,48 +164,48 @@ OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_le
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fIOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the
+The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the
 responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a
 response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a
 default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR
 and provided later if required.
 .PP
-\&\fIOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context
+\&\fBOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context
 \&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR.
 .PP
-\&\fIOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR.
+\&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR.
 .PP
-\&\fIOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR
+\&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR
 to \fBlen\fR. If the response exceeds this length an error occurs. If not
 set a default value of 100k is used.
 .PP
-\&\fIOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the
+\&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the
 context \fBrctx\fR. It can be called more than once to add multiple headers.
-It \fB\s-1MUST\s0\fR be called before any calls to \fIOCSP_sendreq_nbio()\fR. The \fBreq\fR
-parameter in the initial to \fIOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if
+It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR
+parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if
 additional headers are set.
 .PP
-\&\fIOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This
-function should be called after any calls to \fIOCSP_REQ_CTX_add1_header()\fR.
+\&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This
+function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR.
 .PP
-\&\fIOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0
+\&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0
 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line
 length of \fBmaxline\fR. If \fBmaxline\fR is zero a default value of 4k is used.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if
+\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if
 an error occurred.
 .PP
-\&\fIOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully,
+\&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully,
 \&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred.
 .PP
-\&\fIOCSP_REQ_CTX_add1_header()\fR and \fIOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success
+\&\fBOCSP_REQ_CTX_add1_header()\fR and \fBOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success
 and \fB0\fR for failure.
 .PP
-\&\fIOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the
+\&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the
 responder or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIOCSP_REQ_CTX_free()\fR and \fIOCSP_set_max_response_length()\fR do not return values.
+\&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values.
 .SH "NOTES"
 .IX Header "NOTES"
 These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an
@@ -210,12 +214,12 @@ alternative more complete \s-1HTTP\s0 library.
 .PP
 Currently only \s-1HTTP POST\s0 queries to responders are supported.
 .PP
-The arguments to \fIOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0
+The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0
 For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0
 \&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR
 should be set to \fB\*(L"/ocspreq\*(R"\fR
 .PP
-The headers added with \fIOCSP_REQ_CTX_add1_header()\fR are of the form
+The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form
 "\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add
 a Host header for \fBocsp.com\fR you would call:
 .PP
@@ -223,22 +227,22 @@ a Host header for \fBocsp.com\fR you would call:
 \& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
 .Ve
 .PP
-If \fIOCSP_sendreq_nbio()\fR indicates an operation should be retried the
+If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the
 corresponding \s-1BIO\s0 can be examined to determine which operation (read or
-write) should be retried and appropriate action taken (for example a \fIselect()\fR
+write) should be retried and appropriate action taken (for example a \fBselect()\fR
 call on the underlying socket).
 .PP
-\&\fIOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking
+\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking
 I/O efficiently. It is retained for compatibility and its use in new
 applications is not recommended.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7),
-\&\fIOCSP_cert_to_id\fR\|(3),
-\&\fIOCSP_request_add1_nonce\fR\|(3),
-\&\fIOCSP_REQUEST_new\fR\|(3),
-\&\fIOCSP_resp_find_status\fR\|(3),
-\&\fIOCSP_response_status\fR\|(3)
+\&\fBcrypto\fR\|(7),
+\&\fBOCSP_cert_to_id\fR\|(3),
+\&\fBOCSP_request_add1_nonce\fR\|(3),
+\&\fBOCSP_REQUEST_new\fR\|(3),
+\&\fBOCSP_resp_find_status\fR\|(3),
+\&\fBOCSP_response_status\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3
index ce0cc47b669e3..9746f99c88ee0 100644
--- a/secure/lib/libcrypto/man/OPENSSL_Applink.3
+++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_APPLINK 3"
-.TH OPENSSL_APPLINK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_APPLINK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 b/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
index 22196785dc6e4..179fe56533f67 100644
--- a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
+++ b/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_LH_COMPFUNC 3"
-.TH OPENSSL_LH_COMPFUNC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_LH_COMPFUNC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -168,7 +172,7 @@ table entries can be arbitrary structures. Usually they consist of key
 and value fields.  In the description here, \fI\s-1TYPE\s0\fR is used a placeholder
 for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR.
 .PP
-\&\fIlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store
+\&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store
 arbitrary data entries, and specifies the 'hash' and 'compare'
 callbacks to be used in organising the table's entries.  The \fBhash\fR
 callback takes a pointer to a table entry as its argument and returns
@@ -183,7 +187,7 @@ will contain items of some particular type and the \fBhash\fR and
 \&\fBcompare\fR callbacks hash/compare these types, then the
 \&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be
 used to create callback wrappers of the prototypes required by
-\&\fIlh_TYPE_new()\fR as shown in this example:
+\&\fBlh_TYPE_new()\fR as shown in this example:
 .PP
 .Vb 11
 \& /*
@@ -221,23 +225,23 @@ Then a hash table of \s-1TYPE\s0 objects can be created using this:
 \& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
 .Ve
 .PP
-\&\fIlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure
+\&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure
 \&\fBtable\fR. Allocated hash table entries will not be freed; consider
-using \fIlh_TYPE_doall()\fR to deallocate any remaining entries in the
+using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the
 hash table (see below).
 .PP
-\&\fIlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into
+\&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into
 \&\fBtable\fR.  If there already is an entry with the same key, the old
-value is replaced. Note that \fIlh_TYPE_insert()\fR stores pointers, the
+value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the
 data are not copied.
 .PP
-\&\fIlh_TYPE_delete()\fR deletes an entry from \fBtable\fR.
+\&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR.
 .PP
-\&\fIlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR
+\&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR
 is a structure with the key field(s) set; the function will return a
 pointer to a fully populated structure.
 .PP
-\&\fIlh_TYPE_doall()\fR will, for every entry in the hash table, call
+\&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call
 \&\fBfunc\fR with the data item as its parameter.
 For example:
 .PP
@@ -264,11 +268,11 @@ you start (which will stop the hash table ever decreasing in size).
 The best solution is probably to avoid deleting items from the hash
 table inside a \*(L"doall\*(R" callback!
 .PP
-\&\fIlh_TYPE_doall_arg()\fR is the same as \fIlh_TYPE_doall()\fR except that
+\&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that
 \&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR
 should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype
 that is passed both the table entry and an extra argument).  As with
-\&\fIlh_doall()\fR, you can instead choose to declare your callback with a
+\&\fBlh_doall()\fR, you can instead choose to declare your callback with a
 prototype matching the types you are dealing with and use the
 declare/implement macros to create compatible wrappers that cast
 variables before calling your type-specific callbacks.  An example of
@@ -287,26 +291,26 @@ that is provided by the caller):
 \&                   logging_bio);
 .Ve
 .PP
-\&\fIlh_TYPE_error()\fR can be used to determine if an error occurred in the last
+\&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last
 operation.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new
+\&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new
 \&\fB\s-1LHASH\s0\fR structure.
 .PP
-When a hash table entry is replaced, \fIlh_TYPE_insert()\fR returns the value
+When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value
 being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error.
 .PP
-\&\fIlh_TYPE_delete()\fR returns the entry being deleted.  \fB\s-1NULL\s0\fR is returned if
+\&\fBlh_TYPE_delete()\fR returns the entry being deleted.  \fB\s-1NULL\s0\fR is returned if
 there is no such value in the hash table.
 .PP
-\&\fIlh_TYPE_retrieve()\fR returns the hash table entry if it has been found,
+\&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found,
 \&\fB\s-1NULL\s0\fR otherwise.
 .PP
-\&\fIlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0
+\&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0
 otherwise. It's meaningful only after non-retrieve operations.
 .PP
-\&\fIlh_TYPE_free()\fR, \fIlh_TYPE_doall()\fR and \fIlh_TYPE_doall_arg()\fR return no values.
+\&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values.
 .SH "NOTE"
 .IX Header "NOTE"
 The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as
@@ -314,12 +318,12 @@ lh_TYPE_error call must be performed under a write lock. All retrieve
 operations should be performed under a read lock, \fIunless\fR accurate
 usage statistics are desired. In which case, a write lock should be used
 for retrieve operations as well. For output of the usage statistics,
-using the functions from \fIOPENSSL_LH_stats\fR\|(3), a read lock suffices.
+using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices.
 .PP
 The \s-1LHASH\s0 code regards table entries as constant data.  As such, it
-internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R"
-pointer type.  This is why callbacks such as those used by \fIlh_doall()\fR
-and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the
+internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R"
+pointer type.  This is why callbacks such as those used by \fBlh_doall()\fR
+and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the
 parameters that pass back the table items' data pointers \- for
 consistency, user-provided data is \*(L"const\*(R" at all times as far as the
 \&\s-1LHASH\s0 code is concerned.  However, as callers are themselves providing
@@ -332,8 +336,8 @@ indexed in the hash table (ie. it is returned as \*(L"const\*(R" from
 elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are
 appropriate as-is.  Conversely, if the caller is responsible for the
 life-time of the data in question, then they may well wish to make
-modifications to table item passed back in the \fIlh_doall()\fR or
-\&\fIlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above).  If
+modifications to table item passed back in the \fBlh_doall()\fR or
+\&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above).  If
 so, the caller can either cast the \*(L"const\*(R" away (if they're providing
 the raw callbacks themselves) or use the macros to declare/implement
 the wrapper functions without \*(L"const\*(R" types.
@@ -347,10 +351,10 @@ DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types
 without any \*(L"const\*(R" qualifiers.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fIlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error.
+\&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIOPENSSL_LH_stats\fR\|(3)
+\&\fBOPENSSL_LH_stats\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 In OpenSSL 1.0.0, the lhash interface was revamped for better
diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 b/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
index ed702af8995bd..09ed621e70f94 100644
--- a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
+++ b/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_LH_STATS 3"
-.TH OPENSSL_LH_STATS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_LH_STATS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,14 +158,14 @@ OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH
 The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of
 accessing the hash table.
 .PP
-\&\fIOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how
+\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how
 many entries are in it, and the number and result of calls to the
 routines in this library.
 .PP
-\&\fIOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the
+\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the
 hash table.
 .PP
-\&\fIOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the
+\&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the
 hash table.  It prints the 'load' and the 'actual load'.  The load is
 the average number of data items per 'bucket' in the hash table.  The
 \&'actual load' is the average number of items per 'bucket', but only
@@ -170,7 +174,7 @@ average number of searches that will need to find an item in the hash
 table, while the 'load' is the average number that will be done to
 record a miss.
 .PP
-\&\fIOPENSSL_LH_stats_bio()\fR, \fIOPENSSL_LH_node_stats_bio()\fR and \fIOPENSSL_LH_node_usage_stats_bio()\fR
+\&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR
 are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -178,11 +182,11 @@ These functions do not return values.
 .SH "NOTE"
 .IX Header "NOTE"
 These calls should be made under a read lock. Refer to
-\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required
+\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required
 when using the \s-1LHASH\s0 data structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIbio\fR\|(7), \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3)
+\&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
index dac17925003a8..572078a9b84eb 100644
--- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -190,9 +194,9 @@ number was therefore 0x0090581f.
 release date.  For example,
 \&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R".
 .PP
-\&\fIOpenSSL_version_num()\fR returns the version number.
+\&\fBOpenSSL_version_num()\fR returns the version number.
 .PP
-\&\fIOpenSSL_version()\fR returns different strings depending on \fBt\fR:
+\&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR:
 .IP "\s-1OPENSSL_VERSION\s0" 4
 .IX Item "OPENSSL_VERSION"
 The text variant of the version number and the release date.  For example,
@@ -222,12 +226,12 @@ if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise.
 For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOpenSSL_version_num()\fR returns the version number.
+\&\fBOpenSSL_version_num()\fR returns the version number.
 .PP
-\&\fIOpenSSL_version()\fR returns requested version strings.
+\&\fBOpenSSL_version()\fR returns requested version strings.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7)
+\&\fBcrypto\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3
index b8ddbb75bd059..ca177c928c866 100644
--- a/secure/lib/libcrypto/man/OPENSSL_config.3
+++ b/secure/lib/libcrypto/man/OPENSSL_config.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_CONFIG 3"
-.TH OPENSSL_CONFIG 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_CONFIG 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,27 +152,27 @@ OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and
+\&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and
 reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then
 the default section, \fBopenssl_conf\fR, will be used.
 Errors are silently ignored.
 Multiple calls have no effect.
 .PP
-\&\fIOPENSSL_no_config()\fR disables configuration. If called before \fIOPENSSL_config()\fR
+\&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR
 no configuration takes place.
 .PP
 If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a
-call to \fIOpenSSL_add_all_algorithms()\fR will implicitly call \fIOPENSSL_config()\fR
+call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR
 first.
 .SH "NOTES"
 .IX Header "NOTES"
-The \fIOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and
+The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and
 forget it\*(R" function.
 It is however \fBmuch\fR better than nothing. Applications which need finer
 control over their configuration functionality should use the configuration
-functions such as \fICONF_modules_load()\fR directly. This function is deprecated
+functions such as \fBCONF_modules_load()\fR directly. This function is deprecated
 and its use should be avoided.
-Applications should instead call \fICONF_modules_load()\fR during
+Applications should instead call \fBCONF_modules_load()\fR during
 initialization (that is before starting any threads).
 .PP
 There are several reasons why calling the OpenSSL configuration routines is
@@ -176,7 +180,7 @@ advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs).
 However very few applications currently support the control interface and so
 very few can load and use dynamic ENGINEs. Equally in future more sophisticated
 ENGINEs will require certain control operations to customize them. If an
-application calls \fIOPENSSL_config()\fR it doesn't need to know or care about
+application calls \fBOPENSSL_config()\fR it doesn't need to know or care about
 \&\s-1ENGINE\s0 control operations because they can be performed by editing a
 configuration file.
 .SH "ENVIRONMENT"
@@ -187,15 +191,15 @@ The path to the config file.
 Ignored in set-user-ID and set-group-ID programs.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-Neither \fIOPENSSL_config()\fR nor \fIOPENSSL_no_config()\fR return a value.
+Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIconfig\fR\|(5),
-\&\fICONF_modules_load_file\fR\|(3)
+\&\fBconfig\fR\|(5),
+\&\fBCONF_modules_load_file\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIOPENSSL_no_config()\fR and \fIOPENSSL_config()\fR functions were
-deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR.
+The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were
+deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 b/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
index 43570681170be..fdca3d2033544 100644
--- a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
+++ b/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_FORK_PREPARE 3"
-.TH OPENSSL_FORK_PREPARE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_FORK_PREPARE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,30 +154,30 @@ OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork
 OpenSSL has state that should be reset when a process forks. For example,
 the entropy pool used to generate random numbers (and therefore encryption
 keys) should not be shared across multiple programs.
-The \fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR, and \fIOPENSSL_fork_child()\fR
+The \fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR, and \fBOPENSSL_fork_child()\fR
 functions are used to reset this internal state.
 .PP
-Platforms without \fIfork\fR\|(2) will probably not need to use these functions.
-Platforms with \fIfork\fR\|(2) but without \fIpthreads_atfork\fR\|(3) will probably need
+Platforms without \fBfork\fR\|(2) will probably not need to use these functions.
+Platforms with \fBfork\fR\|(2) but without \fBpthreads_atfork\fR\|(3) will probably need
 to call them manually, as described in the following paragraph.  Platforms
 such as Linux that have both functions will normally not need to call these
 functions as the OpenSSL library will do so automatically.
 .PP
-\&\fIOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate
+\&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate
 handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other
 applications, these functions can be called directly. They should be used
-according to the calling sequence described by the \fIpthreads_atfork\fR\|(3)
-documentation, which is summarized here.  \fIOPENSSL_fork_prepare()\fR should
-be called before a \fIfork()\fR is done.  After the \fIfork()\fR returns, the parent
-process should call \fIOPENSSL_fork_parent()\fR and the child process should
-call \fIOPENSSL_fork_child()\fR.
+according to the calling sequence described by the \fBpthreads_atfork\fR\|(3)
+documentation, which is summarized here.  \fBOPENSSL_fork_prepare()\fR should
+be called before a \fBfork()\fR is done.  After the \fBfork()\fR returns, the parent
+process should call \fBOPENSSL_fork_parent()\fR and the child process should
+call \fBOPENSSL_fork_child()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR and \fIOPENSSL_fork_child()\fR do not
+\&\fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR and \fBOPENSSL_fork_child()\fR do not
 return values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIOPENSSL_init_crypto\fR\|(3)
+\&\fBOPENSSL_init_crypto\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.1.
diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
index 70a719d9e8e40..ad603210f6ecf 100644
--- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
+++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_IA32CAP 3"
-.TH OPENSSL_IA32CAP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_IA32CAP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -196,7 +200,7 @@ clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 regi
 bank. You might have to do the latter if target OpenSSL application is
 executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not
 enable \s-1XMM\s0 registers. Historically address of the capability vector copy
-was exposed to application through \fIOPENSSL_ia32cap_loc()\fR, but not
+was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not
 anymore. Now the only way to affect the capability detection is to set
 OPENSSL_ia32cap environment variable prior target application start. To
 give a specific example, on Intel P4 processor 'env
diff --git a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
index a9ab73523a75c..8642d9ca3ecc4 100644
--- a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
+++ b/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,13 +133,13 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_INIT_CRYPTO 3"
-.TH OPENSSL_INIT_CRYPTO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_INIT_CRYPTO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH "NAME"
-OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions
+OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 .Vb 1
@@ -147,6 +151,10 @@ OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, OPENSSL_in
 \& void OPENSSL_thread_stop(void);
 \&
 \& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+\&                                      const char* filename);
+\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
+\&                                        unsigned long flags);
 \& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
 \&                                     const char* name);
 \& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
@@ -163,15 +171,15 @@ As of version 1.1.0 OpenSSL will automatically allocate all resources that it
 needs so no explicit initialisation is required. Similarly it will also
 automatically deinitialise as required.
 .PP
-However, there way be situations when explicit initialisation is desirable or
+However, there may be situations when explicit initialisation is desirable or
 needed, for example when some non-default initialisation is required. The
-function \fIOPENSSL_init_crypto()\fR can be used for this purpose for
-libcrypto (see also \fIOPENSSL_init_ssl\fR\|(3) for the libssl
+function \fBOPENSSL_init_crypto()\fR can be used for this purpose for
+libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl
 equivalent).
 .PP
-Numerous internal OpenSSL functions call \fIOPENSSL_init_crypto()\fR.
+Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR.
 Therefore, in order to perform non-default initialisation,
-\&\fIOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to
+\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to
 any other OpenSSL function calls.
 .PP
 The \fBopts\fR parameter specifies which aspects of libcrypto should be
@@ -180,55 +188,55 @@ initialised. Valid options are:
 .IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS"
 Suppress automatic loading of the libcrypto error strings. This option is
 not a default option. Once selected subsequent calls to
-\&\fIOPENSSL_init_crypto()\fR with the option
+\&\fBOPENSSL_init_crypto()\fR with the option
 \&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored.
 .IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4
 .IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS"
 Automatic loading of the libcrypto error strings. With this option the
 library will automatically load the libcrypto error strings.
 This option is a default option. Once selected subsequent calls to
-\&\fIOPENSSL_init_crypto()\fR with the option
+\&\fBOPENSSL_init_crypto()\fR with the option
 \&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored.
 .IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4
 .IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS"
 With this option the library will automatically load and make available all
 libcrypto ciphers. This option is a default option. Once selected subsequent
-calls to \fIOPENSSL_init_crypto()\fR with the option
+calls to \fBOPENSSL_init_crypto()\fR with the option
 \&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored.
 .IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4
 .IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS"
 With this option the library will automatically load and make available all
 libcrypto digests. This option is a default option. Once selected subsequent
-calls to \fIOPENSSL_init_crypto()\fR with the option
+calls to \fBOPENSSL_init_crypto()\fR with the option
 \&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored.
 .IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4
 .IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS"
 With this option the library will suppress automatic loading of libcrypto
 ciphers. This option is not a default option. Once selected subsequent
-calls to \fIOPENSSL_init_crypto()\fR with the option
+calls to \fBOPENSSL_init_crypto()\fR with the option
 \&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored.
 .IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4
 .IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS"
 With this option the library will suppress automatic loading of libcrypto
 digests. This option is not a default option. Once selected subsequent
-calls to \fIOPENSSL_init_crypto()\fR with the option
+calls to \fBOPENSSL_init_crypto()\fR with the option
 \&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored.
 .IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4
 .IX Item "OPENSSL_INIT_LOAD_CONFIG"
 With this option an OpenSSL configuration file will be automatically loaded and
-used by calling \fIOPENSSL_config()\fR. This is not a default option for libcrypto.
-From OpenSSL 1.1.1 this is a default option for libssl (see
-\&\fIOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the
-description of \fIOPENSSL_INIT_new()\fR, below.
+used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto.
+As of OpenSSL 1.1.1 this is a default option for libssl (see
+\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the
+description of \fBOPENSSL_INIT_new()\fR, below.
 .IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4
 .IX Item "OPENSSL_INIT_NO_LOAD_CONFIG"
 With this option the loading of OpenSSL configuration files will be suppressed.
-It is the equivalent of calling \fIOPENSSL_no_config()\fR. This is not a default
+It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default
 option.
 .IP "\s-1OPENSSL_INIT_ASYNC\s0" 4
 .IX Item "OPENSSL_INIT_ASYNC"
 With this option the library with automatically initialise the libcrypto async
-sub-library (see \fIASYNC_start_job\fR\|(3)). This is a default option.
+sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option.
 .IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4
 .IX Item "OPENSSL_INIT_ENGINE_RDRAND"
 With this option the library will automatically load and initialise the
@@ -265,89 +273,105 @@ engines. This not a default option.
 .IP "\s-1OPENSSL_INIT_ATFORK\s0" 4
 .IX Item "OPENSSL_INIT_ATFORK"
 With this option the library will register its fork handlers.
-See \fIOPENSSL_fork_prepare\fR\|(3) for details.
+See \fBOPENSSL_fork_prepare\fR\|(3) for details.
+.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4
+.IX Item "OPENSSL_INIT_NO_ATEXIT"
+By default OpenSSL will attempt to clean itself up when the process exits via an
+\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that
+the application will have to clean up OpenSSL explicitly using
+\&\fBOPENSSL_cleanup()\fR.
 .PP
 Multiple options may be combined together in a single call to
-\&\fIOPENSSL_init_crypto()\fR. For example:
+\&\fBOPENSSL_init_crypto()\fR. For example:
 .PP
 .Vb 2
 \& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
 \&                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
 .Ve
 .PP
-The \fIOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto
+The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto
 and libssl). All resources allocated by OpenSSL are freed. Typically there
 should be no need to call this function directly as it is initiated
 automatically on application exit. This is done via the standard C library
-\&\fIatexit()\fR function. In the event that the application will close in a manner
-that will not call the registered \fIatexit()\fR handlers then the application should
-call \fIOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL
+\&\fBatexit()\fR function. In the event that the application will close in a manner
+that will not call the registered \fBatexit()\fR handlers then the application should
+call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL
 are discouraged from calling this function and should instead, typically, rely
 on auto-deinitialisation. This is to avoid error conditions where both an
 application and a library it depends on both use OpenSSL, and the library
 deinitialises it before the application has finished using it.
 .PP
-Once \fIOPENSSL_cleanup()\fR has been called the library cannot be reinitialised.
-Attempts to call \fIOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error
+Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised.
+Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error
 will be added to the error stack. Note that because initialisation has failed
 OpenSSL error strings will not be available, only an error code. This code can
 be put through the openssl errstr command line application to produce a human
-readable error (see \fIerrstr\fR\|(1)).
+readable error (see \fBerrstr\fR\|(1)).
 .PP
-The \fIOPENSSL_atexit()\fR function enables the registration of a
-function to be called during \fIOPENSSL_cleanup()\fR. Stop handlers are
+The \fBOPENSSL_atexit()\fR function enables the registration of a
+function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are
 called after deinitialisation of resources local to a thread, but before other
 process wide resources are freed. In the event that multiple stop handlers are
 registered, no guarantees are made about the order of execution.
 .PP
-The \fIOPENSSL_thread_stop()\fR function deallocates resources associated
+The \fBOPENSSL_thread_stop()\fR function deallocates resources associated
 with the current thread. Typically this function will be called automatically by
 the library when the thread exits. This should only be called directly if
 resources should be freed at an earlier time, or under the circumstances
 described in the \s-1NOTES\s0 section below.
 .PP
-The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a default configuration
-file. For optional configuration file settings, an \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR
-must be created and used.
-The routines \fIOPENSSL_init_new()\fR and \fIOPENSSL_INIT_set_config_appname()\fR can
-be used to allocate the object and set the application name, and then the
-object can be released with \fIOPENSSL_INIT_free()\fR when done.
+The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with
+\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the
+\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR  and
+\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags.
+The filename, application name, and flags can be customized by providing a
+non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object.
+The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR.
+The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a
+non-default filename, which is copied and need not refer to persistent storage.
+Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a
+non-default application name.
+Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags.
+If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in
+the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR
+or indirectly \fBOPENSSL_init_ssl\fR\|(3).
+The object can be released with \fBOPENSSL_INIT_free()\fR when done.
 .SH "NOTES"
 .IX Header "NOTES"
 Resources local to a thread are deallocated automatically when the thread exits
-(e.g. in a pthreads environment, when \fIpthread_exit()\fR is called). On Windows
+(e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows
 platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to
 the libcrypto32.dll entry point. Some windows functions may cause threads to exit
-without sending this message (for example \fIExitProcess()\fR). If the application
+without sending this message (for example \fBExitProcess()\fR). If the application
 uses such functions, then the application must free up OpenSSL resources
-directly via a call to \fIOPENSSL_thread_stop()\fR on each thread. Similarly this
+directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this
 message will also not be sent if OpenSSL is linked statically, and therefore
-applications using static linking should also call \fIOPENSSL_thread_stop()\fR on each
-thread. Additionally if OpenSSL is loaded dynamically via \fILoadLibrary()\fR and the
-threads are not destroyed until after \fIFreeLibrary()\fR is called then each thread
-should call \fIOPENSSL_thread_stop()\fR prior to the \fIFreeLibrary()\fR call.
+applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each
+thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the
+threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread
+should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call.
 .PP
-On Linux/Unix where OpenSSL has been loaded via \fIdlopen()\fR and the application is
-multi-threaded and if \fIdlclose()\fR is subsequently called prior to the threads
+On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is
+multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads
 being destroyed then OpenSSL will not be able to deallocate resources associated
-with those threads. The application should either call \fIOPENSSL_thread_stop()\fR on
-each thread prior to the \fIdlclose()\fR call, or alternatively the original \fIdlopen()\fR
+with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on
+each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR
 call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The functions OPENSSL_init_crypto, \fIOPENSSL_atexit()\fR and
-\&\fIOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error.
+The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and
+\&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIOPENSSL_init_ssl\fR\|(3)
+\&\fBOPENSSL_init_ssl\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIOPENSSL_init_crypto()\fR, \fIOPENSSL_cleanup()\fR, \fIOPENSSL_atexit()\fR,
-\&\fIOPENSSL_thread_stop()\fR, \fIOPENSSL_INIT_new()\fR, \fIOPENSSL_INIT_set_config_appname()\fR
-and \fIOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0.
+The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR,
+\&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR
+and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 b/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
index 63e8ce8d02848..c7f5aa715c1b4 100644
--- a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
+++ b/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_INIT_SSL 3"
-.TH OPENSSL_INIT_SSL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_INIT_SSL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,44 +161,44 @@ automatically deinitialise as required.
 .PP
 However, there may be situations when explicit initialisation is desirable or
 needed, for example when some non-default initialisation is required. The
-function \fIOPENSSL_init_ssl()\fR can be used for this purpose. Calling
+function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling
 this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To
 explicitly initialise \s-1ONLY\s0 libcrypto see the
-\&\fIOPENSSL_init_crypto\fR\|(3) function.
+\&\fBOPENSSL_init_crypto\fR\|(3) function.
 .PP
-Numerous internal OpenSSL functions call \fIOPENSSL_init_ssl()\fR.
+Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR.
 Therefore, in order to perform non-default initialisation,
-\&\fIOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to
+\&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to
 any other OpenSSL function calls.
 .PP
 The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be
 initialised. Valid options for libcrypto are described on the
-\&\fIOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto
+\&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto
 specific option the following libssl options can also be used:
 .IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4
 .IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS"
 Suppress automatic loading of the libssl error strings. This option is
 not a default option. Once selected subsequent calls to
-\&\fIOPENSSL_init_ssl()\fR with the option
+\&\fBOPENSSL_init_ssl()\fR with the option
 \&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored.
 .IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4
 .IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS"
 Automatic loading of the libssl error strings. This option is a
 default option. Once selected subsequent calls to
-\&\fIOPENSSL_init_ssl()\fR with the option
+\&\fBOPENSSL_init_ssl()\fR with the option
 \&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored.
 .PP
-\&\fIOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to
-set parameter values.  See \fIOPENSSL_init_crypto\fR\|(3) for details.
+\&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to
+set parameter values.  See \fBOPENSSL_init_crypto\fR\|(3) for details.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The function \fIOPENSSL_init_ssl()\fR returns 1 on success or 0 on error.
+The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIOPENSSL_init_crypto\fR\|(3)
+\&\fBOPENSSL_init_crypto\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0.
+The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
index d52c46d84496b..04f591c268715 100644
--- a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
+++ b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_INSTRUMENT_BUS 3"
-.TH OPENSSL_INSTRUMENT_BUS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_INSTRUMENT_BUS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,10 +160,10 @@ interlocked manner, which should contribute additional noise on
 multi-processor systems. This also means that \fBvector[num]\fR should be
 zeroed upon invocation (if you want to retrieve actual probe values).
 .PP
-\&\fIOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of
+\&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of
 oscillator cycles every probe took.
 .PP
-\&\fIOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive
+\&\fBOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive
 probes with the same value, i.e. in a way it records duration of
 periods when probe values appeared deterministic. The subroutine
 performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR,
diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
index 90bb0d59443b1..7940527b22916 100644
--- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
+++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3"
-.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,23 +151,23 @@ OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL
+The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL
 configuration modules to the internal list. They can then be used by the
 OpenSSL configuration code.
 .PP
-\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module.
+\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module.
 .PP
-\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module.
+\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module.
 .SH "NOTES"
 .IX Header "NOTES"
-If the simple configuration function \fIOPENSSL_config()\fR is called then
-\&\fIOPENSSL_load_builtin_modules()\fR is called automatically.
+If the simple configuration function \fBOPENSSL_config()\fR is called then
+\&\fBOPENSSL_load_builtin_modules()\fR is called automatically.
 .PP
 Applications which use the configuration functions directly will need to
-call \fIOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other
+call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other
 configuration code.
 .PP
-Applications should call \fIOPENSSL_load_builtin_modules()\fR to load all
+Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all
 configuration modules instead of adding modules selectively: otherwise
 functionality may be missing from the application if an when new
 modules are added.
@@ -172,7 +176,7 @@ modules are added.
 None of the functions return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3)
+\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OPENSSL_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_malloc.3
index 9cbc74b039738..3d96bef8a902b 100644
--- a/secure/lib/libcrypto/man/OPENSSL_malloc.3
+++ b/secure/lib/libcrypto/man/OPENSSL_malloc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_MALLOC 3"
-.TH OPENSSL_MALLOC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_MALLOC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -206,56 +210,54 @@ generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_
 parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0
 Some functions do not add those parameters, but exist for consistency.
 .PP
-\&\fIOPENSSL_malloc_init()\fR sets the lower-level memory allocation functions
-to their default implementation.
-It is generally not necessary to call this, except perhaps in certain
-shared-library situations.
+\&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is
+included for compatibility with older versions of OpenSSL.
 .PP
-\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_realloc()\fR, and \fIOPENSSL_free()\fR are like the
-C \fImalloc()\fR, \fIrealloc()\fR, and \fIfree()\fR functions.
-\&\fIOPENSSL_zalloc()\fR calls \fImemset()\fR to zero the memory before returning.
+\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR, and \fBOPENSSL_free()\fR are like the
+C \fBmalloc()\fR, \fBrealloc()\fR, and \fBfree()\fR functions.
+\&\fBOPENSSL_zalloc()\fR calls \fBmemset()\fR to zero the memory before returning.
 .PP
-\&\fIOPENSSL_clear_realloc()\fR and \fIOPENSSL_clear_free()\fR should be used
+\&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used
 when the buffer at \fBaddr\fR holds sensitive information.
-The old buffer is filled with zero's by calling \fIOPENSSL_cleanse()\fR
-before ultimately calling \fIOPENSSL_free()\fR.
+The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR
+before ultimately calling \fBOPENSSL_free()\fR.
 .PP
-\&\fIOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's.
-Use \fIOPENSSL_cleanse()\fR with care if the memory is a mapping of a file.
+\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's.
+Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file.
 If the storage controller uses write compression, then its possible
 that sensitive tail bytes will survive zeroization because the block of
 zeros will be compressed. If the storage controller uses wear leveling,
 then the old sensitive data will not be overwritten; rather, a block of
 0's will be written at a new physical location.
 .PP
-\&\fIOPENSSL_strdup()\fR, \fIOPENSSL_strndup()\fR and \fIOPENSSL_memdup()\fR are like the
+\&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the
 equivalent C functions, except that memory is allocated by calling the
-\&\fIOPENSSL_malloc()\fR and should be released by calling \fIOPENSSL_free()\fR.
+\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR.
 .PP
-\&\fIOPENSSL_strlcpy()\fR,
-\&\fIOPENSSL_strlcat()\fR and \fIOPENSSL_strnlen()\fR are equivalents of the common C
+\&\fBOPENSSL_strlcpy()\fR,
+\&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C
 library functions and are provided for portability.
 .PP
-\&\fIOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a
+\&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a
 pointer to the parsed value. The memory is allocated by calling
-\&\fIOPENSSL_malloc()\fR and should be released by calling \fIOPENSSL_free()\fR.
+\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR.
 If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length.
 Colons between two-character hex \*(L"bytes\*(R" are ignored.
 An odd number of hex digits is an error.
 .PP
-\&\fIOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns
+\&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns
 a hex string for value, or \s-1NULL\s0 on error.
 \&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned.
 .PP
-\&\fIOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent,
+\&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent,
 or returns \-1 on error.
 .PP
 If no allocations have been done, it is possible to \*(L"swap out\*(R" the default
-implementations for \fIOPENSSL_malloc()\fR, OPENSSL_realloc and \fIOPENSSL_free()\fR
+implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR
 and replace them with alternate versions (hooks).
-\&\fICRYPTO_get_mem_functions()\fR function fills in the given arguments with the
+\&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the
 function pointers for the current implementations.
-With \fICRYPTO_set_mem_functions()\fR, you can specify a different set of functions.
+With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions.
 If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed.
 .PP
 The default implementation can include some debugging capability (if enabled
@@ -263,42 +265,42 @@ at build-time).
 This adds some overhead by keeping a list of all memory allocations, and
 removes items from the list when they are free'd.
 This is most useful for identifying memory leaks.
-\&\fICRYPTO_set_mem_debug()\fR turns this tracking on and off.  In order to have
+\&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off.  In order to have
 any effect, is must be called before any of the allocation functions
-(e.g., \fICRYPTO_malloc()\fR) are called, and is therefore normally one of the
-first lines of \fImain()\fR in an application.
-\&\fICRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking.
-To enable tracking call \fICRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of
+(e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the
+first lines of \fBmain()\fR in an application.
+\&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking.
+To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of
 the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR.
-To disable tracking call \fICRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of
+To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of
 the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR.
 .PP
 While checking memory, it can be useful to store additional context
 about what is being done.
 For example, identifying the field names when parsing a complicated
 data structure.
-\&\fIOPENSSL_mem_debug_push()\fR (which calls \fICRYPTO_mem_debug_push()\fR)
+\&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR)
 attachs an identifying string to the allocation stack.
 This must be a global or other static string; it is not copied.
-\&\fIOPENSSL_mem_debug_pop()\fR removes identifying state from the stack.
+\&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack.
 .PP
-At the end of the program, calling \fICRYPTO_mem_leaks()\fR or
-\&\fICRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it
+At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or
+\&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it
 to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if
 there are no leaks, 0 if there are leaks and \-1 if an error occurred.
 .PP
-\&\fICRYPTO_mem_leaks_cb()\fR does the same as \fICRYPTO_mem_leaks()\fR, but instead
+\&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead
 of writing to a given \s-1BIO,\s0 the callback function is called for each
 output string with the string, length, and userdata \fBu\fR as the callback
 parameters.
 .PP
 If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one
-function, \fICRYPTO_get_alloc_counts()\fR, and two additional environment
+function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment
 variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR,
 are available.
 .PP
-The function \fICRYPTO_get_alloc_counts()\fR fills in the number of times
-each of \fICRYPTO_malloc()\fR, \fICRYPTO_realloc()\fR, and \fICRYPTO_free()\fR have been
+The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times
+each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been
 called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR,
 respectively.  If a pointer is \s-1NULL,\s0 then the corresponding count is not stored.
 .PP
@@ -328,40 +330,40 @@ to use this (will not work on all platforms):
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOPENSSL_malloc_init()\fR, \fIOPENSSL_free()\fR, \fIOPENSSL_clear_free()\fR
-\&\fICRYPTO_free()\fR, \fICRYPTO_clear_free()\fR and \fICRYPTO_get_mem_functions()\fR
+\&\fBOPENSSL_malloc_init()\fR, \fBOPENSSL_free()\fR, \fBOPENSSL_clear_free()\fR
+\&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR
 return no value.
 .PP
-\&\fICRYPTO_mem_leaks()\fR, \fICRYPTO_mem_leaks_fp()\fR and \fICRYPTO_mem_leaks_cb()\fR return 1 if
+\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if
 there are no leaks, 0 if there are leaks and \-1 if an error occurred.
 .PP
-\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_zalloc()\fR, \fIOPENSSL_realloc()\fR,
-\&\fIOPENSSL_clear_realloc()\fR,
-\&\fICRYPTO_malloc()\fR, \fICRYPTO_zalloc()\fR, \fICRYPTO_realloc()\fR,
-\&\fICRYPTO_clear_realloc()\fR,
-\&\fIOPENSSL_buf2hexstr()\fR, \fIOPENSSL_hexstr2buf()\fR,
-\&\fIOPENSSL_strdup()\fR, and \fIOPENSSL_strndup()\fR
+\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR,
+\&\fBOPENSSL_clear_realloc()\fR,
+\&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR,
+\&\fBCRYPTO_clear_realloc()\fR,
+\&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR,
+\&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR
 return a pointer to allocated memory or \s-1NULL\s0 on error.
 .PP
-\&\fICRYPTO_set_mem_functions()\fR and \fICRYPTO_set_mem_debug()\fR
+\&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR
 return 1 on success or 0 on failure (almost
 always because allocations have already happened).
 .PP
-\&\fICRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the
+\&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the
 previous value of the mode.
 .PP
-\&\fIOPENSSL_mem_debug_push()\fR and \fIOPENSSL_mem_debug_pop()\fR
+\&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR
 return 1 on success or 0 on failure.
 .SH "NOTES"
 .IX Header "NOTES"
 While it's permitted to swap out only a few and not all the functions
-with \fICRYPTO_set_mem_functions()\fR, it's recommended to swap them all out
+with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out
 at once.  \fIThis applies specially if OpenSSL was built with the
 configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled.  In case, swapping out
-only, say, the \fImalloc()\fI implementation is outright dangerous.\fR
+only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
index 90dbb3eaa0eff..af853394f7add 100644
--- a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
+++ b/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_SECURE_MALLOC 3"
-.TH OPENSSL_SECURE_MALLOC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_SECURE_MALLOC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -177,75 +181,75 @@ If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored
 This protects long-term storage of private keys, but will not necessarily
 put all intermediate values and computations there.
 .PP
-\&\fICRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified
+\&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified
 \&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to
 allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power
 of two.
 .PP
-\&\fICRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure
+\&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure
 heap as been initialized and is available.
 .PP
-\&\fICRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable
+\&\fBCRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable
 to the process if all secure memory has been freed.
 It can take noticeably long to complete.
 .PP
-\&\fIOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap.
-If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to
-calling \fIOPENSSL_malloc()\fR.
+\&\fBOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap.
+If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to
+calling \fBOPENSSL_malloc()\fR.
 It is a macro that expands to
-\&\fICRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.
+\&\fBCRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.
 .PP
-\&\fIOPENSSL_secure_zalloc()\fR and \fICRYPTO_secure_zalloc()\fR are like
-\&\fIOPENSSL_secure_malloc()\fR and \fICRYPTO_secure_malloc()\fR, respectively,
-except that they call \fImemset()\fR to zero the memory before returning.
+\&\fBOPENSSL_secure_zalloc()\fR and \fBCRYPTO_secure_zalloc()\fR are like
+\&\fBOPENSSL_secure_malloc()\fR and \fBCRYPTO_secure_malloc()\fR, respectively,
+except that they call \fBmemset()\fR to zero the memory before returning.
 .PP
-\&\fIOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap.
+\&\fBOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap.
 It must be called with a value previously obtained from
-\&\fIOPENSSL_secure_malloc()\fR.
-If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to
-calling \fIOPENSSL_free()\fR.
-It exists for consistency with \fIOPENSSL_secure_malloc()\fR , and
-is a macro that expands to \fICRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR
+\&\fBOPENSSL_secure_malloc()\fR.
+If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to
+calling \fBOPENSSL_free()\fR.
+It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and
+is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR
 and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters..
 .PP
-\&\fIOPENSSL_secure_clear_free()\fR is similar to \fIOPENSSL_secure_free()\fR except
+\&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except
 that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear
 the memory if it was not allocated from the secure heap.
-If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to
-calling \fIOPENSSL_clear_free()\fR.
+If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to
+calling \fBOPENSSL_clear_free()\fR.
 .PP
-\&\fIOPENSSL_secure_actual_size()\fR tells the actual size allocated to the
+\&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the
 pointer; implementations may allocate more space than initially
 requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation.
 .PP
-\&\fICRYPTO_secure_used()\fR returns the number of bytes allocated in the
+\&\fBCRYPTO_secure_used()\fR returns the number of bytes allocated in the
 secure heap.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fICRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful,
+\&\fBCRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful,
 and 2 if successful but the heap could not be protected by memory
 mapping.
 .PP
-\&\fICRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is
-available (that is, if \fICRYPTO_secure_malloc_init()\fR has been called,
-but \fICRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not.
+\&\fBCRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is
+available (that is, if \fBCRYPTO_secure_malloc_init()\fR has been called,
+but \fBCRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not.
 .PP
-\&\fIOPENSSL_secure_malloc()\fR and \fIOPENSSL_secure_zalloc()\fR return a pointer into
+\&\fBOPENSSL_secure_malloc()\fR and \fBOPENSSL_secure_zalloc()\fR return a pointer into
 the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be
 allocated.
 .PP
-\&\fICRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not.
+\&\fBCRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not.
 .PP
-\&\fICRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not.
+\&\fBCRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not.
 .PP
-\&\fIOPENSSL_secure_free()\fR and \fIOPENSSL_secure_clear_free()\fR return no values.
+\&\fBOPENSSL_secure_free()\fR and \fBOPENSSL_secure_clear_free()\fR return no values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIOPENSSL_malloc\fR\|(3),
-\&\fIBN_new\fR\|(3)
+\&\fBOPENSSL_malloc\fR\|(3),
+\&\fBBN_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIOPENSSL_secure_clear_free()\fR was added in OpenSSL 1.1.0g.
+The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 b/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
index c27173cc8445e..d2da5d7633e14 100644
--- a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
+++ b/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OSSL_STORE_INFO 3"
-.TH OSSL_STORE_INFO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OSSL_STORE_INFO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -177,47 +181,47 @@ loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders.
 .SS "Types"
 .IX Subsection "Types"
 \&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for
-the objects that have been retrieved by \fIOSSL_STORE_load()\fR and similar
+the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar
 functions.
 Supported OpenSSL type object can be extracted using one of
-\&\fISTORE_INFO_get0_TYPE()\fR.
+\&\fBSTORE_INFO_get0_TYPE()\fR.
 The life time of this extracted object is as long as the life time of
 the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not
 to free the latter too early.
-As an alternative, \fISTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the
+As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the
 same object with its reference count increased), which can be used
 after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed.
-The object returned by \fISTORE_INFO_get1_TYPE()\fR must be freed separately
+The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately
 by the caller.
 See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are
 supported.
 .SS "Functions"
 .IX Subsection "Functions"
-\&\fIOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0
+\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0
 type number for the object inside.
-\&\fISTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a
+\&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a
 short string describing it.
 .PP
-\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR,
-\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR,
-\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all take a
+\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR,
+\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR,
+\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a
 \&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL
 type provided that's what's held.
 .PP
-\&\fIOSSL_STORE_INFO_get1_NAME()\fR, \fIOSSL_STORE_INFO_get1_NAME_description()\fR,
-\&\fIOSSL_STORE_INFO_get1_PARAMS()\fR, \fIOSSL_STORE_INFO_get1_PKEY()\fR,
-\&\fIOSSL_STORE_INFO_get1_CERT()\fR and \fIOSSL_STORE_INFO_get1_CRL()\fR all take a
+\&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR,
+\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR,
+\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a
 \&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the
 appropriate OpenSSL type provided that's what's held.
 .PP
-\&\fIOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type.
+\&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type.
 .PP
-\&\fIOSSL_STORE_INFO_new_NAME()\fR , \fIOSSL_STORE_INFO_new_PARAMS()\fR,
-\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and
-\&\fIOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR
+\&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR,
+\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and
+\&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR
 object to hold the given input object.
 Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects,
-\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra
+\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra
 description.
 This description is meant to be human readable and should be used for
 information printout.
@@ -264,42 +268,42 @@ An X.509 certificate.
 A X.509 certificate revocation list.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given
+\&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given
 \&\fB\s-1OSSL_STORE_INFO\s0\fR.
 There is no error value.
 .PP
-\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR,
-\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR,
-\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return
+\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR,
+\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR,
+\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return
 a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise.
 .PP
-\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR,
-\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR,
-\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return
+\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR,
+\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR,
+\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return
 a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise.
 .PP
-\&\fIOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on
+\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on
 failure.
 .PP
-\&\fIOSSL_STORE_INFO_new_NAME()\fR, \fIOSSL_STORE_INFO_new_PARAMS()\fR,
-\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and
-\&\fIOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR
+\&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR,
+\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and
+\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR
 pointer on success, or \fB\s-1NULL\s0\fR on failure.
 .PP
-\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on
+\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on
 failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3)
+\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\s-1\fIOSSL_STORE_INFO\s0()\fR, \fIOSSL_STORE_INFO_get_type()\fR, \fIOSSL_STORE_INFO_get0_NAME()\fR,
-\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR,
-\&\fIOSSL_STORE_INFO_get0_CERT()\fR, \fIOSSL_STORE_INFO_get0_CRL()\fR,
-\&\fIOSSL_STORE_INFO_type_string()\fR, \fIOSSL_STORE_INFO_free()\fR, \fIOSSL_STORE_INFO_new_NAME()\fR,
-\&\fIOSSL_STORE_INFO_new_PARAMS()\fR, \fIOSSL_STORE_INFO_new_PKEY()\fR,
-\&\fIOSSL_STORE_INFO_new_CERT()\fR and \fIOSSL_STORE_INFO_new_CRL()\fR
-were added to OpenSSL 1.1.1.
+\&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR,
+\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR,
+\&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR,
+\&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR,
+\&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR,
+\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR
+were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 b/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
index 364a26e7fd0fb..0e903ff86f6eb 100644
--- a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
+++ b/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OSSL_STORE_LOADER 3"
-.TH OSSL_STORE_LOADER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OSSL_STORE_LOADER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -195,8 +199,8 @@ schemes they support.
 .IX Subsection "Types"
 \&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader.
 It contains a scheme and the functions needed to implement
-\&\fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR, \fIOSSL_STORE_error()\fR and
-\&\fIOSSL_STORE_close()\fR for this scheme.
+\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and
+\&\fBOSSL_STORE_close()\fR for this scheme.
 .PP
 \&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader
 using \fBstruct ossl_store_loader_ctx_st { ... }\fR.
@@ -252,7 +256,7 @@ This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI
 with associated data.
 It's expected to load the next available data, mold it into a data
 structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the
-\&\s-1\fIOSSL_STORE_INFO\s0\fR\|(3) functions.
+\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions.
 If no more data is available or an error occurs, this function is
 expected to return \s-1NULL.\s0
 The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if
@@ -278,40 +282,40 @@ contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer.
 It returns 1 on success and 0 on error.
 .SS "Functions"
 .IX Subsection "Functions"
-\&\fIOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR.
+\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR.
 It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR.
 \&\fBscheme\fR must \fIalways\fR be set.
 Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as
 long as the created loader is.
 .PP
-\&\fIOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR.
-\&\fIOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR.
+\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR.
+\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_LOADER_set_open()\fR sets the opener function for the
+\&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the
 \&\fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the
+\&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the
 \&\fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the
+\&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the
 \&\fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_LOADER_set_load()\fR sets the loader function for the
+\&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the
 \&\fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the
+\&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the
 \&\fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_LOADER_set_close()\fR sets the closing function for the
+\&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the
 \&\fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR.
+\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR.
 .PP
-\&\fIOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby
-makes it available for use with \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR,
-\&\fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR.
+\&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby
+makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR,
+\&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR.
 .PP
-\&\fIOSSL_STORE_unregister_loader()\fR unregister the store loader for the given
+\&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given
 \&\fBscheme\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -321,33 +325,33 @@ The \fBfile:\fR scheme has built in support.
 The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR,
 \&\fBOSSL_STORE_expect_fn\fR,
 \&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the
-same return values as \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_expect()\fR,
-\&\fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR, respectively.
+same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR,
+\&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively.
 .PP
-\&\fIOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success,
+\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success,
 or \fB\s-1NULL\s0\fR on failure.
 .PP
-\&\fIOSSL_STORE_LOADER_set_open()\fR, \fIOSSL_STORE_LOADER_set_ctrl()\fR,
-\&\fIOSSL_STORE_LOADER_set_load()\fR, \fIOSSL_STORE_LOADER_set_eof()\fR and
-\&\fIOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure.
+\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR,
+\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and
+\&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure.
 .PP
-\&\fIOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure.
+\&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure.
 .PP
-\&\fIOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success,
+\&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success,
 or \fB\s-1NULL\s0\fR on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3)
+\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\s-1\fIOSSL_STORE_LOADER\s0()\fR, \s-1\fIOSSL_STORE_LOADER_CTX\s0()\fR, \fIOSSL_STORE_LOADER_new()\fR,
-\&\fIOSSL_STORE_LOADER_set0_scheme()\fR, \fIOSSL_STORE_LOADER_set_open()\fR,
-\&\fIOSSL_STORE_LOADER_set_ctrl()\fR, \fIOSSL_STORE_LOADER_set_load()\fR,
-\&\fIOSSL_STORE_LOADER_set_eof()\fR, \fIOSSL_STORE_LOADER_set_close()\fR,
-\&\fIOSSL_STORE_LOADER_free()\fR, \fIOSSL_STORE_register_loader()\fR,
-\&\fIOSSL_STORE_unregister_loader()\fR, \fIOSSL_STORE_open_fn()\fR, \fIOSSL_STORE_ctrl_fn()\fR,
-\&\fIOSSL_STORE_load_fn()\fR, \fIOSSL_STORE_eof_fn()\fR and \fIOSSL_STORE_close_fn()\fR
-were added to OpenSSL 1.1.1.
+\&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR,
+\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR,
+\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR,
+\&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR,
+\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR,
+\&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR,
+\&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR
+were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 b/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
index de76cb4da4cad..51d104d5d340f 100644
--- a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
+++ b/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OSSL_STORE_SEARCH 3"
-.TH OSSL_STORE_SEARCH 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OSSL_STORE_SEARCH 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,25 +171,25 @@ OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 These functions are used to specify search criteria to help search for specific
-objects through other names than just the \s-1URI\s0 that's given to \fIOSSL_STORE_open()\fR.
+objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR.
 For example, this can be useful for an application that has received a \s-1URI\s0
 and then wants to add on search criteria in a uniform and supported manner.
 .SS "Types"
 .IX Subsection "Types"
 \&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search
 criterion, and that can be given to an \s-1OSSL_STORE\s0 context with
-\&\fIOSSL_STORE_find()\fR.
+\&\fBOSSL_STORE_find()\fR.
 .PP
 The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all
 times, and should therefore be careful not to deallocate it before
-\&\fIOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given
+\&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given
 to.
 .SS "Application Functions"
 .IX Subsection "Application Functions"
-\&\fIOSSL_STORE_SEARCH_by_name()\fR,
-\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR,
-\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR,
-and \fIOSSL_STORE_SEARCH_by_alias()\fR
+\&\fBOSSL_STORE_SEARCH_by_name()\fR,
+\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR,
+\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR,
+and \fBOSSL_STORE_SEARCH_by_alias()\fR
 are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name
 and serial number pair, a key fingerprint, and an alias (for example a friendly
 name).
@@ -193,15 +197,15 @@ The parameters that are provided are not copied, only referred to in a
 criterion, so they must have at least the same life time as the created
 \&\fB\s-1OSSL_STORE_SEARCH\s0\fR.
 .PP
-\&\fIOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR.
+\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR.
 .SS "Loader Functions"
 .IX Subsection "Loader Functions"
-\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given
+\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given
 \&\fB\s-1OSSL_STORE_SEARCH\s0\fR.
 .PP
-\&\fIOSSL_STORE_SEARCH_get0_name()\fR, \fIOSSL_STORE_SEARCH_get0_serial()\fR,
-\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR, \fIOSSL_STORE_SEARCH_get0_string()\fR,
-and \fIOSSL_STORE_SEARCH_get0_digest()\fR
+\&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR,
+\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR,
+and \fBOSSL_STORE_SEARCH_get0_digest()\fR
 are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as
 available for each type.
 For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below.
@@ -212,17 +216,17 @@ Currently supported criterion types are:
 .IX Item "OSSL_STORE_SEARCH_BY_NAME"
 This criterion supports a search by exact match of subject name.
 The subject name itself is a \fBX509_NAME\fR pointer.
-A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_name()\fR,
-and the actual subject name is retrieved with \fIOSSL_STORE_SEARCH_get0_name()\fR.
+A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR,
+and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR.
 .IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4
 .IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL"
 This criterion supports a search by exact match of both issuer name and serial
 number.
 The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is
 a \fB\s-1ASN1_INTEGER\s0\fR pointer.
-A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_issuer_serial()\fR
+A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR
 and the actual issuer name and serial number are retrieved with
-\&\fIOSSL_STORE_SEARCH_get0_name()\fR and \fIOSSL_STORE_SEARCH_get0_serial()\fR.
+\&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR.
 .IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4
 .IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT"
 This criterion supports a search by exact match of key fingerprint.
@@ -231,61 +235,61 @@ well as the algorithm that was used to compute the fingerprint.
 The digest may be left unspecified (\s-1NULL\s0), and in that case, the
 loader has to decide on a default digest and compare fingerprints
 accordingly.
-A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR
+A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR
 and the actual fingerprint and its length can be retrieved with
-\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR.
-The digest can be retrieved with \fIOSSL_STORE_SEARCH_get0_digest()\fR.
+\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR.
+The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR.
 .IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4
 .IX Item "OSSL_STORE_SEARCH_BY_ALIAS"
 This criterion supports a search by match of an alias of some kind.
 The alias in itself is a simple C string.
-A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_alias()\fR
-and the actual alias is retrieved with \fIOSSL_STORE_SEARCH_get0_string()\fR.
+A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_alias()\fR
+and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOSSL_STORE_SEARCH_by_name()\fR,
-\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR,
-\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR,
-and \fIOSSL_STORE_SEARCH_by_alias()\fR
+\&\fBOSSL_STORE_SEARCH_by_name()\fR,
+\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR,
+\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR,
+and \fBOSSL_STORE_SEARCH_by_alias()\fR
 return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure.
 .PP
-\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given
+\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given
 \&\fB\s-1OSSL_STORE_SEARCH\s0\fR.
 There is no error value.
 .PP
-\&\fIOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success,
+\&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success,
 or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type.
 .PP
-\&\fIOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success,
+\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success,
 or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type.
 .PP
-\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and
+\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and
 sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given
 \&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type.
 .PP
-\&\fIOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success,
+\&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success,
 or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type.
 .PP
-\&\fIOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer.
+\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer.
 \&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will
 be used when applicable.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIossl_store\fR\|(7), \fIOSSL_STORE_supports_search\fR\|(3), \fIOSSL_STORE_find\fR\|(3)
+\&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 \&\fB\s-1OSSL_STORE_SEARCH\s0\fR,
-\&\fIOSSL_STORE_SEARCH_by_name()\fR,
-\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR,
-\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR,
-\&\fIOSSL_STORE_SEARCH_by_alias()\fR,
-\&\fIOSSL_STORE_SEARCH_free()\fR,
-\&\fIOSSL_STORE_SEARCH_get_type()\fR,
-\&\fIOSSL_STORE_SEARCH_get0_name()\fR,
-\&\fIOSSL_STORE_SEARCH_get0_serial()\fR,
-\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR,
-and \fIOSSL_STORE_SEARCH_get0_string()\fR
-were added to OpenSSL 1.1.1.
+\&\fBOSSL_STORE_SEARCH_by_name()\fR,
+\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR,
+\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR,
+\&\fBOSSL_STORE_SEARCH_by_alias()\fR,
+\&\fBOSSL_STORE_SEARCH_free()\fR,
+\&\fBOSSL_STORE_SEARCH_get_type()\fR,
+\&\fBOSSL_STORE_SEARCH_get0_name()\fR,
+\&\fBOSSL_STORE_SEARCH_get0_serial()\fR,
+\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR,
+and \fBOSSL_STORE_SEARCH_get0_string()\fR
+were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OSSL_STORE_expect.3 b/secure/lib/libcrypto/man/OSSL_STORE_expect.3
index 862eec1a2d0ce..8ab78a00441f3 100644
--- a/secure/lib/libcrypto/man/OSSL_STORE_expect.3
+++ b/secure/lib/libcrypto/man/OSSL_STORE_expect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OSSL_STORE_EXPECT 3"
-.TH OSSL_STORE_EXPECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OSSL_STORE_EXPECT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,49 +153,49 @@ OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIOSSL_STORE_expect()\fR helps applications filter what \fIOSSL_STORE_load()\fR returns
+\&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns
 by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type.
 For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects
 and only the certificates are interesting, the application can simply say
 that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR.
-All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3))
+All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3))
 except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported.
 .PP
-\&\fIOSSL_STORE_find()\fR helps applications specify a criterion for a more fine
+\&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine
 grained search of objects.
 .PP
-\&\fIOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0
+\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0
 context supports the given search type.
 See \*(L"\s-1SUPPORED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the
 supported search criterion types.
 .PP
-\&\fIOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first
-\&\fIOSSL_STORE_load()\fR of a given session, or they will fail.
+\&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first
+\&\fBOSSL_STORE_load()\fR of a given session, or they will fail.
 .SH "NOTES"
 .IX Header "NOTES"
 If a more elaborate filter is required by the application, a better choice
 would be to use a post-processing function.
-See \fIOSSL_STORE_open\fR\|(3) for more information.
+See \fBOSSL_STORE_open\fR\|(3) for more information.
 .PP
 However, some loaders may take advantage of the knowledge of an expected type
 to make object retrieval more efficient, so if a single type is expected, this
 method is usually preferable.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure.
+\&\fBOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure.
 .PP
-\&\fIOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0
+\&\fBOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0
 otherwise.
 .PP
-\&\fIOSSL_STORE_find()\fR returns 1 on success, or 0 on failure.
+\&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3),
-\&\fIOSSL_STORE_load\fR\|(3)
+\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3),
+\&\fBOSSL_STORE_load\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIOSSL_STORE_expect()\fR, \fIOSSL_STORE_supports_search()\fR and \fIOSSL_STORE_find()\fR
-were added to OpenSSL 1.1.1.
+\&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR
+were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OSSL_STORE_open.3 b/secure/lib/libcrypto/man/OSSL_STORE_open.3
index c4ff3d98033d7..1201f34555cf3 100644
--- a/secure/lib/libcrypto/man/OSSL_STORE_open.3
+++ b/secure/lib/libcrypto/man/OSSL_STORE_open.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OSSL_STORE_OPEN 3"
-.TH OSSL_STORE_OPEN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OSSL_STORE_OPEN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,23 +163,23 @@ OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctr
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 These functions help the application to fetch supported objects (see
-\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3) for information on which those are)
+\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are)
 from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on
 the supported \s-1URI\s0 schemes).
-The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fIOSSL_STORE_open()\fR,
-read each available and supported object using \fIOSSL_STORE_load()\fR as long as
-\&\fIOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fIOSSL_STORE_close()\fR.
+The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR,
+read each available and supported object using \fBOSSL_STORE_load()\fR as long as
+\&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR.
 .PP
 The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further
-described in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3).
+described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3).
 .SS "Types"
 .IX Subsection "Types"
 \&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal
-information for \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and
-\&\fIOSSL_STORE_close()\fR to work together.
+information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and
+\&\fBOSSL_STORE_close()\fR to work together.
 .SS "Functions"
 .IX Subsection "Functions"
-\&\fIOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method
+\&\fBOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method
 \&\fBui_method\fR with associated data \fBui_data\fR, and post processing
 callback \fBpost_process\fR with associated data \fBpost_process_data\fR,
 opens a channel to the data located at that \s-1URI\s0 and returns a
@@ -183,13 +187,13 @@ opens a channel to the data located at that \s-1URI\s0 and returns a
 The given \fBui_method\fR and \fBui_data_data\fR will be reused by all
 functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed.
 The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by
-\&\fIOSSL_STORE_load()\fR to manipulate or drop the value to be returned.
+\&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned.
 The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which
-will cause \fIOSSL_STORE_load()\fR to start its process over with loading
+will cause \fBOSSL_STORE_load()\fR to start its process over with loading
 the next object, until \fBpost_process\fR returns something other than
-\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fIOSSL_STORE_eof()\fR.
+\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR.
 .PP
-\&\fIOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and
+\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and
 more arguments not specified here.
 The available loader specific command numbers and arguments they each
 take depends on the loader that's used and is documented together with
@@ -204,32 +208,32 @@ This control expects one argument, a pointer to an \fBint\fR that is expected to
 have the value 1 (yes) or 0 (no).
 Any other value is an error.
 .PP
-\&\fIOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available
+\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available
 object and return it wrapped with  \fB\s-1OSSL_STORE_INFO\s0\fR.
 .PP
-\&\fIOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end
+\&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end
 of data.
 .PP
-\&\fIOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in
-the last \fIOSSL_STORE_load()\fR call.
+\&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in
+the last \fBOSSL_STORE_load()\fR call.
 Note that it may still be meaningful to try and load more objects, unless
-\&\fIOSSL_STORE_eof()\fR shows that the end of data has been reached.
+\&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached.
 .PP
-\&\fIOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened
-by \fIOSSL_STORE_open()\fR and frees all other information that was stored in the
+\&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened
+by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the
 \&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself.
 .SH "SUPPORTED SCHEMES"
 .IX Header "SUPPORTED SCHEMES"
 The basic supported scheme is \fBfile:\fR.
 Any other scheme can be added dynamically, using
-\&\fIOSSL_STORE_register_loader()\fR.
+\&\fBOSSL_STORE_register_loader()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 A string without a scheme prefix (that is, a non-URI string) is
 implicitly interpreted as using the \fIfile:\fR scheme.
 .PP
 There are some tools that can be used together with
-\&\fIOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable
+\&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable
 \&\s-1URI,\s0 or if it's a different error (such as memory allocation
 failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the
 top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR.
@@ -240,33 +244,33 @@ The loaders may make assumptions, however.
 For example, the \fBfile:\fR scheme loader inherits the assumptions made by
 OpenSSL functionality that handles the different file types; this is mostly
 relevant for PKCS#12 objects.
-See \fIpassphrase\-encoding\fR\|(7) for further information.
+See \fBpassphrase\-encoding\fR\|(7) for further information.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or
+\&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or
 \&\fB\s-1NULL\s0\fR on failure.
 .PP
-\&\fIOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or
+\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or
 \&\fB\s-1NULL\s0\fR on error or when end of data is reached.
-Use \fIOSSL_STORE_error()\fR and \fIOSSL_STORE_eof()\fR to determine the meaning of a
+Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a
 returned \fB\s-1NULL\s0\fR.
 .PP
-\&\fIOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise
+\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise
 0.
 .PP
-\&\fIOSSL_STORE_error()\fR returns 1 if an error occurred in an \fIOSSL_STORE_load()\fR call,
+\&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call,
 otherwise 0.
 .PP
-\&\fIOSSL_STORE_ctrl()\fR and \fIOSSL_STORE_close()\fR returns 1 on success, or 0 on failure.
+\&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\s-1\fIOSSL_STORE_CTX\s0()\fR, \fIOSSL_STORE_post_process_info_fn()\fR, \fIOSSL_STORE_open()\fR,
-\&\fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR
-were added to OpenSSL 1.1.1.
+\&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR,
+\&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR
+were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
index f6a995dd0d280..5ea5073819784 100644
--- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3"
-.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,30 +160,30 @@ Deprecated:
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
-this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR.
+this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR.
 .PP
-\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table.
+\&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table.
 .PP
-\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and
+\&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and
 ciphers).
 .PP
-\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including
+\&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including
 password based encryption algorithms.
 .PP
-In versions prior to 1.1.0 \fIEVP_cleanup()\fR removed all ciphers and digests from
+In versions prior to 1.1.0 \fBEVP_cleanup()\fR removed all ciphers and digests from
 the table. It no longer has any effect in OpenSSL 1.1.0.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 None of the functions return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7), \fIEVP_DigestInit\fR\|(3),
-\&\fIEVP_EncryptInit\fR\|(3)
+\&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3),
+\&\fBEVP_EncryptInit\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIOpenSSL_add_all_algorithms()\fR, \fIOpenSSL_add_all_ciphers()\fR,
-\&\fIOpenSSL_add_all_digests()\fR, and \fIEVP_cleanup()\fR, functions
-were deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR and should
+The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR,
+\&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions
+were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should
 not be used.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 b/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
index 4fe265e436289..15c060b906da4 100644
--- a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
+++ b/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PEM_BYTES_READ_BIO 3"
-.TH PEM_BYTES_READ_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PEM_BYTES_READ_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,10 +154,10 @@ PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data struct
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1RFC 1421\s0) data from the \s-1BIO\s0
+\&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1RFC 1421\s0) data from the \s-1BIO\s0
 \&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0
 etc.).  If multiple PEM-encoded data structures are present in the same
-stream, \fIPEM_bytes_read_bio()\fR will skip non-matching data types and
+stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and
 continue reading.  Non-PEM data present in the stream may cause an
 error.
 .PP
@@ -171,20 +175,20 @@ The returned data is the DER-encoded form of the requested type, in
 \&\fI*pdata\fR with length \fI*plen\fR.  The caller must free the storage pointed
 to by \fI*pdata\fR.
 .PP
-\&\fIPEM_bytes_read_bio_secmem()\fR is similar to \fIPEM_bytes_read_bio()\fR, but uses
+\&\fBPEM_bytes_read_bio_secmem()\fR is similar to \fBPEM_bytes_read_bio()\fR, but uses
 memory from the secure heap for its temporary buffers and the storage
 returned in \fI*pdata\fR and \fI*pnm\fR.  Accordingly, the caller must use
-\&\fIOPENSSL_secure_free()\fR to free that storage.
+\&\fBOPENSSL_secure_free()\fR to free that storage.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for
+\&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for
 storage allocated within the \s-1PEM\s0 processing stack.  The \s-1BIO\s0 stack from
 which input is read may also use temporary buffers, which are not necessarily
 allocated from the secure heap.  In cases where it is desirable to ensure
 that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap,
 care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR.  In particular, the
-use of \fIBIO_s_file()\fR indicates the use of the operating system stdio
-functionality, which includes buffering as a feature; \fIBIO_s_fd()\fR is likely
+use of \fBBIO_s_file()\fR indicates the use of the operating system stdio
+functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely
 to be more appropriate in such cases.
 .PP
 These functions make no assumption regarding the pass phrase received from the
@@ -192,16 +196,16 @@ password callback.
 It will simply be treated as a byte sequence.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPEM_bytes_read_bio()\fR and \fIPEM_bytes_read_bio_secmem()\fR return 1 for success or
+\&\fBPEM_bytes_read_bio()\fR and \fBPEM_bytes_read_bio_secmem()\fR return 1 for success or
 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIPEM\s0\fR\|(3),
-\&\fIPEM_read_bio_ex\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\s-1\fBPEM\s0\fR\|(3),
+\&\fBPEM_read_bio_ex\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1
+\&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PEM_read.3 b/secure/lib/libcrypto/man/PEM_read.3
index 3b2e4ca7999d2..6f50bee8e44cb 100644
--- a/secure/lib/libcrypto/man/PEM_read.3
+++ b/secure/lib/libcrypto/man/PEM_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PEM_READ 3"
-.TH PEM_READ 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PEM_READ 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -175,80 +179,80 @@ by begin/end markers each on their own line.  For example:
 Optional header line(s) may appear after the begin line, and their
 existence depends on the type of object being written or read.
 .PP
-\&\fIPEM_write()\fR writes to the file \fBfp\fR, while \fIPEM_write_bio()\fR writes to
+\&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to
 the \s-1BIO\s0 \fBbp\fR.  The \fBname\fR is the name to use in the marker, the
 \&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify
 the data and its length.
 .PP
 The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with
-the \fBd2i\fR function appropriate to the type \fBname\fR; see \fId2i_X509\fR\|(3)
+the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3)
 for examples.
 .PP
-\&\fIPEM_read()\fR reads from the file \fBfp\fR, while \fIPEM_read_bio()\fR reads
+\&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads
 from the \s-1BIO\s0 \fBbp\fR.
 Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object.
 When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN
 <type>\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers
 are returned in \fBheader\fR and the base64\-decoded content and its length are
 returned via \fBdata\fR and \fBlen\fR respectively.
-The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fIOPENSSL_malloc()\fR
-and should be freed by the caller via \fIOPENSSL_free()\fR when no longer needed.
+The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR
+and should be freed by the caller via \fBOPENSSL_free()\fR when no longer needed.
 .PP
-\&\fIPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by
-\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR is encrypted and to retrieve the associated cipher
+\&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by
+\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher
 and \s-1IV.\s0
 The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the
-\&\fBcinfo\fR argument and the \fBheader\fR returned via \fIPEM_read()\fR or \fIPEM_read_bio()\fR.
+\&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR.
 If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the
 address pointed to by \fBcinfo\fR.
 When the header is malformed, or not supported or when the cipher is unknown
 or some internal error happens 0 is returned.
 This function is deprecated, see \fB\s-1NOTES\s0\fR below.
 .PP
-\&\fIPEM_do_header()\fR can then be used to decrypt the data if the header
+\&\fBPEM_do_header()\fR can then be used to decrypt the data if the header
 indicates encryption.
 The \fBcinfo\fR argument is a pointer to the structure initialized by the previous
-call to \fIPEM_get_EVP_CIPHER_INFO()\fR.
+call to \fBPEM_get_EVP_CIPHER_INFO()\fR.
 The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to
-\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR.
+\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR.
 The \fBcb\fR and \fBu\fR arguments make it possible to override the default password
-prompt function as described in \fIPEM_read_PrivateKey\fR\|(3).
+prompt function as described in \fBPEM_read_PrivateKey\fR\|(3).
 On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is
 updated to indicate the plaintext length.
 This function is deprecated, see \fB\s-1NOTES\s0\fR below.
 .PP
-If the data is a priori known to not be encrypted, then neither \fIPEM_do_header()\fR
-nor \fIPEM_get_EVP_CIPHER_INFO()\fR need be called.
+If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR
+nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPEM_read()\fR and \fIPEM_read_bio()\fR return 1 on success and 0 on failure, the latter
+\&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter
 includes the case when no more \s-1PEM\s0 objects remain in the input file.
 To distinguish end of file from more serious errors the caller must peek at the
 error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more
-\&\s-1PEM\s0 objects were found.  See \fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_REASON\s0\fR\|(3).
+\&\s-1PEM\s0 objects were found.  See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3).
 .PP
-\&\fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR return 1 on success, and 0 on
+\&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on
 failure.
 The \fBdata\fR is likely meaningless if these functions fail.
 .SH "NOTES"
 .IX Header "NOTES"
-The \fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR functions are deprecated.
+The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated.
 This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should
 be avoided.
 It uses an encryption format with an OpenSSL-specific key-derivation function,
 which employs \s-1MD5\s0 with an iteration count of 1!
 Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5
 v2.0 \s-1PBE.\s0
-See \fIPEM_write_PrivateKey\fR\|(3) and \fId2i_PKCS8PrivateKey_bio\fR\|(3).
+See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3).
 .PP
-\&\fIPEM_do_header()\fR makes no assumption regarding the pass phrase received from the
+\&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the
 password callback.
 It will simply be treated as a byte sequence.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_LIB\s0\fR\|(3),
-\&\fId2i_PKCS8PrivateKey_bio\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3),
+\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PEM_read_CMS.3 b/secure/lib/libcrypto/man/PEM_read_CMS.3
index 0b70254627103..3c793c898b98b 100644
--- a/secure/lib/libcrypto/man/PEM_read_CMS.3
+++ b/secure/lib/libcrypto/man/PEM_read_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PEM_READ_CMS 3"
-.TH PEM_READ_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PEM_READ_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,18 +161,18 @@ the next four lines of the synopsis.
 .PP
 These routines convert between local instances of \s-1ASN1\s0 datatypes and
 the \s-1PEM\s0 encoding.  For more information on the templates, see
-\&\s-1\fIASN1_ITEM\s0\fR\|(3).  For more information on the lower-level routines used
-by the functions here, see \fIPEM_read\fR\|(3).
+\&\s-1\fBASN1_ITEM\s0\fR\|(3).  For more information on the lower-level routines used
+by the functions here, see \fBPEM_read\fR\|(3).
 .PP
-\&\fIPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR
+\&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR
 and returns it.  The \fBcb\fR and \fBu\fR parameters are as described in
-\&\fIpem_password_cb\fR\|(3).
+\&\fBpem_password_cb\fR\|(3).
 .PP
-\&\fIPEM_read_bio_TYPE()\fR is similar to \fIPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR.
+\&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR.
 .PP
-\&\fIPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR.
+\&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR.
 .PP
-\&\fIPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR.
+\&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 These functions make no assumption regarding the pass phrase received from the
@@ -176,15 +180,15 @@ password callback.
 It will simply be treated as a byte sequence.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPEM_read_TYPE()\fR and \fIPEM_read_bio_TYPE()\fR return a pointer to an allocated
-object, which should be released by calling \fITYPE_free()\fR, or \s-1NULL\s0 on error.
+\&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated
+object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error.
 .PP
-\&\fIPEM_write_TYPE()\fR and \fIPEM_write_bio_TYPE()\fR return the number of bytes written
+\&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written
 or zero on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIPEM_read\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBPEM_read\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
index 64fe76216b073..63cdf36398133 100644
--- a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
+++ b/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PEM_READ_BIO_PRIVATEKEY 3"
-.TH PEM_READ_BIO_PRIVATEKEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PEM_READ_BIO_PRIVATEKEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -273,19 +277,19 @@ For more details about the meaning of arguments see the
 .PP
 Each operation has four functions associated with it. For
 brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively
-refer to the \fIPEM_read_bio_TYPE()\fR, \fIPEM_read_TYPE()\fR,
-\&\fIPEM_write_bio_TYPE()\fR, and \fIPEM_write_TYPE()\fR functions.
+refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR,
+\&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions.
 .PP
 The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an
 \&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are
-equivalent to \fIPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently
+equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently
 handle traditional and PKCS#8 format encrypted and unencrypted keys.
 .PP
-\&\fIPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the
+\&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the
 \&\*(L"traditional\*(R" format with a simple private key marker and should only
 be used for compatibility with legacy programs.
 .PP
-\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR write a private
+\&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private
 key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using
 PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument
 specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the
@@ -293,7 +297,7 @@ encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If
 \&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo
 structure is used instead.
 .PP
-\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR
+\&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR
 also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
 it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
 to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the
@@ -491,7 +495,7 @@ Skeleton pass phrase callback:
 .IX Header "NOTES"
 The old \fBPrivateKey\fR write routines are retained for compatibility.
 New applications should write private keys using the
-\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines
+\&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines
 because they are more secure (they use an iteration count of 2048 whereas
 the traditional routines use a count of 1) unless compatibility with older
 versions of OpenSSL is important.
@@ -532,21 +536,21 @@ The private key (or other data) takes the following form:
 The line beginning with \fIProc-Type\fR contains the version and the
 protection on the encapsulated data. The line beginning \fIDEK-Info\fR
 contains two comma separated values: the encryption algorithm name as
-used by \fIEVP_get_cipherbyname()\fR and an initialization vector used by the
+used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the
 cipher encoded as a set of hexadecimal digits. After those two lines is
 the base64\-encoded encrypted data.
 .PP
-The encryption key is derived using \fIEVP_BytesToKey()\fR. The cipher's
-initialization vector is passed to \fIEVP_BytesToKey()\fR as the \fBsalt\fR
+The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's
+initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR
 parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used
 (regardless of the size of the initialization vector). The user's
-password is passed to \fIEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR
+password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR
 parameters. Finally, the library uses an iteration count of 1 for
-\&\fIEVP_BytesToKey()\fR.
+\&\fBEVP_BytesToKey()\fR.
 .PP
-The \fBkey\fR derived by \fIEVP_BytesToKey()\fR along with the original initialization
+The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization
 vector is then used to decrypt the encrypted data. The \fBiv\fR produced by
-\&\fIEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to
+\&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to
 the function.
 .PP
 The pseudo code to derive the key would look similar to:
@@ -597,8 +601,8 @@ in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead
 as they will be formally deprecated in a future releases.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_EncryptInit\fR\|(3), \fIEVP_BytesToKey\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PEM_read_bio_ex.3 b/secure/lib/libcrypto/man/PEM_read_bio_ex.3
index 6f46e1ce8739f..d0698194dee28 100644
--- a/secure/lib/libcrypto/man/PEM_read_bio_ex.3
+++ b/secure/lib/libcrypto/man/PEM_read_bio_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PEM_READ_BIO_EX 3"
-.TH PEM_READ_BIO_EX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PEM_READ_BIO_EX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,7 +153,7 @@ PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \-
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting
+\&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting
 the name of the type of contained data, the header information regarding
 the possibly encrypted data, and the binary data payload (after base64 decoding).
 It should generally only be used to implement PEM_read_bio_\-family functions
@@ -161,7 +165,7 @@ input are allocated from the secure heap.
 .PP
 If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace
 and control characters from the end of each line, so as to be compatible with
-the historical behavior of \fIPEM_read_bio()\fR.
+the historical behavior of \fBPEM_read_bio()\fR.
 .PP
 If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64
 characters (or newlines); non\-base64 characters are treated as end of input.
@@ -174,17 +178,17 @@ these options are not compatible with each other.
 .SH "NOTES"
 .IX Header "NOTES"
 The caller must release the storage allocated for *name, *header, and *data.
-If \s-1PEM_FLAG_SECURE\s0 was set, use \fIOPENSSL_secure_free()\fR; otherwise,
-\&\fIOPENSSL_free()\fR is used.
+If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise,
+\&\fBOPENSSL_free()\fR is used.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPEM_read_bio_ex()\fR returns 1 for success or 0 for failure.
+\&\fBPEM_read_bio_ex()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIPEM\s0\fR\|(3)
+\&\s-1\fBPEM\s0\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIPEM_read_bio_ex()\fR was added in OpenSSL 1.1.1.
+The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
index 775c06d9e8099..c543ca8c13057 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PEM_WRITE_BIO_CMS_STREAM 3"
-.TH PEM_WRITE_BIO_CMS_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PEM_WRITE_BIO_CMS_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,27 +149,27 @@ PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format.
+\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format.
 .PP
-It is otherwise identical to the function \fISMIME_write_CMS()\fR.
+It is otherwise identical to the function \fBSMIME_write_CMS()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting
+This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting
 streaming.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure.
+\&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
-\&\fICMS_decrypt\fR\|(3),
-\&\fIPEM_write\fR\|(3),
-\&\fISMIME_write_CMS\fR\|(3),
-\&\fIi2d_CMS_bio_stream\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3)
+\&\fBCMS_decrypt\fR\|(3),
+\&\fBPEM_write\fR\|(3),
+\&\fBSMIME_write_CMS\fR\|(3),
+\&\fBi2d_CMS_bio_stream\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIPEM_write_bio_CMS_stream()\fR was added to OpenSSL 1.0.0
+The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
index 96f4da397d53c..81fba7301a468 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3"
-.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,26 +149,26 @@ PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format.
+\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format.
 .PP
-It is otherwise identical to the function \fISMIME_write_PKCS7()\fR.
+It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting
+This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting
 streaming.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure.
+\&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
-\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
-\&\fIPKCS7_decrypt\fR\|(3),
-\&\fISMIME_write_PKCS7\fR\|(3),
-\&\fIi2d_PKCS7_bio_stream\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3),
+\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3)
+\&\fBPKCS7_decrypt\fR\|(3),
+\&\fBSMIME_write_PKCS7\fR\|(3),
+\&\fBi2d_PKCS7_bio_stream\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIPEM_write_bio_PKCS7_stream()\fR was added to OpenSSL 1.0.0
+The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3
index d5208f248e161..d3da3c08d387f 100644
--- a/secure/lib/libcrypto/man/PKCS12_create.3
+++ b/secure/lib/libcrypto/man/PKCS12_create.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_CREATE 3"
-.TH PKCS12_CREATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS12_CREATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ PKCS12_create \- create a PKCS#12 structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS12_create()\fR creates a PKCS#12 structure.
+\&\fBPKCS12_create()\fR creates a PKCS#12 structure.
 .PP
 \&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for
 the supplied certificate and key. \fBpkey\fR is the private key to include in
@@ -193,16 +197,16 @@ should be used.
 .PP
 \&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely.
 .PP
-\&\fIPKCS12_create()\fR makes assumptions regarding the encoding of the given pass
+\&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass
 phrase.
-See \fIpassphrase\-encoding\fR\|(7) for more information.
+See \fBpassphrase\-encoding\fR\|(7) for more information.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred.
+\&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_PKCS12\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBd2i_PKCS12\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS12_newpass.3 b/secure/lib/libcrypto/man/PKCS12_newpass.3
index 23df18be57ef8..ec71294b1d466 100644
--- a/secure/lib/libcrypto/man/PKCS12_newpass.3
+++ b/secure/lib/libcrypto/man/PKCS12_newpass.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_NEWPASS 3"
-.TH PKCS12_NEWPASS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS12_NEWPASS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ PKCS12_newpass \- change the password of a PKCS12 structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure.
+\&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure.
 .PP
 \&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password
 and \fBnewpass\fR is the new password.
@@ -159,11 +163,11 @@ In particular, this means that passwords in the locale character set
 (or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before
 use. This may include passwords from local text files, or input from
 the terminal or command line. Refer to the documentation of
-\&\fIUI_OpenSSL\fR\|(3), for example.
+\&\fBUI_OpenSSL\fR\|(3), for example.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can
-retrieve the most recent error from \fIPKCS12_newpass()\fR with \fIERR_get_error()\fR.
+\&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can
+retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 This example loads a PKCS#12 file, changes its password and writes out
@@ -217,7 +221,7 @@ the result to a new file.
 .IX Header "NOTES"
 If the PKCS#12 structure does not have a password, then you must use the empty
 string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a
-\&\fIPKCS12_newpass()\fR failure.
+\&\fBPKCS12_newpass()\fR failure.
 .PP
 If the wrong password is used for \fBoldpass\fR then the function will fail,
 with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not
@@ -230,8 +234,8 @@ Unicode form internally. As a result some passwords cannot be supplied to
 this function.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIPKCS12_create\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3
index 7af5dcad7b88c..1c5a9423cff57 100644
--- a/secure/lib/libcrypto/man/PKCS12_parse.3
+++ b/secure/lib/libcrypto/man/PKCS12_parse.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_PARSE 3"
-.TH PKCS12_PARSE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS12_PARSE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -140,12 +144,13 @@ PKCS12_parse \- parse a PKCS#12 structure
 .IX Header "SYNOPSIS"
 .Vb 1
 \& #include <openssl/pkcs12.h>
+\&
+\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+\&                  STACK_OF(X509) **ca);
 .Ve
-.PP
-int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, \s-1STACK_OF\s0(X509) **ca);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure.
+\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure.
 .PP
 \&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use.
 If successful the private key will be written to \fB*pkey\fR, the corresponding
@@ -168,12 +173,12 @@ In particular, this means that passwords in the locale character set
 (or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before
 use. This may include passwords from local text files, or input from
 the terminal or command line. Refer to the documentation of
-\&\fIUI_OpenSSL\fR\|(3), for example.
+\&\fBUI_OpenSSL\fR\|(3), for example.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred.
+\&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred.
 .PP
-The error can be obtained from \fIERR_get_error\fR\|(3)
+The error can be obtained from \fBERR_get_error\fR\|(3)
 .SH "BUGS"
 .IX Header "BUGS"
 Only a single private key and corresponding certificate is returned by this
@@ -186,8 +191,8 @@ certificates. Other attributes are discarded.
 Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_PKCS12\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBd2i_PKCS12\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
index af7c4bfad0451..7221f55c3844a 100644
--- a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
+++ b/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS5_PBKDF2_HMAC 3"
-.TH PKCS5_PBKDF2_HMAC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS5_PBKDF2_HMAC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,12 +156,12 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count
+\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count
 as specified in \s-1RFC 2898.\s0
 .PP
 \&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR
 is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the
-function will calculate the length of \fBpass\fR using \fIstrlen()\fR.
+function will calculate the length of \fBpass\fR using \fBstrlen()\fR.
 .PP
 \&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the
 \&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not
@@ -169,8 +173,8 @@ equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any
 \&\fBiter\fR less than 1 is treated as a single iteration.
 .PP
 \&\fBdigest\fR is the message digest function used in the derivation. Values include
-any of the EVP_* message digests. \s-1\fIPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls
-\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR with \fIEVP_sha1()\fR.
+any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls
+\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR.
 .PP
 The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer
 is specified via \fBkeylen\fR.
@@ -188,12 +192,12 @@ These functions make no assumption regarding the given password.
 It will simply be treated as a byte sequence.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fIPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error.
+\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3),
-\&\fIEVP_BytesToKey\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3),
+\&\fBEVP_BytesToKey\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3
index a9b155bedb6fd..4dbaba6ce6435 100644
--- a/secure/lib/libcrypto/man/PKCS7_decrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_DECRYPT 3"
-.TH PKCS7_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS7_DECRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData
+\&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData
 structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the
 recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and
 \&\fBflags\fR is an optional set of flags.
@@ -161,18 +165,18 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i
 returned.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure.
-The error can be obtained from \fIERR_get_error\fR\|(3)
+\&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure.
+The error can be obtained from \fBERR_get_error\fR\|(3)
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would
+\&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would
 be better if it could look up the correct key and certificate from a database.
 .PP
 The lack of single pass processing and need to hold all data in memory as
-mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
+mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3
index f5c17ca0f8fda..4f2b35fcd0eb7 100644
--- a/secure/lib/libcrypto/man/PKCS7_encrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_ENCRYPT 3"
-.TH PKCS7_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS7_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ PKCS7_encrypt \- create a PKCS#7 envelopedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR
+\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR
 is a list of recipient certificates. \fBin\fR is the content to be encrypted.
 \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
 .SH "NOTES"
@@ -155,11 +159,11 @@ Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient
 certificates supplied to this function must all contain \s-1RSA\s0 public keys, though
 they do not have to be signed using the \s-1RSA\s0 algorithm.
 .PP
-\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
+\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
 because most clients will support it.
 .PP
 Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64
-bit \s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR
+bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR
 respectively.
 .PP
 The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of
@@ -168,7 +172,7 @@ its parameters.
 Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
 by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
-\&\fIPKCS7_encrypt()\fR.
+\&\fBPKCS7_encrypt()\fR.
 .PP
 The following flags can be passed in the \fBflags\fR parameter.
 .PP
@@ -190,17 +194,17 @@ complete and outputting its contents via a function that does not
 properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable
 results.
 .PP
-Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
-\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR,
+\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
 can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_PKCS7()\fR.
+\&\fBBIO_new_PKCS7()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
-The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
+The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3
index afda2274adf17..9debab8725243 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_SIGN 3"
-.TH PKCS7_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS7_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ PKCS7_sign \- create a PKCS#7 signedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is
+\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is
 the certificate to sign with, \fBpkey\fR is the corresponding private key.
 \&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7
 structure (for example any intermediate CAs in the chain).
@@ -203,17 +207,17 @@ If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR str
 complete and outputting its contents via a function that does not properly
 finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results.
 .PP
-Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
-\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
+Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR,
+\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
 can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
-\&\fIBIO_new_PKCS7()\fR.
+\&\fBBIO_new_PKCS7()\fR.
 .PP
 If a signer is specified it will use the default digest for the signing
 algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.
 .PP
 The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be
 \&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added
-using the function \fIPKCS7_sign_add_signer()\fR. \fIPKCS7_final()\fR must also be
+using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be
 called to finalize the structure if streaming is not enabled. Alternative
 signing digests can also be specified using this method.
 .PP
@@ -227,17 +231,17 @@ In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters
 Some advanced attributes such as counter signatures are not supported.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error
-occurred.  The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error
+occurred.  The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR,
-and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR to be was added in OpenSSL 1.0.0
+and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0.
 .PP
-The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0
+The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
index 0d40e8d2ecd75..92a95b26af925 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_SIGN_ADD_SIGNER 3"
-.TH PKCS7_SIGN_ADD_SIGNER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS7_SIGN_ADD_SIGNER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,11 +150,11 @@ PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private
+\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private
 key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure
 \&\fBp7\fR.
 .PP
-The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR
+The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR
 with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0
 signed data structure.
 .PP
@@ -159,11 +163,11 @@ key algorithm will be used.
 .PP
 Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure
 is not complete and must be finalized either by streaming (if applicable) or
-a call to \fIPKCS7_final()\fR.
+a call to \fBPKCS7_final()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The main purpose of this function is to provide finer control over a PKCS#7
-signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are
+signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are
 not appropriate. For example if multiple signers or non default digest
 algorithms are needed.
 .PP
@@ -177,7 +181,7 @@ returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is se
 .PP
 If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the
 \&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes
-can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is
+can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is
 needed to finalize it.
 .PP
 If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the
@@ -196,20 +200,20 @@ If present the SMIMECapabilities attribute indicates support for the following
 algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of
 these algorithms is disabled then it will not be included.
 .PP
-\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
+\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
 structure just added, this can be used to set additional attributes
 before it is finalized.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
+\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
 structure just added or \s-1NULL\s0 if an error occurs.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
-\&\fIPKCS7_final\fR\|(3),
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3),
+\&\fBPKCS7_final\fR\|(3),
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0
+The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3
index 868d79ae0f446..22bf498ff5c33 100644
--- a/secure/lib/libcrypto/man/PKCS7_verify.3
+++ b/secure/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_VERIFY 3"
-.TH PKCS7_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS7_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,7 +152,7 @@ PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0
+\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0
 structure to verify. \fBcerts\fR is a set of certificates in which to search for
 the signer's certificate. \fBstore\fR is a trusted certificate store (used for
 chain verification). \fBindata\fR is the signed data if the content is not
@@ -158,9 +162,9 @@ if it is not \s-1NULL.\s0
 \&\fBflags\fR is an optional set of flags, which can be used to modify the verify
 operation.
 .PP
-\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does
+\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does
 \&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR
-and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR.
+and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR.
 .SH "VERIFY PROCESS"
 .IX Header "VERIFY PROCESS"
 Normally the verify process proceeds as follows.
@@ -190,7 +194,7 @@ If all signature's verify correctly then the function is successful.
 .PP
 Any of the following flags (ored together) can be passed in the \fBflags\fR parameter
 to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is
-meaningful to \fIPKCS7_get0_signers()\fR.
+meaningful to \fBPKCS7_get0_signers()\fR.
 .PP
 If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not
 searched when locating the signer's certificate. This means that all the signers
@@ -227,12 +231,12 @@ signer it cannot be trusted without additional evidence (such as a trusted
 timestamp).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS7_verify()\fR returns one for a successful verification and zero
+\&\fBPKCS7_verify()\fR returns one for a successful verification and zero
 if an error occurs.
 .PP
-\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred.
+\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-The error can be obtained from \fIERR_get_error\fR\|(3)
+The error can be obtained from \fBERR_get_error\fR\|(3)
 .SH "BUGS"
 .IX Header "BUGS"
 The trusted certificate store is not searched for the signers certificate,
@@ -240,10 +244,10 @@ this is primarily due to the inadequacies of the current \fBX509_STORE\fR
 functionality.
 .PP
 The lack of single pass processing and need to hold all data in memory as
-mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
+mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_DRBG_generate.3 b/secure/lib/libcrypto/man/RAND_DRBG_generate.3
index a1101afbc192e..c18fd959eed0c 100644
--- a/secure/lib/libcrypto/man/RAND_DRBG_generate.3
+++ b/secure/lib/libcrypto/man/RAND_DRBG_generate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_DRBG_GENERATE 3"
-.TH RAND_DRBG_GENERATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_DRBG_GENERATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,7 +155,7 @@ RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given d
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given
+\&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given
 \&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR.
 .PP
 Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum
@@ -168,22 +172,22 @@ generator but does not contribute to the entropy count.
 The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and
 \&\fBadinlen\fR to 0;
 .PP
-\&\fIRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given
+\&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given
 \&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR.
-This function is a wrapper around the \fIRAND_DRBG_generate()\fR call,
+This function is a wrapper around the \fBRAND_DRBG_generate()\fR call,
 which collects some additional data from low entropy sources
 (e.g., a high resolution timer) and calls
 RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_DRBG_generate()\fR and \fIRAND_DRBG_bytes()\fR return 1 on success,
+\&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success,
 and 0 on failure.
 .SH "NOTES"
 .IX Header "NOTES"
 The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to
 reasonable default values, which in general do not have to be adjusted.
-If necessary, they can be changed using \fIRAND_DRBG_set_reseed_interval\fR\|(3)
-and \fIRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively.
+If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3)
+and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively.
 .PP
 A request for prediction resistance can only be satisfied by pulling fresh
 entropy from one of the approved entropy sources listed in section 5.5.2 of
@@ -196,10 +200,10 @@ In other words, prediction resistance is currently not supported yet by the \s-1
 The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_bytes\fR\|(3),
-\&\fIRAND_DRBG_set_reseed_interval\fR\|(3),
-\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3),
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBRAND_bytes\fR\|(3),
+\&\fBRAND_DRBG_set_reseed_interval\fR\|(3),
+\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 b/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
index 6fcaaa0f5cc20..961646352be6d 100644
--- a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
+++ b/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_DRBG_GET0_MASTER 3"
-.TH RAND_DRBG_GET0_MASTER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_DRBG_GET0_MASTER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,22 +151,22 @@ RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get ac
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The default \s-1RAND API\s0 implementation (\fIRAND_OpenSSL()\fR) utilizes three
+The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three
 shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0
 .PP
 The <public> and <private> \s-1DRBG\s0 are thread-local instances, which are used
-by \fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR, respectively.
+by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively.
 The <master> \s-1DRBG\s0 is a global instance, which is not intended to be used
 directly, but is used internally to reseed the other two instances.
 .PP
 These functions here provide access to the shared \s-1DRBG\s0 instances.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_DRBG_get0_master()\fR returns a pointer to the <master> \s-1DRBG\s0 instance.
+\&\fBRAND_DRBG_get0_master()\fR returns a pointer to the <master> \s-1DRBG\s0 instance.
 .PP
-\&\fIRAND_DRBG_get0_public()\fR returns a pointer to the <public> \s-1DRBG\s0 instance.
+\&\fBRAND_DRBG_get0_public()\fR returns a pointer to the <public> \s-1DRBG\s0 instance.
 .PP
-\&\fIRAND_DRBG_get0_private()\fR returns a pointer to the <private> \s-1DRBG\s0 instance.
+\&\fBRAND_DRBG_get0_private()\fR returns a pointer to the <private> \s-1DRBG\s0 instance.
 .SH "NOTES"
 .IX Header "NOTES"
 It is not thread-safe to access the <master> \s-1DRBG\s0 instance.
@@ -183,13 +187,13 @@ It is also possible to exchange the reseeding callbacks entirely.
 The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_DRBG_set_callbacks\fR\|(3),
-\&\fIRAND_DRBG_set_reseed_defaults\fR\|(3),
-\&\fIRAND_DRBG_set_reseed_interval\fR\|(3),
-\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3),
-\&\fIRAND_DRBG_set_callbacks\fR\|(3),
-\&\fIRAND_DRBG_generate\fR\|(3),
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBRAND_DRBG_set_callbacks\fR\|(3),
+\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3),
+\&\fBRAND_DRBG_set_reseed_interval\fR\|(3),
+\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3),
+\&\fBRAND_DRBG_set_callbacks\fR\|(3),
+\&\fBRAND_DRBG_generate\fR\|(3),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_DRBG_new.3 b/secure/lib/libcrypto/man/RAND_DRBG_new.3
index 93ca440b6e30e..226c2b5ac9b9e 100644
--- a/secure/lib/libcrypto/man/RAND_DRBG_new.3
+++ b/secure/lib/libcrypto/man/RAND_DRBG_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_DRBG_NEW 3"
-.TH RAND_DRBG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_DRBG_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -164,14 +168,14 @@ RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRAND_DRBG_new()\fR and \fIRAND_DRBG_secure_new()\fR
+\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR
 create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp.
 the secure heap
-(using \fIOPENSSL_zalloc()\fR resp. \fIOPENSSL_secure_zalloc()\fR).
+(using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR).
 .PP
-\&\fIRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR.
+\&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR.
 .PP
-\&\fIRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0
+\&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0
 instances.
 .PP
 Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the
@@ -189,26 +193,26 @@ the default entropy source for reseeding the \fBdrbg\fR. It is said that the
 \&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR.
 For more information, see the \s-1NOTES\s0 section.
 .PP
-\&\fIRAND_DRBG_instantiate()\fR
+\&\fBRAND_DRBG_instantiate()\fR
 seeds the \fBdrbg\fR instance using random input from trusted entropy sources.
 Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be
 specified.
 To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0;
 .PP
-\&\fIRAND_DRBG_uninstantiate()\fR
+\&\fBRAND_DRBG_uninstantiate()\fR
 clears the internal state of the \fBdrbg\fR and puts it back in the
 uninstantiated state.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_DRBG_new()\fR and \fIRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0
+\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0
 instance allocated on the heap, resp. secure heap.
 .PP
-\&\fIRAND_DRBG_set()\fR,
-\&\fIRAND_DRBG_instantiate()\fR, and
-\&\fIRAND_DRBG_uninstantiate()\fR
+\&\fBRAND_DRBG_set()\fR,
+\&\fBRAND_DRBG_instantiate()\fR, and
+\&\fBRAND_DRBG_uninstantiate()\fR
 return 1 on success, and 0 on failure.
 .PP
-\&\fIRAND_DRBG_free()\fR does not return a value.
+\&\fBRAND_DRBG_free()\fR does not return a value.
 .SH "NOTES"
 .IX Header "NOTES"
 The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can
@@ -216,23 +220,23 @@ use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy sou
 to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0
 instance was properly instantiated, either from a trusted entropy source,
 or from yet another parent \s-1DRBG\s0 instance.
-For a detailed description of the reseeding process, see \s-1\fIRAND_DRBG\s0\fR\|(7).
+For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7).
 .PP
 The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0
 instance.
 To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances
 (<master>, resp. <public> and <private>), it is necessary to call
-\&\fIRAND_DRBG_set_defaults()\fR before creating any thread and before calling any
+\&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any
 cryptographic routines that obtain random data directly or indirectly.
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIOPENSSL_zalloc\fR\|(3),
-\&\fIOPENSSL_secure_zalloc\fR\|(3),
-\&\fIRAND_DRBG_generate\fR\|(3),
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBOPENSSL_zalloc\fR\|(3),
+\&\fBOPENSSL_secure_zalloc\fR\|(3),
+\&\fBRAND_DRBG_generate\fR\|(3),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 b/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
index 1c8f749a53ff4..ef07f82f474b7 100644
--- a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
+++ b/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_DRBG_RESEED 3"
-.TH RAND_DRBG_RESEED 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_DRBG_RESEED 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,14 +163,14 @@ RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_inter
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRAND_DRBG_reseed()\fR
+\&\fBRAND_DRBG_reseed()\fR
 reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source
 and mixing in the specified additional data provided in the buffer \fBadin\fR
 of length \fBadinlen\fR.
 The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR
 to 0.
 .PP
-\&\fIRAND_DRBG_set_reseed_interval()\fR
+\&\fBRAND_DRBG_set_reseed_interval()\fR
 sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number
 of generate requests between consecutive reseedings.
 If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the
@@ -174,14 +178,14 @@ number of generate requests since its last seeding exceeds the given reseed
 interval.
 If \fBinterval\fR == 0, then this feature is disabled.
 .PP
-\&\fIRAND_DRBG_set_reseed_time_interval()\fR
+\&\fBRAND_DRBG_set_reseed_time_interval()\fR
 sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed
 number of seconds between consecutive reseedings.
 If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the
 elapsed time since its last reseeding exceeds the given reseed time interval.
 If \fBinterval\fR == 0, then this feature is disabled.
 .PP
-\&\fIRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval
+\&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval
 (\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR)
 and the reseed time interval
 (\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR)
@@ -190,9 +194,9 @@ The default values are set independently for master \s-1DRBG\s0 instances (which
 have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_DRBG_reseed()\fR,
-\&\fIRAND_DRBG_set_reseed_interval()\fR, and
-\&\fIRAND_DRBG_set_reseed_time_interval()\fR,
+\&\fBRAND_DRBG_reseed()\fR,
+\&\fBRAND_DRBG_set_reseed_interval()\fR, and
+\&\fBRAND_DRBG_set_reseed_time_interval()\fR,
 return 1 on success, 0 on failure.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -204,22 +208,22 @@ Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a
 trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded
 (directly or indirectly) from a trusted os entropy source.
 In exceptional cases it is possible to replace the reseeding mechanism entirely
-by providing application defined callbacks using \fIRAND_DRBG_set_callbacks()\fR.
+by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR.
 .PP
 The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance.
 To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances
 (<master>, resp. <public> and <private>), it is necessary to call
-\&\fIRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any
+\&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any
  cryptographic routines that obtain random data directly or indirectly.
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_DRBG_generate\fR\|(3),
-\&\fIRAND_DRBG_bytes\fR\|(3),
-\&\fIRAND_DRBG_set_callbacks\fR\|(3).
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBRAND_DRBG_generate\fR\|(3),
+\&\fBRAND_DRBG_bytes\fR\|(3),
+\&\fBRAND_DRBG_set_callbacks\fR\|(3).
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
index b5d719474c218..be5fc67dbfa4f 100644
--- a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
+++ b/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_DRBG_SET_CALLBACKS 3"
-.TH RAND_DRBG_SET_CALLBACKS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_DRBG_SET_CALLBACKS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -174,7 +178,7 @@ RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and
+\&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and
 the nonce when reseeding the given \fBdrbg\fR.
 The callback functions are implemented and provided by the caller.
 Their parameter lists need to match the function prototypes above.
@@ -182,7 +186,7 @@ Their parameter lists need to match the function prototypes above.
 Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet.
 Otherwise, the operation will fail.
 To change the settings for one of the three shared DRBGs it is necessary to call
-\&\fIRAND_DRBG_uninstantiate()\fR first.
+\&\fBRAND_DRBG_uninstantiate()\fR first.
 .PP
 The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh
 random input.
@@ -204,14 +208,14 @@ it must also indicate an error by returning a buffer length of 0.
 See \s-1NOTES\s0 section for more details.
 .PP
 The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and
-free the buffer allocated previously by \fIget_entropy()\fR.
+free the buffer allocated previously by \fBget_entropy()\fR.
 The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length,
-as returned by the \fIget_entropy()\fR callback.
+as returned by the \fBget_entropy()\fR callback.
 .PP
 The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce
 and free it again. A nonce is only required for instantiation (not for reseeding)
 and only in the case where the \s-1DRBG\s0 uses a derivation function.
-The callbacks are analogous to \fIget_entropy()\fR and \fIcleanup_entropy()\fR,
+The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR,
 except for the missing prediction_resistance flag.
 .PP
 If the derivation function is disabled, then no nonce is used for instantiation,
@@ -219,7 +223,7 @@ and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by
 setting them to \s-1NULL.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure
+\&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure
 .SH "NOTES"
 .IX Header "NOTES"
 It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer
@@ -235,7 +239,7 @@ always fail.
 In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0
 .PP
 The derivation function is disabled during initialization by calling the
-\&\fIRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag.
+\&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag.
 For more information on the derivation function and when it can be omitted,
 see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speeking it can be omitted if the random
 source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte.
@@ -251,9 +255,9 @@ section 8.6.7.
 The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_DRBG_new\fR\|(3),
-\&\fIRAND_DRBG_reseed\fR\|(3),
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBRAND_DRBG_new\fR\|(3),
+\&\fBRAND_DRBG_reseed\fR\|(3),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
index 9d84913116cfb..5d09654a17d3f 100644
--- a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
+++ b/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_DRBG_SET_EX_DATA 3"
-.TH RAND_DRBG_SET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_DRBG_SET_EX_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,22 +156,22 @@ RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- st
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application
+\&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application
 specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should
-be a value previously returned from a call to \fIRAND_DRBG_get_ex_new_index()\fR.
+be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR.
 .PP
-\&\fIRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored
+\&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored
 in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that
 used when originally storing the data.
 .PP
-For more detailed information see \fICRYPTO_get_ex_data\fR\|(3) and
-\&\fICRYPTO_set_ex_data\fR\|(3) which implement these functions and
-\&\fICRYPTO_get_ex_new_index\fR\|(3) for generating a unique index.
+For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and
+\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and
+\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure.
+\&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure.
 .PP
-\&\fIRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on
+\&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on
 failure. \s-1NULL\s0 may also be a valid value.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -175,10 +179,10 @@ RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to
 CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fICRYPTO_get_ex_data\fR\|(3),
-\&\fICRYPTO_set_ex_data\fR\|(3),
-\&\fICRYPTO_get_ex_new_index\fR\|(3),
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBCRYPTO_get_ex_data\fR\|(3),
+\&\fBCRYPTO_set_ex_data\fR\|(3),
+\&\fBCRYPTO_get_ex_new_index\fR\|(3),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3
index f4cf817089513..1dcc9382eec1d 100644
--- a/secure/lib/libcrypto/man/RAND_add.3
+++ b/secure/lib/libcrypto/man/RAND_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_ADD 3"
-.TH RAND_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_ADD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -163,20 +167,20 @@ Deprecated:
 These functions can be used to seed the random generator and to check its
 seeded state.
 In general, manual (re\-)seeding of the default OpenSSL random generator
-(\fIRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed
+(\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed
 itself automatically using trusted system entropy sources.
 This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was
-built with automatic reseeding disabled, see \s-1\fIRAND\s0\fR\|(7) for more details.
+built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details.
 .PP
-\&\fIRAND_status()\fR indicates whether or not the random generator has been sufficiently
-seeded. If not, functions such as \fIRAND_bytes\fR\|(3) will fail.
+\&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently
+seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail.
 .PP
-\&\fIRAND_poll()\fR uses the system's capabilities to seed the random generator using
+\&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using
 random input obtained from polling various trusted entropy sources.
 The default choice of the entropy source can be modified at build time,
-see \s-1\fIRAND\s0\fR\|(7) for more details.
+see \s-1\fBRAND\s0\fR\|(7) for more details.
 .PP
-\&\fIRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state
+\&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state
 of the random generator.
 This function will not normally be needed, as mentioned above.
 The \fBrandomness\fR argument is an estimate of how much randomness is
@@ -186,41 +190,41 @@ Details about sources of randomness and how to estimate their randomness
 can be found in the literature; for example [\s-1NIST SP 800\-90B\s0].
 The content of \fBbuf\fR cannot be recovered from subsequent random generator output.
 Applications that intend to save and restore random state in an external file
-should consider using \fIRAND_load_file\fR\|(3) instead.
+should consider using \fBRAND_load_file\fR\|(3) instead.
 .PP
-\&\fIRAND_seed()\fR is equivalent to \fIRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR.
+\&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR.
 .PP
-\&\fIRAND_keep_random_devices_open()\fR is used to control file descriptor
+\&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor
 usage by the random seed sources. Some seed sources maintain open file
 descriptors by default, which allows such sources to operate in a
-\&\fIchroot\fR\|(2) jail without the associated device nodes being available. When
+\&\fBchroot\fR\|(2) jail without the associated device nodes being available. When
 the \fBkeep\fR argument is zero, this call disables the retention of file
 descriptors. Conversely, a non-zero argument enables the retention of
 file descriptors. This function is usually called during initialization
 and it takes effect immediately.
 .PP
-\&\fIRAND_event()\fR and \fIRAND_screen()\fR are equivalent to \fIRAND_poll()\fR and exist
+\&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist
 for compatibility reasons only. See \s-1HISTORY\s0 section below.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_status()\fR returns 1 if the random generator has been seeded
+\&\fBRAND_status()\fR returns 1 if the random generator has been seeded
 with enough data, 0 otherwise.
 .PP
-\&\fIRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise.
+\&\fBRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise.
 .PP
-\&\fIRAND_event()\fR returns \fIRAND_status()\fR.
+\&\fBRAND_event()\fR returns \fBRAND_status()\fR.
 .PP
 The other functions do not return values.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRAND_event()\fR and \fIRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should
+\&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should
 not be used.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_bytes\fR\|(3),
-\&\fIRAND_egd\fR\|(3),
-\&\fIRAND_load_file\fR\|(3),
-\&\s-1\fIRAND\s0\fR\|(7)
+\&\fBRAND_bytes\fR\|(3),
+\&\fBRAND_egd\fR\|(3),
+\&\fBRAND_load_file\fR\|(3),
+\&\s-1\fBRAND\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
index fb76e6e4197ca..8d43a2e783532 100644
--- a/secure/lib/libcrypto/man/RAND_bytes.3
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_BYTES 3"
-.TH RAND_BYTES 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_BYTES 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,41 +158,41 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes
+\&\fBRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes
 into \fBbuf\fR.
 .PP
-\&\fIRAND_priv_bytes()\fR has the same semantics as \fIRAND_bytes()\fR.  It is intended to
+\&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR.  It is intended to
 be used for generating values that should remain private. If using the
 default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0
 instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not
-affect the secrecy of these private values, as described in \s-1\fIRAND\s0\fR\|(7)
-and \s-1\fIRAND_DRBG\s0\fR\|(7).
+affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7)
+and \s-1\fBRAND_DRBG\s0\fR\|(7).
 .SH "NOTES"
 .IX Header "NOTES"
-Always check the error return value of \fIRAND_bytes()\fR and
-\&\fIRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs
+Always check the error return value of \fBRAND_bytes()\fR and
+\&\fBRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs
 if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an
 unpredictable byte sequence.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR
+\&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR
 return 1 on success, \-1 if not supported by the current
 \&\s-1RAND\s0 method, or 0 on other failure. The error code can be
-obtained by \fIERR_get_error\fR\|(3).
+obtained by \fBERR_get_error\fR\|(3).
 .SH "HISTORY"
 .IX Header "HISTORY"
 .IP "\(bu" 2
-\&\fIRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fIRAND_bytes()\fR instead.
+\&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead.
 .IP "\(bu" 2
-\&\fIRAND_priv_bytes()\fR was added in OpenSSL 1.1.1.
+The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_add\fR\|(3),
-\&\fIRAND_bytes\fR\|(3),
-\&\fIRAND_priv_bytes\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\s-1\fIRAND\s0\fR\|(7),
-\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+\&\fBRAND_add\fR\|(3),
+\&\fBRAND_bytes\fR\|(3),
+\&\fBRAND_priv_bytes\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\s-1\fBRAND\s0\fR\|(7),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3
index 23fa804913092..21b08fdcdbcca 100644
--- a/secure/lib/libcrypto/man/RAND_cleanup.3
+++ b/secure/lib/libcrypto/man/RAND_cleanup.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_CLEANUP 3"
-.TH RAND_CLEANUP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_CLEANUP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,20 +151,20 @@ RAND_cleanup \- erase the PRNG state
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-Prior to OpenSSL 1.1.0, \fIRAND_cleanup()\fR released all resources used by
+Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by
 the \s-1PRNG.\s0  As of version 1.1.0, it does nothing and should not be called,
 since no explicit initialisation or de-initialisation is necessary. See
-\&\fIOPENSSL_init_crypto\fR\|(3).
+\&\fBOPENSSL_init_crypto\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_cleanup()\fR returns no value.
+\&\fBRAND_cleanup()\fR returns no value.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it.
-See \fIOPENSSL_init_crypto\fR\|(3)
+\&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it.
+See \fBOPENSSL_init_crypto\fR\|(3)
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIRAND\s0\fR\|(7)
+\&\s-1\fBRAND\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3
index 45a93c7e4fbad..e5987b3ebab0d 100644
--- a/secure/lib/libcrypto/man/RAND_egd.3
+++ b/secure/lib/libcrypto/man/RAND_egd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_EGD 3"
-.TH RAND_EGD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_EGD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,31 +158,31 @@ socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0
 The protocol used is defined by the EGDs available at
 <http://egd.sourceforge.net/> or <http://prngd.sourceforge.net>.
 .PP
-\&\fIRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the
-specified socket \fBpath\fR, and passes the data it receives into \fIRAND_add()\fR.
-\&\fIRAND_egd()\fR is equivalent to \fIRAND_egd_bytes()\fR with \fBnum\fR set to 255.
+\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the
+specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR.
+\&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255.
 .PP
-\&\fIRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at
+\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at
 the specified socket \fBpath\fR, where \fBnum\fR must be less than 256.
-If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fIRAND_egd_bytes()\fR.
+If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR.
 If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and
-\&\fIRAND_add()\fR is not called.
+\&\fBRAND_add()\fR is not called.
 .PP
 OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding
 automatically.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the
+\&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the
 daemon on success, or \-1 if the connection failed or the daemon did not
 return enough data to fully seed the \s-1PRNG.\s0
 .PP
-\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on
+\&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on
 success, or \-1 if the connection failed.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_add\fR\|(3),
-\&\fIRAND_bytes\fR\|(3),
-\&\s-1\fIRAND\s0\fR\|(7)
+\&\fBRAND_add\fR\|(3),
+\&\fBRAND_bytes\fR\|(3),
+\&\s-1\fBRAND\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3
index a641b5139bac7..17f048b91e50a 100644
--- a/secure/lib/libcrypto/man/RAND_load_file.3
+++ b/secure/lib/libcrypto/man/RAND_load_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_LOAD_FILE 3"
-.TH RAND_LOAD_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_LOAD_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,23 +153,23 @@ RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and
+\&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and
 adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative,
 up to \fBmax_bytes\fR are read;
 if \fBmax_bytes\fR is \-1, the complete file is read.
 Do not load the same file multiple times unless its contents have
-been updated by \fIRAND_write_file()\fR between reads.
+been updated by \fBRAND_write_file()\fR between reads.
 Also, note that \fBfilename\fR should be adequately protected so that an
 attacker cannot replace or examine the contents.
 If \fBfilename\fR is not a regular file, then user is considered to be
 responsible for any side effects, e.g. non-anticipated blocking or
 capture of controlling terminal.
 .PP
-\&\fIRAND_write_file()\fR writes a number of random bytes (currently 128) to
+\&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to
 file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling
-\&\fIRAND_load_file()\fR in a later session.
+\&\fBRAND_load_file()\fR in a later session.
 .PP
-\&\fIRAND_file_name()\fR generates a default path for the random seed
+\&\fBRAND_file_name()\fR generates a default path for the random seed
 file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the
 filename.
 .PP
@@ -192,18 +196,18 @@ If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or
 \&\fBnum\fR is too small for the path name, an error occurs.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_load_file()\fR returns the number of bytes read or \-1 on error.
+\&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error.
 .PP
-\&\fIRAND_write_file()\fR returns the number of bytes written, or \-1 if the
+\&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the
 bytes written were generated without appropriate seeding.
 .PP
-\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on
+\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on
 error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_add\fR\|(3),
-\&\fIRAND_bytes\fR\|(3),
-\&\s-1\fIRAND\s0\fR\|(7)
+\&\fBRAND_add\fR\|(3),
+\&\fBRAND_bytes\fR\|(3),
+\&\s-1\fBRAND\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3
index f6356d8cdd0bd..259e1091b11f2 100644
--- a/secure/lib/libcrypto/man/RAND_set_rand_method.3
+++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_SET_RAND_METHOD 3"
-.TH RAND_SET_RAND_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND_SET_RAND_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,16 +156,16 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method
 A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number
 generation.
 .PP
-\&\fIRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL.
+\&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL.
 This implementation ensures that the \s-1PRNG\s0 state is unique for each thread.
 .PP
 If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will
-be used instead of the method returned by \fIRAND_OpenSSL()\fR.
+be used instead of the method returned by \fBRAND_OpenSSL()\fR.
 .PP
-\&\fIRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use.  If an
+\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use.  If an
 \&\s-1ENGINE\s0 was providing the method, it will be released first.
 .PP
-\&\fIRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR.
+\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR.
 .SH "THE RAND_METHOD STRUCTURE"
 .IX Header "THE RAND_METHOD STRUCTURE"
 .Vb 8
@@ -176,18 +180,18 @@ be used instead of the method returned by \fIRAND_OpenSSL()\fR.
 .Ve
 .PP
 The fields point to functions that are used by, in order,
-\&\fIRAND_seed()\fR, \fIRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fIRAND_add()\fR, \fIRAND_pseudo_rand()\fR
-and \fIRAND_status()\fR.
+\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR
+and \fBRAND_status()\fR.
 Each pointer may be \s-1NULL\s0 if the function is not implemented.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and
-\&\fIRAND_OpenSSL()\fR return pointers to the respective methods.
+\&\fBRAND_set_rand_method()\fR returns no value. \fBRAND_get_rand_method()\fR and
+\&\fBRAND_OpenSSL()\fR return pointers to the respective methods.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_bytes\fR\|(3),
-\&\fIENGINE_by_id\fR\|(3),
-\&\s-1\fIRAND\s0\fR\|(7)
+\&\fBRAND_bytes\fR\|(3),
+\&\fBENGINE_by_id\fR\|(3),
+\&\s-1\fBRAND\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RC4_set_key.3 b/secure/lib/libcrypto/man/RC4_set_key.3
index 52dd5304c746d..294f8e58327bb 100644
--- a/secure/lib/libcrypto/man/RC4_set_key.3
+++ b/secure/lib/libcrypto/man/RC4_set_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RC4_SET_KEY 3"
-.TH RC4_SET_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RC4_SET_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,11 +163,11 @@ key sizes have been widely used due to export restrictions.
 \&\s-1RC4\s0 consists of a key setup phase and the actual encryption or
 decryption phase.
 .PP
-\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long
+\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long
 key at \fBdata\fR.
 .PP
-\&\s-1\fIRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using
-\&\fBkey\fR and places the result at \fBoutdata\fR.  Repeated \s-1\fIRC4\s0()\fR calls with
+\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using
+\&\fBkey\fR and places the result at \fBoutdata\fR.  Repeated \s-1\fBRC4\s0()\fR calls with
 the same \fBkey\fR yield a continuous key stream.
 .PP
 Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random
@@ -171,18 +175,18 @@ key stream to produce the output), decryption uses the same function
 calls as encryption.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR do not return values.
+\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values.
 .SH "NOTE"
 .IX Header "NOTE"
 Applications should use the higher level functions
-\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these
+\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these
 functions directly.
 .PP
 It is difficult to securely use stream ciphers. For example, do not perform
 multiple encryptions using the same key stream.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_EncryptInit\fR\|(3)
+\&\fBEVP_EncryptInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RIPEMD160_Init.3 b/secure/lib/libcrypto/man/RIPEMD160_Init.3
index 1ef72f6feebe6..181e2418ef54b 100644
--- a/secure/lib/libcrypto/man/RIPEMD160_Init.3
+++ b/secure/lib/libcrypto/man/RIPEMD160_Init.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RIPEMD160_INIT 3"
-.TH RIPEMD160_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RIPEMD160_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash
 \&                          unsigned char *md);
 \&
 \& int RIPEMD160_Init(RIPEMD160_CTX *c);
-\& int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len);
+\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
 \& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
 .Ve
 .SH "DESCRIPTION"
@@ -153,7 +157,7 @@ RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash
 \&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a
 160 bit output.
 .PP
-\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR
+\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR
 bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
 \&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
 is placed in a static array.
@@ -161,34 +165,34 @@ is placed in a static array.
 The following functions may be used if the message is not completely
 stored in memory:
 .PP
-\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure.
+\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure.
 .PP
-\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to
+\&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to
 be hashed (\fBlen\fR bytes at \fBdata\fR).
 .PP
-\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have
+\&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have
 space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases
 the \fB\s-1RIPEMD160_CTX\s0\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\s-1\fIRIPEMD160\s0()\fR returns a pointer to the hash value.
+\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value.
 .PP
-\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR return 1 for
+\&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for
 success, 0 otherwise.
 .SH "NOTE"
 .IX Header "NOTE"
 Applications should use the higher level functions
-\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling these
+\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these
 functions directly.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3
index 7fe189e9ecfba..f3331a82fe21a 100644
--- a/secure/lib/libcrypto/man/RSA_blinding_on.3
+++ b/secure/lib/libcrypto/man/RSA_blinding_on.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_BLINDING_ON 3"
-.TH RSA_BLINDING_ON 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_BLINDING_ON 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,18 +155,18 @@ RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attac
 measure the time of \s-1RSA\s0 decryption or signature operations, blinding
 must be used to protect the \s-1RSA\s0 operation from that attack.
 .PP
-\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a
+\&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a
 random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and
 initialized \fB\s-1BN_CTX\s0\fR. The random number generator must be seeded
-prior to calling \fIRSA_blinding_on()\fR.
+prior to calling \fBRSA_blinding_on()\fR.
 .PP
-\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for
+\&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for
 the blinding factor.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred.
+\&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred.
 .PP
-\&\fIRSA_blinding_off()\fR returns no value.
+\&\fBRSA_blinding_off()\fR returns no value.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index ab5d5996727a7..8f3f7a74a2422 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_CHECK_KEY 3"
-.TH RSA_CHECK_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_CHECK_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ RSA_check_key_ex, RSA_check_key \- validate private RSA keys
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys.
+\&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys.
 It checks that \fBp\fR and \fBq\fR are
 in fact prime, and that \fBn = p*q\fR.
 .PP
@@ -162,17 +166,17 @@ Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object,
 even if it is otherwise fit for regular \s-1RSA\s0 operation.
 .PP
 The \fBcb\fR parameter is a callback that will be invoked in the same
-manner as \fIBN_is_prime_ex\fR\|(3).
+manner as \fBBN_is_prime_ex\fR\|(3).
 .PP
-\&\fIRSA_check_key()\fR is equivalent to \fIRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR.
+\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_check_key_ex()\fR and \fIRSA_check_key()\fR
+\&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR
 return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise.
 They return \-1 if an error occurs while checking the key.
 .PP
 If the key is invalid or an error occurred, the reason code can be
-obtained using \fIERR_get_error\fR\|(3).
+obtained using \fBERR_get_error\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work
@@ -186,19 +190,19 @@ is complete and untouched, but this can't be assumed in the general case.
 .SH "BUGS"
 .IX Header "BUGS"
 A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need
-to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
+to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
 elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and
 completely violating encapsulation and object-orientation in the process).
-The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the
+The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the
 \&\s-1RSA_METHOD\s0 function table so that alternative implementations can also
 provide their own verifiers.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBN_is_prime_ex\fR\|(3),
-\&\fIERR_get_error\fR\|(3)
+\&\fBBN_is_prime_ex\fR\|(3),
+\&\fBERR_get_error\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2.
+\&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3
index be0645f9501d9..4448e7de793f4 100644
--- a/secure/lib/libcrypto/man/RSA_generate_key.3
+++ b/secure/lib/libcrypto/man/RSA_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_GENERATE_KEY 3"
-.TH RSA_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_GENERATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,14 +159,14 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the
+\&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the
 \&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must
-be seeded prior to calling \fIRSA_generate_key_ex()\fR.
+be seeded prior to calling \fBRSA_generate_key_ex()\fR.
 .PP
-\&\fIRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores
+\&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores
 it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by
 the \fBprimes\fR parameter. The pseudo-random number generator must be seeded prior
-to calling \fIRSA_generate_multi_prime_key()\fR.
+to calling \fBRSA_generate_multi_prime_key()\fR.
 .PP
 The modulus size will be of length \fBbits\fR, the number of primes to form the
 modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes
@@ -180,15 +184,15 @@ In order to maintain adequate security level, the maximum number of permitted
 .PP
 A callback function may be used to provide feedback about the
 progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it
-will be called as follows using the \fIBN_GENCB_call()\fR function
-described on the \fIBN_generate_prime\fR\|(3) page.
+will be called as follows using the \fBBN_GENCB_call()\fR function
+described on the \fBBN_generate_prime\fR\|(3) page.
 .PP
-\&\fIRSA_generate_prime()\fR is similar to \fIRSA_generate_prime_ex()\fR but
+\&\fBRSA_generate_prime()\fR is similar to \fBRSA_generate_prime_ex()\fR but
 expects an old-style callback function; see
-\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback.
+\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback.
 .IP "\(bu" 2
 While a random prime number is generated, it is called as
-described in \fIBN_generate_prime\fR\|(3).
+described in \fBBN_generate_prime\fR\|(3).
 .IP "\(bu" 2
 When the n\-th randomly generated prime is rejected as not
 suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called.
@@ -200,22 +204,22 @@ The process is then repeated for prime q and other primes (if any)
 with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error.
-\&\fIRSA_generate_key_ex()\fR returns 1 on success or 0 on error.
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+\&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error.
+\&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error.
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .PP
-\&\fIRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or
+\&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or
 \&\fB\s-1NULL\s0\fR if the key generation fails.
 .SH "BUGS"
 .IX Header "BUGS"
 \&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIBN_generate_prime\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use
-\&\fIRSA_generate_key_ex()\fR instead.
+\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use
+\&\fBRSA_generate_key_ex()\fR instead.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_get0_key.3 b/secure/lib/libcrypto/man/RSA_get0_key.3
index 0bef85e6acb94..7f267d369083d 100644
--- a/secure/lib/libcrypto/man/RSA_get0_key.3
+++ b/secure/lib/libcrypto/man/RSA_get0_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_GET0_KEY 3"
-.TH RSA_GET0_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_GET0_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -187,14 +191,14 @@ and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\f
 \&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations.
 .PP
 The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling
-\&\fIRSA_get0_key()\fR.  If they have not been set yet, then \fB*n\fR, \fB*e\fR and
+\&\fBRSA_get0_key()\fR.  If they have not been set yet, then \fB*n\fR, \fB*e\fR and
 \&\fB*d\fR will be set to \s-1NULL.\s0  Otherwise, they are set to pointers to
 their respective values. These point directly to the internal
 representations of the values and therefore should not be freed
 by the caller.
 .PP
 The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling
-\&\fIRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as
+\&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as
 parameters to the function.  The values \fBn\fR and \fBe\fR must be non-NULL
 the first time this function is called on a given \s-1RSA\s0 object. The
 value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be
@@ -204,83 +208,84 @@ the \s-1RSA\s0 object, and therefore the values that have been passed in
 should not be freed by the caller after this function has been called.
 .PP
 In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and
-set with \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR, and the \fBdmp1\fR,
+set with \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR, and the \fBdmp1\fR,
 \&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with
-\&\fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR.
+\&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR.
 .PP
-For \fIRSA_get0_key()\fR, \fIRSA_get0_factors()\fR, and \fIRSA_get0_crt_params()\fR,
+For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR,
 \&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions
 ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters.
 .PP
-For multi-prime \s-1RSA,\s0 \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR
+For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR
 can be used to obtain other primes and related \s-1CRT\s0 parameters. The
-return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fIRSA_set0_multi_prime_params()\fR
+return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR
 sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient)
 into an \s-1RSA\s0 object.
 .PP
 Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be
 retrieved separately by the corresponding function
-\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR,
-\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR, respectively.
+\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR,
+\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively.
 .PP
-\&\fIRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0
+\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0
 object. Multiple flags can be passed in one go (bitwise ORed together).
-Any flags that are already set are left set. \fIRSA_test_flags()\fR tests to
+Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to
 see whether the flags passed in the \fBflags\fR parameter are currently
 set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All
 flags that are currently set are returned, or zero if none of the
-flags are set. \fIRSA_clear_flags()\fR clears the specified flags within the
+flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the
 \&\s-1RSA\s0 object.
 .PP
-\&\fIRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for
+\&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for
 this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set.
 .PP
-\&\fIRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR.
+\&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-Values retrieved with \fIRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used
-in the call and may therefore \fInot\fR be passed to \fIRSA_set0_key()\fR.  If
-needed, duplicate the received value using \fIBN_dup()\fR and pass the
-duplicate.  The same applies to \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR
-as well as \fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR.
+Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used
+in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR.  If
+needed, duplicate the received value using \fBBN_dup()\fR and pass the
+duplicate.  The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR
+as well as \fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR.
 .PP
-The caller should obtain the size by calling \fIRSA_get_multi_prime_extra_count()\fR
+The caller should obtain the size by calling \fBRSA_get_multi_prime_extra_count()\fR
 in advance and allocate sufficient buffer to store the return values before
-calling \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR.
+calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR.
 .PP
-\&\fIRSA_set0_multi_prime_params()\fR always clears the original multi-prime
+\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime
 triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_set0_key()\fR, \fIRSA_set0_factors()\fR, \fIRSA_set0_crt_params()\fR and
-\&\fIRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure.
+\&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and
+\&\fBRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure.
 .PP
-\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR,
-\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR
+\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR,
+\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR
 return the respective value.
 .PP
-\&\fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_crt_params()\fR return
+\&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return
 1 on success or 0 on failure.
 .PP
-\&\fIRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes
+\&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes
 in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for
 multi-prime \s-1RSA.\s0
 .PP
-\&\fIRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and
+\&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and
 \&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0
 .PP
-\&\fIRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object.
+\&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object.
 .PP
-\&\fIRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no
+\&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no
 \&\s-1ENGINE\s0 has been set.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRSA_new\fR\|(3), \fIRSA_size\fR\|(3)
+\&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRSA_get_multi_prime_extra_count()\fR, \fIRSA_get0_multi_prime_factors()\fR,
-\&\fIRSA_get0_multi_prime_crt_params()\fR, \fIRSA_set0_multi_prime_params()\fR,
-and \fIRSA_get_version()\fR functions were added in OpenSSL 1.1.1.
+The
+\&\fBRSA_get_multi_prime_extra_count()\fR, \fBRSA_get0_multi_prime_factors()\fR,
+\&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_set0_multi_prime_params()\fR,
+and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1.
 .PP
 Other functions described here were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/RSA_meth_new.3 b/secure/lib/libcrypto/man/RSA_meth_new.3
index 3445b19e49113..35f73e6ab4ae5 100644
--- a/secure/lib/libcrypto/man/RSA_meth_new.3
+++ b/secure/lib/libcrypto/man/RSA_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_METH_NEW 3"
-.TH RSA_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -249,7 +253,7 @@ The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom
 for the implementation of the various \s-1RSA\s0 capabilities. See the rsa
 page for more information.
 .PP
-\&\fIRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be
+\&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be
 given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a
 \&\s-1NULL\s0 terminated string, which will be duplicated and stored in the
 \&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the
@@ -257,44 +261,44 @@ original string. The flags will be used during the construction of a
 new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object
 will have those flags set by default.
 .PP
-\&\fIRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object
+\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object
 passed as a parameter. This might be useful for creating a new
 \&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences.
 .PP
-\&\fIRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any
+\&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any
 memory associated with it.
 .PP
-\&\fIRSA_meth_get0_name()\fR will return a pointer to the name of this
+\&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this
 \&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so
-should not be freed by the caller. \fIRSA_meth_set1_name()\fR sets the name
+should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name
 of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is
 stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible
 for freeing the memory associated with the name.
 .PP
-\&\fIRSA_meth_get_flags()\fR returns the current value of the flags associated
-with this \s-1RSA_METHOD.\s0 \fIRSA_meth_set_flags()\fR provides the ability to set
+\&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated
+with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set
 these flags.
 .PP
-The functions \fIRSA_meth_get0_app_data()\fR and \fIRSA_meth_set0_app_data()\fR
+The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR
 provide the ability to associate implementation specific data with the
 \&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data
-before the \s-1RSA_METHOD\s0 is freed via a call to \fIRSA_meth_free()\fR.
+before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR.
 .PP
-\&\fIRSA_meth_get_sign()\fR and \fIRSA_meth_set_sign()\fR get and set the function
+\&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function
 used for creating an \s-1RSA\s0 signature respectively. This function will be
-called in response to the application calling \fIRSA_sign()\fR. The
-parameters for the function have the same meaning as for \fIRSA_sign()\fR.
+called in response to the application calling \fBRSA_sign()\fR. The
+parameters for the function have the same meaning as for \fBRSA_sign()\fR.
 .PP
-\&\fIRSA_meth_get_verify()\fR and \fIRSA_meth_set_verify()\fR get and set the
+\&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the
 function used for verifying an \s-1RSA\s0 signature respectively. This
 function will be called in response to the application calling
-\&\fIRSA_verify()\fR. The parameters for the function have the same meaning as
-for \fIRSA_verify()\fR.
+\&\fBRSA_verify()\fR. The parameters for the function have the same meaning as
+for \fBRSA_verify()\fR.
 .PP
-\&\fIRSA_meth_get_mod_exp()\fR and \fIRSA_meth_set_mod_exp()\fR get and set the
+\&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the
 function used for \s-1CRT\s0 computations.
 .PP
-\&\fIRSA_meth_get_bn_mod_exp()\fR and \fIRSA_meth_set_bn_mod_exp()\fR get and set
+\&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set
 the function used for \s-1CRT\s0 computations, specifically the following
 value:
 .PP
@@ -302,53 +306,53 @@ value:
 \& r = a ^ p mod m
 .Ve
 .PP
-Both the \fImod_exp()\fR and \fIbn_mod_exp()\fR functions are called by the
+Both the \fBmod_exp()\fR and \fBbn_mod_exp()\fR functions are called by the
 default OpenSSL method during encryption, decryption, signing and
 verification.
 .PP
-\&\fIRSA_meth_get_init()\fR and \fIRSA_meth_set_init()\fR get and set the function
+\&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function
 used for creating a new \s-1RSA\s0 instance respectively. This function will
-be called in response to the application calling \fIRSA_new()\fR (if the
-current default \s-1RSA_METHOD\s0 is this one) or \fIRSA_new_method()\fR. The
-\&\fIRSA_new()\fR and \fIRSA_new_method()\fR functions will allocate the memory for
+be called in response to the application calling \fBRSA_new()\fR (if the
+current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The
+\&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for
 the new \s-1RSA\s0 object, and a pointer to this newly allocated structure
 will be passed as a parameter to the function. This function may be
 \&\s-1NULL.\s0
 .PP
-\&\fIRSA_meth_get_finish()\fR and \fIRSA_meth_set_finish()\fR get and set the
+\&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the
 function used for destroying an instance of an \s-1RSA\s0 object respectively.
 This function will be called in response to the application calling
-\&\fIRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a
+\&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a
 parameter. The destroy function should be used for \s-1RSA\s0 implementation
 specific clean up. The memory for the \s-1RSA\s0 itself should not be freed
 by this function. This function may be \s-1NULL.\s0
 .PP
-\&\fIRSA_meth_get_keygen()\fR and \fIRSA_meth_set_keygen()\fR get and set the
+\&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the
 function used for generating a new \s-1RSA\s0 key pair respectively. This
 function will be called in response to the application calling
-\&\fIRSA_generate_key_ex()\fR. The parameter for the function has the same
-meaning as for \fIRSA_generate_key_ex()\fR.
+\&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same
+meaning as for \fBRSA_generate_key_ex()\fR.
 .PP
-\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR get
+\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get
 and set the function used for generating a new multi-prime \s-1RSA\s0 key pair
 respectively. This function will be called in response to the application calling
-\&\fIRSA_generate_multi_prime_key()\fR. The parameter for the function has the same
-meaning as for \fIRSA_generate_multi_prime_key()\fR.
+\&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same
+meaning as for \fBRSA_generate_multi_prime_key()\fR.
 .PP
-\&\fIRSA_meth_get_pub_enc()\fR, \fIRSA_meth_set_pub_enc()\fR,
-\&\fIRSA_meth_get_pub_dec()\fR, \fIRSA_meth_set_pub_dec()\fR,
-\&\fIRSA_meth_get_priv_enc()\fR, \fIRSA_meth_set_priv_enc()\fR,
-\&\fIRSA_meth_get_priv_dec()\fR, \fIRSA_meth_set_priv_dec()\fR get and set the
+\&\fBRSA_meth_get_pub_enc()\fR, \fBRSA_meth_set_pub_enc()\fR,
+\&\fBRSA_meth_get_pub_dec()\fR, \fBRSA_meth_set_pub_dec()\fR,
+\&\fBRSA_meth_get_priv_enc()\fR, \fBRSA_meth_set_priv_enc()\fR,
+\&\fBRSA_meth_get_priv_dec()\fR, \fBRSA_meth_set_priv_dec()\fR get and set the
 functions used for public and private key encryption and decryption.
 These functions will be called in response to the application calling
-\&\fIRSA_public_encrypt()\fR, \fIRSA_private_decrypt()\fR, \fIRSA_private_encrypt()\fR and
-\&\fIRSA_public_decrypt()\fR and take the same parameters as those.
+\&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR, \fBRSA_private_encrypt()\fR and
+\&\fBRSA_public_decrypt()\fR and take the same parameters as those.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_meth_new()\fR and \fIRSA_meth_dup()\fR return the newly allocated
+\&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated
 \&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure.
 .PP
-\&\fIRSA_meth_get0_name()\fR and \fIRSA_meth_get_flags()\fR return the name and
+\&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and
 flags associated with the \s-1RSA_METHOD\s0 respectively.
 .PP
 All other RSA_meth_get_*() functions return the appropriate function
@@ -359,12 +363,12 @@ RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on
 success or 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRSA_new\fR\|(3), \fIRSA_generate_key_ex\fR\|(3), \fIRSA_sign\fR\|(3),
-\&\fIRSA_set_method\fR\|(3), \fIRSA_size\fR\|(3), \fIRSA_get0_key\fR\|(3),
-\&\fIRSA_generate_multi_prime_key\fR\|(3)
+\&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3),
+\&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3),
+\&\fBRSA_generate_multi_prime_key\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR were
+\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were
 added in OpenSSL 1.1.1.
 .PP
 Other functions described here were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3
index 16e72fe5d19e9..0dac8475f5af4 100644
--- a/secure/lib/libcrypto/man/RSA_new.3
+++ b/secure/lib/libcrypto/man/RSA_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_NEW 3"
-.TH RSA_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,24 +151,24 @@ RSA_new, RSA_free \- allocate and free RSA objects
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to
+\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to
 calling RSA_new_method(\s-1NULL\s0).
 .PP
-\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is
+\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is
 erased before the memory is returned to the system.
 If \fBrsa\fR is \s-1NULL\s0 nothing is done.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
-code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns
+If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns
 a pointer to the newly allocated structure.
 .PP
-\&\fIRSA_free()\fR returns no value.
+\&\fBRSA_free()\fR returns no value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fIRSA_generate_key\fR\|(3),
-\&\fIRSA_new_method\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBRSA_generate_key\fR\|(3),
+\&\fBRSA_new_method\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
index 70f2a885ca2ce..06049fbcfcf8b 100644
--- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3"
-.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -174,17 +178,17 @@ RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PK
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt,
+The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt,
 decrypt, sign and verify functions. Normally they should not be called
 from application programs.
 .PP
 However, they can also be called directly to implement padding for other
-asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and
-\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined
+asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and
+\&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined
 with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding
 parameter.
 .PP
-\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into
+\&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into
 \&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR
 does not meet the size requirements of the encoding method.
 .PP
@@ -206,33 +210,38 @@ The following encoding methods are implemented:
 simply copy the data
 .PP
 The random number generator must be seeded prior to calling
-\&\fIRSA_padding_add_xxx()\fR.
+\&\fBRSA_padding_add_xxx()\fR.
 .PP
-\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain
+\&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain
 a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective
 encoding method and stores the recovered data of at most \fBtlen\fR bytes
 (for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR)
 at \fBto\fR.
 .PP
-For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter
+For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter
 of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error.
-The \fIRSA_padding_check_xxx()\fR functions return the length of the
+The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error.
+The \fBRSA_padding_check_xxx()\fR functions return the length of the
 recovered data, \-1 on error. Error codes can be obtained by calling
-\&\fIERR_get_error\fR\|(3).
+\&\fBERR_get_error\fR\|(3).
 .SH "WARNING"
 .IX Header "WARNING"
-The \fIRSA_padding_check_PKCS1_type_2()\fR padding check leaks timing
+The \fBRSA_padding_check_PKCS1_type_2()\fR padding check leaks timing
 information which can potentially be used to mount a Bleichenbacher
 padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1
-v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding.
+v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. Otherwise it can
+be recommended to pass zero-padded \fBf\fR, so that \fBfl\fR equals to
+\&\fBrsa_len\fR, and if fixed by protocol, \fBtlen\fR being set to the
+expected length. In such case leakage would be minimal, it would
+take attacker's ability to observe memory access pattern with byte
+granilarity as it occurs, post-factum timing analysis won't do.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRSA_public_encrypt\fR\|(3),
-\&\fIRSA_private_decrypt\fR\|(3),
-\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3)
+\&\fBRSA_public_encrypt\fR\|(3),
+\&\fBRSA_private_decrypt\fR\|(3),
+\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3
index 585b9d9d85075..a7a36f93fc425 100644
--- a/secure/lib/libcrypto/man/RSA_print.3
+++ b/secure/lib/libcrypto/man/RSA_print.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_PRINT 3"
-.TH RSA_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,7 +171,7 @@ The output lines are indented by \fBoffset\fR spaces.
 These functions return 1 on success, 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBN_bn2bin\fR\|(3)
+\&\fBBN_bn2bin\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3
index 1b5871725503a..79d1597920ad0 100644
--- a/secure/lib/libcrypto/man/RSA_private_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_PRIVATE_ENCRYPT 3"
-.TH RSA_PRIVATE_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_PRIVATE_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,7 +155,7 @@ RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
 .IX Header "DESCRIPTION"
 These functions handle \s-1RSA\s0 signatures at a low level.
 .PP
-\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a
+\&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a
 message digest with an algorithm identifier) using the private key
 \&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to
 \&\fBRSA_size(rsa)\fR bytes of memory.
@@ -161,7 +165,7 @@ message digest with an algorithm identifier) using the private key
 .IX Item "RSA_PKCS1_PADDING"
 \&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the
 \&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or
-verifying \s-1PKCS\s0 #1 signatures, \fIRSA_sign\fR\|(3) and \fIRSA_verify\fR\|(3) should be
+verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be
 used.
 .IP "\s-1RSA_NO_PADDING\s0" 4
 .IX Item "RSA_NO_PADDING"
@@ -169,23 +173,23 @@ Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement
 cryptographically sound padding modes in the application code.
 Signing user data directly with \s-1RSA\s0 is insecure.
 .PP
-\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR
+\&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR
 bytes long signature at \fBfrom\fR using the signer's public key
 \&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the
 message digest (which is smaller than \fBRSA_size(rsa) \-
 11\fR). \fBpadding\fR is the padding mode that was used to sign the data.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e.,
-RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the
+\&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e.,
+RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the
 recovered message digest.
 .PP
 On error, \-1 is returned; the error codes can be
-obtained by \fIERR_get_error\fR\|(3).
+obtained by \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3
index 157cc7c3e7f51..1f58528e8386b 100644
--- a/secure/lib/libcrypto/man/RSA_public_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_PUBLIC_ENCRYPT 3"
-.TH RSA_PUBLIC_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_PUBLIC_ENCRYPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,7 +153,7 @@ RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a
+\&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a
 session key) using the public key \fBrsa\fR and stores the ciphertext in
 \&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory.
 .PP
@@ -175,21 +179,21 @@ Encrypting user data directly with \s-1RSA\s0 is insecure.
 based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for
 \&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0
 The random number generator must be seeded prior to calling
-\&\fIRSA_public_encrypt()\fR.
+\&\fBRSA_public_encrypt()\fR.
 .PP
-\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the
+\&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the
 private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBto\fR must point
 to a memory section large enough to hold the decrypted data (which is
 smaller than RSA_size(\fBrsa\fR)). \fBpadding\fR is the padding mode that
 was used to encrypt the data.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e.,
-RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the
+\&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e.,
+RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the
 recovered plaintext.
 .PP
 On error, \-1 is returned; the error codes can be
-obtained by \fIERR_get_error\fR\|(3).
+obtained by \fBERR_get_error\fR\|(3).
 .SH "WARNING"
 .IX Header "WARNING"
 Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information
@@ -201,8 +205,8 @@ design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0
 \&\s-1SSL, PKCS\s0 #1 v2.0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3),
-\&\fIRSA_size\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3),
+\&\fBRSA_size\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3
index ef1605b5d5d05..251b9c0a8e08e 100644
--- a/secure/lib/libcrypto/man/RSA_set_method.3
+++ b/secure/lib/libcrypto/man/RSA_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_SET_METHOD 3"
-.TH RSA_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_SET_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -164,21 +168,21 @@ important information about how these \s-1RSA API\s0 functions are affected by t
 use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
 .PP
 Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation,
-as returned by \fIRSA_PKCS1_OpenSSL()\fR.
+as returned by \fBRSA_PKCS1_OpenSSL()\fR.
 .PP
-\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0
+\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0
 structures created later.
 \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
 been set as a default for \s-1RSA,\s0 so this function is no longer recommended.
 This function is not thread-safe and should not be called at the same time
 as other OpenSSL functions.
 .PP
-\&\fIRSA_get_default_method()\fR returns a pointer to the current default
+\&\fBRSA_get_default_method()\fR returns a pointer to the current default
 \&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on
 whether the \s-1ENGINE API\s0 is being used, so this function is no longer
 recommended.
 .PP
-\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
+\&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
 \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the
 previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will
 be released during the change. It is possible to have \s-1RSA\s0 keys that only
@@ -187,23 +191,23 @@ that supports embedded hardware-protected keys), and in such cases
 attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected
 results.
 .PP
-\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR.
+\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR.
 This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if
 it is, the return value can only be guaranteed to be valid as long as the
 \&\s-1RSA\s0 key itself is valid and does not have its implementation changed by
-\&\fIRSA_set_method()\fR.
+\&\fBRSA_set_method()\fR.
 .PP
-\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current
+\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current
 \&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section.
 .PP
-\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that
+\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that
 \&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the
 default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set,
-the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used.
+the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used.
 .PP
-\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method.
+\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method.
 .PP
-\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that
+\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that
 \&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR,
 the default method is used.
 .SH "THE RSA_METHOD STRUCTURE"
@@ -267,39 +271,39 @@ the default method is used.
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_PKCS1_OpenSSL()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR
-and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs.
+\&\fBRSA_PKCS1_OpenSSL()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR
+and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs.
 .PP
-\&\fIRSA_set_default_method()\fR returns no value.
+\&\fBRSA_set_default_method()\fR returns no value.
 .PP
-\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation
+\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation
 that was replaced. However, this return value should probably be ignored
 because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated
 at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a
-result of the \fIRSA_set_method()\fR function releasing its handle to the
+result of the \fBRSA_set_method()\fR function releasing its handle to the
 \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR
 declaration in a future release.
 .PP
-\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained
-by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise
+\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained
+by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise
 it returns a pointer to the newly allocated structure.
 .SH "BUGS"
 .IX Header "BUGS"
-The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now
+The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now
 to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the
 encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key
 itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key
 (which is what this function returns). If the flags element of an \s-1RSA\s0 key
 is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not
-be reflected in the return value of the \fIRSA_flags()\fR function \- in effect
-\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does
+be reflected in the return value of the \fBRSA_flags()\fR function \- in effect
+\&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does
 not currently exist).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRSA_new\fR\|(3)
+\&\fBRSA_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIRSA_null_method()\fR, which was a partial attempt to avoid patent issues,
+The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues,
 was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3
index 763e92bd919c0..4ac0725fef4d2 100644
--- a/secure/lib/libcrypto/man/RSA_sign.3
+++ b/secure/lib/libcrypto/man/RSA_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_SIGN 3"
-.TH RSA_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,13 +153,13 @@ RSA_sign, RSA_verify \- RSA signatures
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the
+\&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the
 private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It
 stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR.
 \&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory.
 Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the
 key that can be used.
-See \fIRSA_private_encrypt\fR\|(3) for lower-level
+See \fBRSA_private_encrypt\fR\|(3) for lower-level
 operations.
 .PP
 \&\fBtype\fR denotes the message digest algorithm that was used to generate
@@ -164,24 +168,24 @@ If \fBtype\fR is \fBNID_md5_sha1\fR,
 an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding
 and no algorithm identifier) is created.
 .PP
-\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
+\&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
 matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes
 the message digest algorithm that was used to generate the signature.
 \&\fBrsa\fR is the signer's public key.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_sign()\fR returns 1 on success.
-\&\fIRSA_verify()\fR returns 1 on successful verification.
+\&\fBRSA_sign()\fR returns 1 on success.
+\&\fBRSA_verify()\fR returns 1 on successful verification.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1SSL, PKCS\s0 #1 v2.0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fIRSA_private_encrypt\fR\|(3),
-\&\fIRSA_public_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBRSA_private_encrypt\fR\|(3),
+\&\fBRSA_public_decrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
index c691ada572fbf..a18a9e61647da 100644
--- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_SIGN_ASN1_OCTET_STRING 3"
-.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,7 +155,7 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size
+\&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size
 \&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1
 padding. It stores the signature in \fBsigret\fR and the signature size
 in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of
@@ -159,27 +163,27 @@ memory.
 .PP
 \&\fBdummy\fR is ignored.
 .PP
-The random number generator must be seeded prior to calling \fIRSA_sign_ASN1_OCTET_STRING()\fR.
+The random number generator must be seeded prior to calling \fBRSA_sign_ASN1_OCTET_STRING()\fR.
 .PP
-\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR
+\&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR
 of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string
 \&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's
 public key.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise.
-\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0
+\&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise.
+\&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0
 otherwise.
 .PP
-The error codes can be obtained by \fIERR_get_error\fR\|(3).
+The error codes can be obtained by \fBERR_get_error\fR\|(3).
 .SH "BUGS"
 .IX Header "BUGS"
 These functions serve no recognizable purpose.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fIRAND_bytes\fR\|(3), \fIRSA_sign\fR\|(3),
-\&\fIRSA_verify\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3),
+\&\fBRSA_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3
index 5167e4cd72409..89b20f94cd7a1 100644
--- a/secure/lib/libcrypto/man/RSA_size.3
+++ b/secure/lib/libcrypto/man/RSA_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_SIZE 3"
-.TH RSA_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,29 +153,29 @@ RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to
+\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to
 determine how much memory must be allocated for an \s-1RSA\s0 encrypted
 value.
 .PP
-\&\fIRSA_bits()\fR returns the number of significant bits.
+\&\fBRSA_bits()\fR returns the number of significant bits.
 .PP
 \&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR.
 .PP
-\&\fIRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR
-key. See \fIBN_security_bits\fR\|(3).
+\&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR
+key. See \fBBN_security_bits\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRSA_size()\fR returns the size of modulus in bytes.
+\&\fBRSA_size()\fR returns the size of modulus in bytes.
 .PP
-\&\fIDSA_bits()\fR returns the number of bits in the key.
+\&\fBDSA_bits()\fR returns the number of bits in the key.
 .PP
-\&\fIRSA_security_bits()\fR returns the number of security bits.
+\&\fBRSA_security_bits()\fR returns the number of security bits.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIBN_num_bits\fR\|(3)
+\&\fBBN_num_bits\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRSA_bits()\fR was added in OpenSSL 1.1.0.
+The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SCT_new.3 b/secure/lib/libcrypto/man/SCT_new.3
index e5cf84c6cb47c..7da6b1aaff776 100644
--- a/secure/lib/libcrypto/man/SCT_new.3
+++ b/secure/lib/libcrypto/man/SCT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SCT_NEW 3"
-.TH SCT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SCT_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -205,37 +209,37 @@ record a certificate. By cryptographically verifying that a log did indeed issue
 an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known.
 .PP
 An internal representation of an \s-1SCT\s0 can be created in one of two ways.
-The first option is to create a blank \s-1SCT,\s0 using \fISCT_new()\fR, and then populate
+The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate
 it using:
 .IP "\(bu" 2
-\&\fISCT_set_version()\fR to set the \s-1SCT\s0 version.
+\&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version.
 .Sp
 Only \s-1SCT_VERSION_V1\s0 is currently supported.
 .IP "\(bu" 2
-\&\fISCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for:
+\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for:
 .Sp
 \&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate.
 \&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate.
 .IP "\(bu" 2
-\&\fISCT_set0_log_id()\fR or \fISCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from.
+\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from.
 .Sp
 The former takes ownership, whereas the latter makes a copy.
 See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID.
 .IP "\(bu" 2
-\&\fISCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds).
+\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds).
 .IP "\(bu" 2
-\&\fISCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature.
+\&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature.
 .IP "\(bu" 2
-\&\fISCT_set0_signature()\fR or \fISCT_set1_signature()\fR to set the raw signature value.
+\&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value.
 .Sp
 The former takes ownership, whereas the latter makes a copy.
 .IP "\(bu" 2
-\&\fISCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions.
+\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions.
 .Sp
 The former takes ownership, whereas the latter makes a copy.
 .PP
 Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using
-\&\fISCT_new_from_base64()\fR:
+\&\fBSCT_new_from_base64()\fR:
 .IP "\(bu" 2
 The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported).
 .IP "\(bu" 2
@@ -251,7 +255,7 @@ The \s-1SCT\s0 extensions, base64 encoded.
 .IP "\(bu" 2
 The \s-1SCT\s0 signature, base64 encoded.
 .PP
-\&\fISCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found
+\&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found
 (\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not
 required for verifying the \s-1SCT.\s0
 .SH "NOTES"
@@ -260,21 +264,21 @@ Some of the setters return int, instead of void. These will all return 1 on
 success, 0 on failure. They will not make changes on failure.
 .PP
 All of the setters will reset the validation status of the \s-1SCT\s0 to
-\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fISCT_validate\fR\|(3)).
+\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)).
 .PP
-\&\fISCT_set_source()\fR will call \fISCT_set_log_entry_type()\fR if the type of
+\&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of
 certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found.
 For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\-
 certificate.
 .PP
-\&\fISCT_set_source()\fR will not refuse unknown values.
+\&\fBSCT_set_source()\fR will not refuse unknown values.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise.
+\&\fBSCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise.
 .PP
-\&\fISCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise.
+\&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise.
 .PP
-\&\fISCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a
+\&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a
 valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if
 malloc fails.
 .PP
@@ -286,9 +290,9 @@ is copied successfully, 0 otherwise (i.e. if malloc fails).
 \&\fBSCT_set_source\fR returns 1 on success, 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7),
-\&\fISCT_validate\fR\|(3),
-\&\fIOBJ_nid2obj\fR\|(3)
+\&\fBct\fR\|(7),
+\&\fBSCT_validate\fR\|(3),
+\&\fBOBJ_nid2obj\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/SCT_print.3 b/secure/lib/libcrypto/man/SCT_print.3
index 9dbd759b9d6d6..d60d48c2ed8f5 100644
--- a/secure/lib/libcrypto/man/SCT_print.3
+++ b/secure/lib/libcrypto/man/SCT_print.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SCT_PRINT 3"
-.TH SCT_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SCT_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,8 +152,8 @@ SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certifi
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in
-a human-readable format. \fISCT_LIST_print()\fR prints an entire list of SCTs in a
+\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in
+a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a
 similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output.
 .PP
 The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR
@@ -157,19 +161,19 @@ is provided, it will be used to print the description of the \s-1CT\s0 log that
 each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed
 as the \s-1CTLOG_STORE\s0 parameter to disable this feature.
 .PP
-\&\fISCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as
-a human-readable string. Call \fISCT_validate()\fR or \fISCT_LIST_validate()\fR
+\&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as
+a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR
 beforehand in order to set the validation status of an \s-1SCT\s0 first.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISCT_validation_status_string()\fR returns a null-terminated string representing
+\&\fBSCT_validation_status_string()\fR returns a null-terminated string representing
 the validation status of an \fB\s-1SCT\s0\fR object.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7),
-\&\fIbio\fR\|(7),
-\&\fICTLOG_STORE_new\fR\|(3),
-\&\fISCT_validate\fR\|(3)
+\&\fBct\fR\|(7),
+\&\fBbio\fR\|(7),
+\&\fBCTLOG_STORE_new\fR\|(3),
+\&\fBSCT_validate\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/SCT_validate.3 b/secure/lib/libcrypto/man/SCT_validate.3
index 41496d14010a3..e1ca9e6831575 100644
--- a/secure/lib/libcrypto/man/SCT_validate.3
+++ b/secure/lib/libcrypto/man/SCT_validate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SCT_VALIDATE 3"
-.TH SCT_VALIDATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SCT_VALIDATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,10 +160,10 @@ SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Cert
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature.
-\&\fISCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs.
+\&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature.
+\&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs.
 The result of the validation checks can be obtained by passing the \s-1SCT\s0 to
-\&\fISCT_get_validation_status()\fR.
+\&\fBSCT_get_validation_status()\fR.
 .PP
 A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies:
 .IP "\(bu" 2
@@ -189,23 +193,23 @@ status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0
 If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0
 .SH "NOTES"
 .IX Header "NOTES"
-A return value of 0 from \fISCT_LIST_validate()\fR should not be interpreted as a
+A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a
 failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence
 that a certificate has been publicly logged.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the
+\&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the
 \&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation.
 .PP
-\&\fISCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0
+\&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0
 if any of SCTs fails validation, or 1 if they all pass validation.
 .PP
-\&\fISCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0
-If \fISCT_validate()\fR or \fISCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the
+\&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0
+If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the
 returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7)
+\&\fBct\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.0.
diff --git a/secure/lib/libcrypto/man/SHA256_Init.3 b/secure/lib/libcrypto/man/SHA256_Init.3
index bf295354d499c..b2927dafbc108 100644
--- a/secure/lib/libcrypto/man/SHA256_Init.3
+++ b/secure/lib/libcrypto/man/SHA256_Init.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SHA256_INIT 3"
-.TH SHA256_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SHA256_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -174,13 +178,13 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SH
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 Applications should use the higher level functions
-\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the hash
+\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash
 functions directly.
 .PP
 \&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a
 160 bit output.
 .PP
-\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR
+\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR
 bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
 \&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
 is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR.
@@ -188,12 +192,12 @@ is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thr
 The following functions may be used if the message is not completely
 stored in memory:
 .PP
-\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure.
+\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure.
 .PP
-\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to
+\&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to
 be hashed (\fBlen\fR bytes at \fBdata\fR).
 .PP
-\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space
+\&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space
 for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR.
 .PP
 The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the
@@ -201,18 +205,18 @@ same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA25
 \&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR.
 The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used
 (defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and
-\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fISHA1\s0()\fR function above, the
-\&\s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR functions are not thread safe if
+\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the
+\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if
 \&\fBmd\fR is \s-1NULL.\s0
 .PP
 The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be
 used only when backward compatibility is required.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\s-1\fISHA1\s0()\fR, \s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR return a pointer to the hash
+\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash
 value.
 .PP
-\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR and equivalent \s-1SHA224, SHA256,
+\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256,
 SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
@@ -221,7 +225,7 @@ Standard),
 \&\s-1ANSI X9.30\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_DigestInit\fR\|(3)
+\&\fBEVP_DigestInit\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3
index 83184937f4c10..9c29d540cdd40 100644
--- a/secure/lib/libcrypto/man/SMIME_read_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME_READ_CMS 3"
-.TH SMIME_READ_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SMIME_READ_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ SMIME_read_CMS \- parse S/MIME message
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISMIME_read_CMS()\fR parses a message in S/MIME format.
+\&\fBSMIME_read_CMS()\fR parses a message in S/MIME format.
 .PP
 \&\fBin\fR is a \s-1BIO\s0 to read the message from.
 .PP
@@ -157,10 +161,10 @@ error occurred.
 .SH "NOTES"
 .IX Header "NOTES"
 If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can
-then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set.
+then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set.
 .PP
 Otherwise the type of the returned structure can be determined
-using \fICMS_get0_type()\fR.
+using \fBCMS_get0_type()\fR.
 .PP
 To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be
 initialized to \s-1NULL.\s0 For example:
@@ -173,7 +177,7 @@ initialized to \s-1NULL.\s0 For example:
 .Ve
 .SH "BUGS"
 .IX Header "BUGS"
-The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive.  While it will
+The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive.  While it will
 handle most S/MIME messages more complex compound formats may not work.
 .PP
 The parser assumes that the CMS_ContentInfo structure is always base64 encoded
@@ -185,14 +189,14 @@ which can be processed due to memory restraints: a streaming single pass option
 should be available.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR
-if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR
+if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_type\fR\|(3),
-\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3),
-\&\fICMS_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3),
+\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3),
+\&\fBCMS_decrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
index 013289bb6f81a..41eafc1d201e3 100644
--- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME_READ_PKCS7 3"
-.TH SMIME_READ_PKCS7 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SMIME_READ_PKCS7 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ SMIME_read_PKCS7 \- parse S/MIME message
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format.
+\&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format.
 .PP
 \&\fBin\fR is a \s-1BIO\s0 to read the message from.
 .PP
@@ -158,11 +162,11 @@ error occurred.
 .SH "NOTES"
 .IX Header "NOTES"
 If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text
-signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with
+signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with
 the \fB\s-1PKCS7_DETACHED\s0\fR flag set.
 .PP
 Otherwise the type of the returned structure can be determined
-using \fIPKCS7_type_is_enveloped()\fR, etc.
+using \fBPKCS7_type_is_enveloped()\fR, etc.
 .PP
 To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR
 \&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example:
@@ -175,7 +179,7 @@ To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR
 .Ve
 .SH "BUGS"
 .IX Header "BUGS"
-The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive.
+The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive.
 While it will handle most S/MIME messages more complex compound
 formats may not work.
 .PP
@@ -188,14 +192,14 @@ of message which can be processed due to memory restraints: a
 streaming single pass option should be available.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR
-if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR
+if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3),
-\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3),
-\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
-\&\fIPKCS7_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3),
+\&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3),
+\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3)
+\&\fBPKCS7_decrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3
index 49e124a9d0d1c..20626c337bee2 100644
--- a/secure/lib/libcrypto/man/SMIME_write_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME_WRITE_CMS 3"
-.TH SMIME_WRITE_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SMIME_WRITE_CMS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ SMIME_write_CMS \- convert CMS structure to S/MIME format
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0
+\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0
 structure to produce an S/MIME message.
 .PP
 \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate
@@ -156,7 +160,7 @@ supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags.
 The following flags can be passed in the \fBflags\fR parameter.
 .PP
 If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only
-makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is
+makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is
 called.
 .PP
 If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to
@@ -167,7 +171,7 @@ be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_Con
 creation function.
 .PP
 If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must
-be read twice: once to compute the signature in \fICMS_sign()\fR and once to output
+be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output
 the S/MIME message.
 .PP
 If streaming is performed the content is output in \s-1BER\s0 format using indefinite
@@ -175,16 +179,16 @@ length constructed encoding except in the case of signed data with detached
 content where the content is absent and \s-1DER\s0 format is used.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an
+\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an
 option to disable this.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure.
+\&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
-\&\fICMS_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3)
+\&\fBCMS_decrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
index 7a843bc61223a..f61130d982d72 100644
--- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME_WRITE_PKCS7 3"
-.TH SMIME_WRITE_PKCS7 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SMIME_WRITE_PKCS7 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7
+\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7
 structure to produce an S/MIME message.
 .PP
 \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR
@@ -157,7 +161,7 @@ The following flags can be passed in the \fBflags\fR parameter.
 .PP
 If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used,
 this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR
-is also set when \fIPKCS7_sign()\fR is also called.
+is also set when \fBPKCS7_sign()\fR is also called.
 .PP
 If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR
 are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR
@@ -165,10 +169,10 @@ is also set.
 .PP
 If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should
 only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to
-\&\fIPKCS7_sign()\fR or \fIPKCS7_encrypt()\fR.
+\&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR.
 .PP
 If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then
-the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR
+the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR
 and once to output the S/MIME message.
 .PP
 If streaming is performed the content is output in \s-1BER\s0 format using indefinite
@@ -176,16 +180,16 @@ length constructed encoding except in the case of signed data with detached
 content where the content is absent and \s-1DER\s0 format is used.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there
+\&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there
 should be an option to disable this.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure.
+\&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
-\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
-\&\fIPKCS7_decrypt\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3),
+\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3)
+\&\fBPKCS7_decrypt\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
index 90a95a070d352..87440930538c7 100644
--- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
+++ b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CIPHER_GET_NAME 3"
-.TH SSL_CIPHER_GET_NAME 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CIPHER_GET_NAME 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,38 +163,38 @@ SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_g
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the
+\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the
 \&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R".
 .PP
-\&\fISSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of
+\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of
 \&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR
 has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both
 SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name.
 .PP
-\&\fIOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR.
+\&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR.
 If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name,
 it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather
 than the SSLv3 name.
 .PP
-\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR.
+\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR.
 If \fBcipher\fR is \s-1NULL, 0\s0 is returned.
 .PP
-\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol
+\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol
 version that first defined the cipher.  It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0
 .PP
-\&\fISSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR.
+\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR.
 If there is no cipher (e.g. for cipher suites with no encryption) then
 \&\fBNID_undef\fR is returned.
 .PP
-\&\fISSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0
+\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0
 used by \fBc\fR during record encryption/decryption. If there is no digest (e.g.
 for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned.
 .PP
-\&\fISSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during
+\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during
 the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be
 different to the digest used to calculate the \s-1MAC\s0 for encrypted records.
 .PP
-\&\fISSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method
+\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method
 used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned.
 If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0
 cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive):
@@ -202,7 +206,7 @@ cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive):
 \& NID_kx_psk
 .Ve
 .PP
-\&\fISSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method
+\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method
 used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned.
 If any appropriate authentication algorithm can be used (as in the case of
 \&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive):
@@ -213,29 +217,29 @@ If any appropriate authentication algorithm can be used (as in the case of
 \& NID_auth_psk
 .Ve
 .PP
-\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or
+\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or
 ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0
 .PP
-\&\fISSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored
+\&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored
 in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the
 two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter
 is usually retrieved from a \s-1TLS\s0 packet by using functions like
-\&\fISSL_client_hello_get0_ciphers\fR\|(3).  \fISSL_CIPHER_find()\fR returns \s-1NULL\s0 if an
+\&\fBSSL_client_hello_get0_ciphers\fR\|(3).  \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an
 error occurs or the indicated cipher is not found.
 .PP
-\&\fISSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is
+\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is
 not the same as the IANA-specific \s-1ID.\s0
 .PP
-\&\fISSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given
+\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given
 cipher \fBc\fR.
 .PP
-\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used
+\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used
 into the buffer \fBbuf\fR of length \fBlen\fR provided.  If \fBbuf\fR is provided, it
 must be at least 128 bytes, otherwise a buffer will be allocated using
-\&\fIOPENSSL_malloc()\fR.  If the provided buffer is too small, or the allocation fails,
+\&\fBOPENSSL_malloc()\fR.  If the provided buffer is too small, or the allocation fails,
 \&\fB\s-1NULL\s0\fR is returned.
 .PP
-The string returned by \fISSL_CIPHER_description()\fR consists of several fields
+The string returned by \fBSSL_CIPHER_description()\fR consists of several fields
 separated by whitespace:
 .IP "<ciphername>" 4
 .IX Item "<ciphername>"
@@ -257,7 +261,7 @@ Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR.
 .IX Item "Mac=<message authentication code>"
 Message digest, such as \fB\s-1SHA256\s0\fR.
 .PP
-Some examples for the output of \fISSL_CIPHER_description()\fR:
+Some examples for the output of \fBSSL_CIPHER_description()\fR:
 .PP
 .Vb 2
 \& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
@@ -265,49 +269,49 @@ Some examples for the output of \fISSL_CIPHER_description()\fR:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CIPHER_get_name()\fR, \fISSL_CIPHER_standard_name()\fR, \fIOPENSSL_cipher_name()\fR,
-\&\fISSL_CIPHER_get_version()\fR and \fISSL_CIPHER_description()\fR return the corresponding
+\&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR,
+\&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding
 value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R"
 if the cipher is not found.
 .PP
-\&\fISSL_CIPHER_get_bits()\fR returns a positive integer representing the number of
+\&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of
 secret bits or 0 if an error occurred.
 .PP
-\&\fISSL_CIPHER_get_cipher_nid()\fR, \fISSL_CIPHER_get_digest_nid()\fR,
-\&\fISSL_CIPHER_get_kx_nid()\fR and \fISSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or
+\&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR,
+\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or
 \&\fBNID_undef\fR if an error occurred.
 .PP
-\&\fISSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0
+\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0
 if an error occurred.
 .PP
-\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise.
+\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise.
 .PP
-\&\fISSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error
+\&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error
 occurred.
 .PP
-\&\fISSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0
+\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0
 .PP
-\&\fISSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0
+\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0
 protocol-specific \s-1ID.\s0
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_CIPHER_get_version()\fR was updated to always return the correct protocol
-string in OpenSSL 1.1.0.
+The \fBSSL_CIPHER_get_version()\fR function was updated to always return the
+correct protocol string in OpenSSL 1.1.0.
 .PP
-\&\fISSL_CIPHER_description()\fR was changed to return \fB\s-1NULL\s0\fR on error,
+The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error,
 rather than a fixed string, in OpenSSL 1.1.0.
 .PP
-\&\fISSL_CIPHER_get_handshake_digest()\fR was added in OpenSSL 1.1.1.
+The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1.
 .PP
-\&\fISSL_CIPHER_standard_name()\fR was globally available in OpenSSL 1.1.1. Before
-OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was
+The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1.
+ Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was
 required to enable this function.
 .PP
-\&\fIOPENSSL_cipher_name()\fR was added in OpenSSL 1.1.1.
+The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_current_cipher\fR\|(3),
-\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1)
+\&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3),
+\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
index ae8786b32a89c..d077e6b702db8 100644
--- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
+++ b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3"
-.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,19 +160,19 @@ Deprecated:
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with
+\&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with
 the identifier \fBid\fR to the list of available compression methods. This
 list is globally maintained for all \s-1SSL\s0 operations within this application.
 It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects.
 .PP
-\&\fISSL_COMP_get_compression_methods()\fR returns a stack of all of the available
+\&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available
 compression methods or \s-1NULL\s0 on error.
 .PP
-\&\fISSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR.
+\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR.
 .PP
-\&\fISSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR.
+\&\fBSSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR.
 .PP
-\&\fISSL_COMP_free_compression_methods()\fR releases any resources acquired to
+\&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to
 maintain the internal table of compression methods.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -182,7 +186,7 @@ compression methods with the same identifier will lead to connection failure.
 .PP
 An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
 will unconditionally send the list of all compression methods enabled with
-\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake.
+\&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake.
 Unlike the mechanisms to set a cipher list, there is no method available to
 restrict the list of compression method on a per connection basis.
 .PP
@@ -192,30 +196,29 @@ when a matching identifier is found. There is no way to restrict the list
 of compression methods supported on a per connection basis.
 .PP
 If enabled during compilation, the OpenSSL library will have the
-\&\fICOMP_zlib()\fR compression method available.
+\&\fBCOMP_zlib()\fR compression method available.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_COMP_add_compression_method()\fR may return the following values:
+\&\fBSSL_COMP_add_compression_method()\fR may return the following values:
 .IP "0" 4
 The operation succeeded.
 .IP "1" 4
 .IX Item "1"
 The operation failed. Check the error queue to find out the reason.
 .PP
-\&\fISSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or
+\&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or
 \&\s-1NULL\s0 on error.
 .PP
-\&\fISSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error.
+\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error.
 .PP
-\&\fISSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error.
+\&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_COMP_free_compression_methods()\fR was deprecated in OpenSSL 1.1.0;
-do not use it.
-\&\fISSL_COMP_get0_name()\fR and \fISSL_comp_get_id()\fR were added in OpenSSL 1.1.0d.
+The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0.
+The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
index dc50129f473c1..d78c34f47025d 100644
--- a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
+++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CONF_CTX_NEW 3"
-.TH SSL_CONF_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CONF_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,27 +150,27 @@ SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fISSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR
+The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR
 structure for use with the \s-1SSL_CONF\s0 functions.
 .PP
-The function \fISSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR.
+The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR.
 If \fBcctx\fR is \s-1NULL\s0 nothing is done.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure
+\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure
 or \fB\s-1NULL\s0\fR if an error occurs.
 .PP
-\&\fISSL_CONF_CTX_free()\fR does not return a value.
+\&\fBSSL_CONF_CTX_free()\fR does not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_CTX_set_flags\fR\|(3),
-\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
-\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
-\&\fISSL_CONF_cmd\fR\|(3),
-\&\fISSL_CONF_cmd_argv\fR\|(3)
+\&\fBSSL_CONF_CTX_set_flags\fR\|(3),
+\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fBSSL_CONF_cmd\fR\|(3),
+\&\fBSSL_CONF_cmd_argv\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
index fff09f5370e07..d7359499a4a7f 100644
--- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
+++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CONF_CTX_SET1_PREFIX 3"
-.TH SSL_CONF_CTX_SET1_PREFIX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CONF_CTX_SET1_PREFIX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,11 +149,11 @@ SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fISSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR
+The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR
 to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value.
 .SH "NOTES"
 .IX Header "NOTES"
-Command prefixes alter the commands recognised by subsequent \fISSL_CONF_cmd()\fR
+Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR
 calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names
 such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R"
 and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then
@@ -163,17 +167,17 @@ If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case
 insensitive and no prefix is the default.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure.
+\&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_CTX_new\fR\|(3),
-\&\fISSL_CONF_CTX_set_flags\fR\|(3),
-\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
-\&\fISSL_CONF_cmd\fR\|(3),
-\&\fISSL_CONF_cmd_argv\fR\|(3)
+\&\fBSSL_CONF_CTX_new\fR\|(3),
+\&\fBSSL_CONF_CTX_set_flags\fR\|(3),
+\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fBSSL_CONF_cmd\fR\|(3),
+\&\fBSSL_CONF_cmd_argv\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
index 7046c34de88d7..99cc69e966763 100644
--- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
+++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CONF_CTX_SET_FLAGS 3"
-.TH SSL_CONF_CTX_SET_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CONF_CTX_SET_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,13 +150,13 @@ SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configurati
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fISSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR.
+The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR.
 .PP
-The function \fISSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR.
+The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The flags set affect how subsequent calls to \fISSL_CONF_cmd()\fR or
-\&\fISSL_CONF_argv()\fR behave.
+The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or
+\&\fBSSL_CONF_argv()\fR behave.
 .PP
 Currently the following \fBflags\fR values are recognised:
 .IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4
@@ -170,27 +174,27 @@ recognise certificate and private key options.
 .IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE"
 If this option is set then if a private key is not specified for a certificate
 it will attempt to load a private key from the certificate file when
-\&\fISSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate
+\&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate
 file an error occurs.
 .IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4
 .IX Item "SSL_CONF_FLAG_SHOW_ERRORS"
 indicate errors relating to unrecognised options or missing arguments in
 the error queue. If this option isn't set such errors are only reflected
-in the return values of \fISSL_CONF_set_cmd()\fR or \fISSL_CONF_set_argv()\fR
+in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CONF_CTX_set_flags()\fR and \fISSL_CONF_CTX_clear_flags()\fR returns the new flags
+\&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags
 value after setting or clearing flags.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_CTX_new\fR\|(3),
-\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
-\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
-\&\fISSL_CONF_cmd\fR\|(3),
-\&\fISSL_CONF_cmd_argv\fR\|(3)
+\&\fBSSL_CONF_CTX_new\fR\|(3),
+\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fBSSL_CONF_cmd\fR\|(3),
+\&\fBSSL_CONF_cmd_argv\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
index 872517d5cebe6..6169700e9f8f6 100644
--- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
+++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CONF_CTX_SET_SSL_CTX 3"
-.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,14 +150,14 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the
+\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the
 \&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with
-\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to
+\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to
 \&\fBctx\fR.
 .PP
-\&\fISSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the
+\&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the
 \&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with
-\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to
+\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to
 \&\fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -161,17 +165,17 @@ The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case
 syntax checking of commands is performed, where possible.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CONF_CTX_set_ssl_ctx()\fR and \fISSL_CTX_set_ssl()\fR do not return a value.
+\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_CTX_new\fR\|(3),
-\&\fISSL_CONF_CTX_set_flags\fR\|(3),
-\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
-\&\fISSL_CONF_cmd\fR\|(3),
-\&\fISSL_CONF_cmd_argv\fR\|(3)
+\&\fBSSL_CONF_CTX_new\fR\|(3),
+\&\fBSSL_CONF_CTX_set_flags\fR\|(3),
+\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fBSSL_CONF_cmd\fR\|(3),
+\&\fBSSL_CONF_cmd_argv\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd.3
index d745d7df00a2d..3d26c65b10b1a 100644
--- a/secure/lib/libcrypto/man/SSL_CONF_cmd.3
+++ b/secure/lib/libcrypto/man/SSL_CONF_cmd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CONF_CMD 3"
-.TH SSL_CONF_CMD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CONF_CMD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,12 +150,12 @@ SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fISSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with
+The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with
 optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application
 configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common
 framework for command line options or configuration files.
 .PP
-\&\fISSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to.
+\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to.
 .SH "SUPPORTED COMMAND LINE COMMANDS"
 .IX Header "SUPPORTED COMMAND LINE COMMANDS"
 Currently supported \fBcmd\fR names for command lines (i.e. when the
@@ -231,12 +235,12 @@ associated with \fBcctx\fR.
 Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon
 (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This
 list will be combined any configured TLSv1.2 and below ciphersuites.
-See \fIciphers\fR\|(1) for more information.
+See \fBciphers\fR\|(1) for more information.
 .IP "\fB\-cert\fR" 4
 .IX Item "-cert"
 Attempts to use the file \fBvalue\fR as the certificate for the appropriate
-context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR
-structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR
+context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR
+structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR
 structure is set. This option is only supported if certificate operations
 are permitted.
 .IP "\fB\-key\fR" 4
@@ -355,12 +359,12 @@ structure is associated with \fBcctx\fR.
 Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon
 (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This
 list will be combined any configured TLSv1.2 and below ciphersuites.
-See \fIciphers\fR\|(1) for more information.
+See \fBciphers\fR\|(1) for more information.
 .IP "\fBCertificate\fR" 4
 .IX Item "Certificate"
 Attempts to use the file \fBvalue\fR as the certificate for the appropriate
-context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR
-structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR
+context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR
+structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR
 structure is set. This option is only supported if certificate operations
 are permitted.
 .IP "\fBPrivateKey\fR" 4
@@ -395,10 +399,6 @@ operations are permitted.
 Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in
 length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the
 \&\fBvalue\fR must be >1 or <=16384.
-.IP "\fBNoRenegotiation\fR" 4
-.IX Item "NoRenegotiation"
-Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
-\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR.
 .IP "\fBSignatureAlgorithms\fR" 4
 .IX Item "SignatureAlgorithms"
 This sets the supported signature algorithms for TLSv1.2 and TLSv1.3.
@@ -497,7 +497,7 @@ sure to also leave \s-1TLS 1.1\s0 enabled.
 .IX Item "Options"
 The \fBvalue\fR argument is a comma separated list of various flags to set.
 If a flag string is preceded \fB\-\fR it is disabled.
-See the \fISSL_CTX_set_options\fR\|(3) function for more details of
+See the \fBSSL_CTX_set_options\fR\|(3) function for more details of
 individual options.
 .Sp
 Each option is listed below. Where an operation is enabled by default
@@ -535,6 +535,9 @@ Only used by servers.
 \&\fBNoResumptionOnRenegotiation\fR: set
 \&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers.
 .Sp
+\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and
+earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR.
+.Sp
 \&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation.
 Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR.
 .Sp
@@ -597,7 +600,7 @@ set of acceptable names for client CAs. Servers only. This option is only
 supported if certificate operations are permitted.
 .SH "SUPPORTED COMMAND TYPES"
 .IX Header "SUPPORTED COMMAND TYPES"
-The function \fISSL_CONF_cmd_value_type()\fR currently returns one of the following
+The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following
 types:
 .IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4
 .IX Item "SSL_CONF_TYPE_UNKNOWN"
@@ -637,28 +640,28 @@ however the call sequence is:
 SSLv3 is \fBalways\fR disabled and attempt to override this by the user are
 ignored.
 .PP
-By checking the return code of \fISSL_CONF_cmd()\fR it is possible to query if a
-given \fBcmd\fR is recognised, this is useful if \fISSL_CONF_cmd()\fR values are
+By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a
+given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are
 mixed with additional application specific operations.
 .PP
-For example an application might call \fISSL_CONF_cmd()\fR and if it returns
+For example an application might call \fBSSL_CONF_cmd()\fR and if it returns
 \&\-2 (unrecognised command) continue with processing of application specific
 commands.
 .PP
-Applications can also use \fISSL_CONF_cmd()\fR to process command lines though the
-utility function \fISSL_CONF_cmd_argv()\fR is normally used instead. One way
+Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the
+utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way
 to do this is to set the prefix to an appropriate value using
-\&\fISSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the
+\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the
 following argument to \fBvalue\fR (which may be \s-1NULL\s0).
 .PP
 In this case if the return value is positive then it is used to skip that
-number of arguments as they have been processed by \fISSL_CONF_cmd()\fR. If \-2 is
+number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is
 returned then \fBcmd\fR is not recognised and application specific arguments
 can be checked instead. If \-3 is returned a required argument is missing
 and an error is indicated. If 0 is returned some other error occurred and
 this can be reported back to the user.
 .PP
-The function \fISSL_CONF_cmd_value_type()\fR can be used by applications to
+The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to
 check for the existence of a command or to perform additional syntax
 checking or translation of the command value. For example if the return
 value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative
@@ -728,7 +731,7 @@ Set supported curves to P\-256, P\-384:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is
+\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is
 \&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it
 returns the number of arguments processed. This is useful when processing
 command lines.
@@ -744,20 +747,20 @@ error in the syntax of \fBvalue\fR in this case the error queue may provide
 additional information.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_CTX_new\fR\|(3),
-\&\fISSL_CONF_CTX_set_flags\fR\|(3),
-\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
-\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
-\&\fISSL_CONF_cmd_argv\fR\|(3),
-\&\fISSL_CTX_set_options\fR\|(3)
+\&\fBSSL_CONF_CTX_new\fR\|(3),
+\&\fBSSL_CONF_CTX_set_flags\fR\|(3),
+\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fBSSL_CONF_cmd_argv\fR\|(3),
+\&\fBSSL_CTX_set_options\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_CONF_cmd()\fR was first added to OpenSSL 1.0.2
+The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2.
 .PP
-\&\fB\s-1SSL_OP_NO_SSL2\s0\fR doesn't have effect since 1.1.0, but the macro is retained
-for backwards compatibility.
+The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro
+is retained for backwards compatibility.
 .PP
-\&\fB\s-1SSL_CONF_TYPE_NONE\s0\fR was first added to OpenSSL 1.1.0. In earlier versions of
+The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of
 OpenSSL passing a command which didn't take an argument would return
 \&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR.
 .PP
@@ -766,7 +769,7 @@ OpenSSL passing a command which didn't take an argument would return
 \&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
index c7e9c0686136a..5b729035ffdb9 100644
--- a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
+++ b/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CONF_CMD_ARGV 3"
-.TH SSL_CONF_CMD_ARGV 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CONF_CMD_ARGV 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,13 +149,13 @@ SSL_CONF_cmd_argv \- SSL configuration command line processing
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fISSL_CONF_cmd_argv()\fR processes at most two command line
+The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line
 arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR
 are updated to reflect the number of command options processed. The \fBpargc\fR
 argument can be set to \fB\s-1NULL\s0\fR if it is not used.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2
+\&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2
 or a negative error code.
 .PP
 If \-2 is returned then an argument for a command is missing.
@@ -160,14 +164,14 @@ If \-1 is returned the command is recognised but couldn't be processed due
 to an error: for example a syntax error in the argument.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_CTX_new\fR\|(3),
-\&\fISSL_CONF_CTX_set_flags\fR\|(3),
-\&\fISSL_CONF_CTX_set1_prefix\fR\|(3),
-\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3),
-\&\fISSL_CONF_cmd\fR\|(3)
+\&\fBSSL_CONF_CTX_new\fR\|(3),
+\&\fBSSL_CONF_CTX_set_flags\fR\|(3),
+\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3),
+\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3),
+\&\fBSSL_CONF_cmd\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
index 32db6fde693c9..dbe3e517ce447 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_ADD1_CHAIN_CERT 3"
-.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,21 +169,21 @@ SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_ch
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain
+\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain
 associated with the current certificate of \fBctx\fR to \fBsk\fR.
 .PP
-\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single
+\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single
 certificate \fBx509\fR to the chain associated with the current certificate of
 \&\fBctx\fR.
 .PP
-\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current
+\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current
 certificate of \fBctx\fR.
 .PP
-\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the
+\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the
 current certificate of \fBctx\fR.  (This is implemented by calling
-\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR).
+\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR).
 .PP
-\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally
+\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally
 this uses the chain store or the verify store if the chain store is not set.
 If the function is successful the built chain will replace any existing chain.
 The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use
@@ -195,22 +199,22 @@ Each of these functions operates on the \fIcurrent\fR end entity
 (i.e. server or client) certificate. This is the last certificate loaded or
 selected on the corresponding \fBctx\fR structure.
 .PP
-\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity
+\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity
 certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a
-function such as \fISSL_CTX_use_certificate()\fR.
+function such as \fBSSL_CTX_use_certificate()\fR.
 .PP
-\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR,
-\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR,
-\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR
+\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR,
+\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR,
+\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR
 are similar except they apply to \s-1SSL\s0 structure \fBssl\fR.
 .PP
-\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based
+\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based
 on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use
 the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid
 certificate after the current certificate. These two operations can be
 used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure.
 .PP
-\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR.
+\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR.
 If \fBssl\fR is a server and has sent a certificate to a connected client
 this option sets that certificate to the current certificate and returns 1.
 If the negotiated cipher suite is anonymous (and thus no certificate will
@@ -226,48 +230,48 @@ not increment reference counts and the supplied certificate or chain
 .SH "NOTES"
 .IX Header "NOTES"
 The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0
-structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected
+structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected
 by any chains subsequently changed in the parent \s-1SSL_CTX.\s0
 .PP
 One chain can be set for each key type supported by a server. So, for example,
 an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains.
 .PP
-The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can
+The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can
 be used to check application configuration and to ensure any necessary
 subordinate CAs are sent in the correct order. Misconfigured applications
 sending incorrect certificate chains often cause problems with peers.
 .PP
 For example an application can add any set of certificates using
-\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR
+\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR
 with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them.
 .PP
 Applications can issue non fatal warnings when checking chains by setting
 the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return
 value.
 .PP
-Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more
+Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more
 efficient than the automatic chain building as it is only performed once.
 Automatic chain building is performed on each new session.
 .PP
 If any certificates are added using these functions no certificates added
-using \fISSL_CTX_add_extra_chain_cert()\fR will be used.
+using \fBSSL_CTX_add_extra_chain_cert()\fR will be used.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if
+\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if
 no server certificate is used because the cipher suites is anonymous and 0
 for failure.
 .PP
-\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success
+\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success
 and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and
 a verification error occurs then 2 is returned.
 .PP
 All other functions return 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
index f3034c420fa85..f5e5c9b3f0f28 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3"
-.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,11 +150,11 @@ SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear ex
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain
+\&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain
 certificates associated with \fBctx\fR. Several certificates can be added one
 after another.
 .PP
-\&\fISSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates
+\&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates
 associated with \fBctx\fR.
 .PP
 These functions are implemented as macros.
@@ -161,9 +165,9 @@ following the end entity certificate.
 .PP
 If no chain is specified, the library will try to complete the chain from the
 available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see
-\&\fISSL_CTX_load_verify_locations\fR\|(3).
+\&\fBSSL_CTX_load_verify_locations\fR\|(3).
 .PP
-The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be
+The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be
 freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application
 \&\fBshould not\fR free the \fBx509\fR object.
 .SH "RESTRICTIONS"
@@ -172,29 +176,29 @@ Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0
 structure. Different chains for different certificates (for example if both
 \&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0
 structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this
-function. For more flexibility functions such as \fISSL_add1_chain_cert()\fR should
+function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should
 be used instead.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_add_extra_chain_cert()\fR and \fISSL_CTX_clear_extra_chain_certs()\fR return
+\&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return
 1 on success and 0 for failure. Check out the error stack to find out the
 reason for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_use_certificate\fR\|(3),
-\&\fISSL_CTX_set_client_cert_cb\fR\|(3),
-\&\fISSL_CTX_load_verify_locations\fR\|(3)
-\&\fISSL_CTX_set0_chain\fR\|(3)
-\&\fISSL_CTX_set1_chain\fR\|(3)
-\&\fISSL_CTX_add0_chain_cert\fR\|(3)
-\&\fISSL_CTX_add1_chain_cert\fR\|(3)
-\&\fISSL_set0_chain\fR\|(3)
-\&\fISSL_set1_chain\fR\|(3)
-\&\fISSL_add0_chain_cert\fR\|(3)
-\&\fISSL_add1_chain_cert\fR\|(3)
-\&\fISSL_CTX_build_cert_chain\fR\|(3)
-\&\fISSL_build_cert_chain\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_use_certificate\fR\|(3),
+\&\fBSSL_CTX_set_client_cert_cb\fR\|(3),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3)
+\&\fBSSL_CTX_set0_chain\fR\|(3)
+\&\fBSSL_CTX_set1_chain\fR\|(3)
+\&\fBSSL_CTX_add0_chain_cert\fR\|(3)
+\&\fBSSL_CTX_add1_chain_cert\fR\|(3)
+\&\fBSSL_set0_chain\fR\|(3)
+\&\fBSSL_set1_chain\fR\|(3)
+\&\fBSSL_add0_chain_cert\fR\|(3)
+\&\fBSSL_add1_chain_cert\fR\|(3)
+\&\fBSSL_CTX_build_cert_chain\fR\|(3)
+\&\fBSSL_build_cert_chain\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/SSL_CTX_add_session.3
index ad454f0a5a5ca..c7e1c81d98827 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_add_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_ADD_SESSION 3"
-.TH SSL_CTX_ADD_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_ADD_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,13 +151,13 @@ SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The
+\&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The
 reference count for session \fBc\fR is incremented by 1. If a session with
 the same session id already exists, the old session is removed by calling
-\&\fISSL_SESSION_free\fR\|(3).
+\&\fBSSL_SESSION_free\fR\|(3).
 .PP
-\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and
-marks it as non-resumable. \fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR.
+\&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and
+marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 When adding a new session to the internal session cache, it is examined
@@ -161,7 +165,7 @@ whether a session with the same session id already exists. In this case
 it is assumed that both sessions are identical. If the same session is
 stored in a different \s-1SSL_SESSION\s0 object, The old session is
 removed and replaced by the new session. If the session is actually
-identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR
+identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR
 is a no-op, and the return value is 0.
 .PP
 If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0
@@ -169,7 +173,7 @@ flag then the internal cache will not be populated automatically by new
 sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal
 cache will be searched automatically for session-resume requests (the
 latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
-application can use \fISSL_CTX_add_session()\fR directly to have full control
+application can use \fBSSL_CTX_add_session()\fR directly to have full control
 over the sessions that can be resumed if desired.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -183,9 +187,9 @@ session was not found in the cache.
 The operation succeeded.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
-\&\fISSL_SESSION_free\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_SESSION_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_config.3 b/secure/lib/libcrypto/man/SSL_CTX_config.3
index b6752c882c61b..1e404daa13bea 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_config.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_config.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_CONFIG 3"
-.TH SSL_CTX_CONFIG 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_CONFIG 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,22 +150,22 @@ SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The functions \fISSL_CTX_config()\fR and \fISSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or
+The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or
 \&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-By calling \fISSL_CTX_config()\fR or \fISSL_config()\fR an application can perform many
+By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many
 complex tasks based on the contents of the configuration file: greatly
 simplifying application configuration code. A degree of future proofing
 can also be achieved: an application can support configuration features
 in newer versions of OpenSSL automatically.
 .PP
 A configuration file must have been previously loaded, for example using
-\&\fICONF_modules_load_file()\fR. See \fIconfig\fR\|(5) for details of the configuration
+\&\fBCONF_modules_load_file()\fR. See \fBconfig\fR\|(5) for details of the configuration
 file syntax.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_config()\fR and \fISSL_config()\fR return 1 for success or 0 if an error
+\&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error
 occurred.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
@@ -204,12 +208,12 @@ In this example two certificates and the cipher list are configured without
 the need for any additional application code.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIconfig\fR\|(5),
-\&\fISSL_CONF_cmd\fR\|(3),
-\&\fICONF_modules_load_file\fR\|(3)
+\&\fBconfig\fR\|(5),
+\&\fBSSL_CONF_cmd\fR\|(3),
+\&\fBCONF_modules_load_file\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_CTX_config()\fR and \fISSL_config()\fR were first added to OpenSSL 1.1.0
+The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
index 9b6b27b937058..494d250bca82b 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_CTRL 3"
-.TH SSL_CTX_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_CTRL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,18 +153,18 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal han
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of
+The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of
 the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments
 \&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never
 be called directly. All functionalities needed are made available via
 other functions or macros.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The return values of the SSL*\fI_ctrl()\fR functions depend on the command
+The return values of the SSL*\fB_ctrl()\fR functions depend on the command
 supplied via the \fBcmd\fR parameter.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 b/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
index c9b83008cc631..76b2e96e9fe6a 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_DANE_ENABLE 3"
-.TH SSL_CTX_DANE_ENABLE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_DANE_ENABLE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,16 +165,16 @@ SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add,
 These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0)
 peer authentication.
 .PP
-\&\fISSL_CTX_dane_enable()\fR must be called first to initialize the shared state
+\&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state
 required for \s-1DANE\s0 support.
 Individual connections associated with the context can then enable
 per-connection \s-1DANE\s0 support as appropriate.
-\&\s-1DANE\s0 authentication is implemented in the \fIX509_verify_cert\fR\|(3) function, and
-applications that override \fIX509_verify_cert\fR\|(3) via
-\&\fISSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer
+\&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and
+applications that override \fBX509_verify_cert\fR\|(3) via
+\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer
 chain in whatever manner they see fit.
 .PP
-\&\fISSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the
+\&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the
 supported digest algorithms.
 This must be done before any \s-1SSL\s0 handles are created for the context.
 .PP
@@ -181,24 +185,24 @@ Algorithms with a larger strength ordinal are considered more secure.
 Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility.
 Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables
 support for that matching type.
-Matching type \fIFull\fR\|(0) cannot be modified or disabled.
+Matching type \fBFull\fR\|(0) cannot be modified or disabled.
 .PP
 By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions
 of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR
 with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR
 is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR.
 .PP
-\&\fISSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with
-\&\fISSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection.
+\&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with
+\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection.
 (The connection must be associated with a DANE-enabled \s-1SSL\s0 context).
 The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain,
 which will be the primary peer reference identifier for certificate
 name checks.
-Additional server names can be specified via \fISSL_add1_host\fR\|(3).
+Additional server names can be specified via \fBSSL_add1_host\fR\|(3).
 The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been
-specified via \fISSL_set_tlsext_host_name\fR\|(3).
+specified via \fBSSL_set_tlsext_host_name\fR\|(3).
 .PP
-\&\fISSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the
+\&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the
 \&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer.
 (This too must be done prior to the beginning of the \s-1SSL\s0 handshake).
 The arguments specify the fields of the \s-1TLSA\s0 record.
@@ -210,7 +214,7 @@ A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with
 unsupported parameters) were provided.
 A negative return value indicates an internal error in processing the record.
 .PP
-The caller is expected to check the return value of each \fISSL_dane_tlsa_add()\fR
+The caller is expected to check the return value of each \fBSSL_dane_tlsa_add()\fR
 call and take appropriate action if none are usable or an internal error
 is encountered in processing some records.
 .PP
@@ -219,37 +223,37 @@ and authentication will be based on any configured traditional trust-anchors;
 authentication success in this case does not mean that the peer was
 DANE-authenticated.
 .PP
-\&\fISSL_get0_dane_authority()\fR can be used to get more detailed information about
+\&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about
 the matched \s-1DANE\s0 trust-anchor after successful connection completion.
 The return value is negative if \s-1DANE\s0 verification failed (or was not enabled),
 0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive
 number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate.
-The complete verified chain can be retrieved via \fISSL_get0_verified_chain\fR\|(3).
+The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3).
 The return value is an index into this verified chain, rather than the list of
-certificates sent by the peer as returned by \fISSL_get_peer_cert_chain\fR\|(3).
+certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3).
 .PP
 If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain
 certificate, a pointer to the matching certificate is returned via \fBmcert\fR.
 The returned address is a short-term internal reference to the certificate and
 must not be freed by the application.
 Applications that want to retain access to the certificate can call
-\&\fIX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via
-\&\fIX509_free\fR\|(3) once no longer needed.
+\&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via
+\&\fBX509_free\fR\|(3) once no longer needed.
 .PP
 If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but
-a \s-1\fIDANE\-TA\s0\fR\|(2) \s-1\fISPKI\s0\fR\|(1) \fIFull\fR\|(0) record provided the public key that signed an
+a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an
 element of the chain, then that key is returned via \fBmspki\fR argument (if not
 \&\s-1NULL\s0).
 In this case the return value is the depth of the top-most element of the
 validated certificate chain.
 As with \fBmcert\fR this is a short-term internal reference, and
-\&\fIEVP_PKEY_up_ref\fR\|(3) and \fIEVP_PKEY_free\fR\|(3) can be used to acquire and
+\&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and
 release long-term references respectively.
 .PP
-\&\fISSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that
+\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that
 matched the peer certificate chain.
 The return value indicates the match depth or failure to match just as with
-\&\fISSL_get0_dane_authority()\fR.
+\&\fBSSL_get0_dane_authority()\fR.
 When the return value is non-negative, the storage pointed to by the \fBusage\fR,
 \&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding
 \&\s-1TLSA\s0 record fields.
@@ -260,9 +264,9 @@ The \fBdata\fR parameter is set to a short-term internal-copy of the associated
 data field and must not be freed by the application.
 Applications that need long-term access to this field need to copy the content.
 .PP
-\&\fISSL_CTX_dane_set_flags()\fR and \fISSL_dane_set_flags()\fR can be used to enable
+\&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable
 optional \s-1DANE\s0 verification features.
-\&\fISSL_CTX_dane_clear_flags()\fR and \fISSL_dane_clear_flags()\fR can be used to disable
+\&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable
 the same features.
 The \fBflags\fR argument is a bitmask of the features to enable or disable.
 The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle
@@ -272,7 +276,7 @@ for the handle.
 .PP
 At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR
 which can be used to disable server name checks when authenticating via
-\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records.
+\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records.
 For some applications, primarily web browsers, it is not safe to disable name
 checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can
 convince a client that a connection to a victim server is instead a secure
@@ -280,7 +284,7 @@ connection to the malicious server.
 The malicious server may then be able to violate cross-origin scripting
 restrictions.
 Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for
-\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe
+\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe
 to do so.
 In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0
 records already make it possible for a remote domain to redirect client
@@ -288,8 +292,8 @@ connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMP
 do not execute scripts downloaded from remote servers.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The functions \fISSL_CTX_dane_enable()\fR, \fISSL_CTX_dane_mtype_set()\fR,
-\&\fISSL_dane_enable()\fR and \fISSL_dane_tlsa_add()\fR return a positive value on success.
+The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR,
+\&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success.
 Negative return values indicate resource problems (out of memory, etc.) in the
 \&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid
 input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or
@@ -298,14 +302,14 @@ Invalid input also includes malformed data, either a digest length that does
 not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form)
 certificate or a public key that fails to parse.
 .PP
-The functions \fISSL_get0_dane_authority()\fR and \fISSL_get0_dane_tlsa()\fR return a
+The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a
 negative value when \s-1DANE\s0 authentication failed or was not enabled, a
 non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a
 chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0
 record is a full public key that is its signer.
 .PP
-The functions \fISSL_CTX_dane_set_flags()\fR, \fISSL_CTX_dane_clear_flags()\fR,
-\&\fISSL_dane_set_flags()\fR and \fISSL_dane_clear_flags()\fR return the \fBflags\fR in effect
+The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR,
+\&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect
 before they were called.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
@@ -460,7 +464,7 @@ are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s
 even cleartext.
 .PP
 Such applications should generally treat any \s-1TLSA\s0 records published by the peer
-with usages \s-1\fIPKIX\-TA\s0\fR\|(0) and \s-1\fIPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include
+with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include
 them among the \s-1TLSA\s0 records used to authenticate peer connections.
 In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a
 result of invalid or unsupported parameters.
@@ -469,31 +473,31 @@ When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportuni
 application must avoid cleartext, but cannot authenticate the peer,
 and so should generally proceed with an unauthenticated connection.
 Opportunistic applications need to note the return value of each
-call to \fISSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid
+call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid
 or unsupported parameters) disable peer authentication by calling
-\&\fISSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR.
+\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_new\fR\|(3),
-\&\fISSL_add1_host\fR\|(3),
-\&\fISSL_set_hostflags\fR\|(3),
-\&\fISSL_set_tlsext_host_name\fR\|(3),
-\&\fISSL_set_verify\fR\|(3),
-\&\fISSL_CTX_set_cert_verify_callback\fR\|(3),
-\&\fISSL_get0_verified_chain\fR\|(3),
-\&\fISSL_get_peer_cert_chain\fR\|(3),
-\&\fISSL_get_verify_result\fR\|(3),
-\&\fISSL_connect\fR\|(3),
-\&\fISSL_get0_peername\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3),
-\&\fIX509_up_ref\fR\|(3),
-\&\fIX509_free\fR\|(3),
-\&\fIEVP_get_digestbyname\fR\|(3),
-\&\fIEVP_PKEY_up_ref\fR\|(3),
-\&\fIEVP_PKEY_free\fR\|(3)
+\&\fBSSL_new\fR\|(3),
+\&\fBSSL_add1_host\fR\|(3),
+\&\fBSSL_set_hostflags\fR\|(3),
+\&\fBSSL_set_tlsext_host_name\fR\|(3),
+\&\fBSSL_set_verify\fR\|(3),
+\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3),
+\&\fBSSL_get0_verified_chain\fR\|(3),
+\&\fBSSL_get_peer_cert_chain\fR\|(3),
+\&\fBSSL_get_verify_result\fR\|(3),
+\&\fBSSL_connect\fR\|(3),
+\&\fBSSL_get0_peername\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3),
+\&\fBX509_up_ref\fR\|(3),
+\&\fBX509_free\fR\|(3),
+\&\fBEVP_get_digestbyname\fR\|(3),
+\&\fBEVP_PKEY_up_ref\fR\|(3),
+\&\fBEVP_PKEY_free\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
index 8d4509a7be52a..0983894cbb8f3 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_FLUSH_SESSIONS 3"
-.TH SSL_CTX_FLUSH_SESSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_FLUSH_SESSIONS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,35 +149,35 @@ SSL_CTX_flush_sessions \- remove expired sessions
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of
+\&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of
 \&\fBctx\fR to remove sessions expired at time \fBtm\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 If enabled, the internal session cache will collect all sessions established
-up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR).
+up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR).
 As sessions will not be reused ones they are expired, they should be
 removed from the cache to save resources. This can either be done
 automatically whenever 255 new sessions were established (see
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3))
-or manually by calling \fISSL_CTX_flush_sessions()\fR.
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3))
+or manually by calling \fBSSL_CTX_flush_sessions()\fR.
 .PP
 The parameter \fBtm\fR specifies the time which should be used for the
-expiration test, in most cases the actual time given by \fItime\fR\|(0)
+expiration test, in most cases the actual time given by \fBtime\fR\|(0)
 will be used.
 .PP
-\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal
+\&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal
 cache. When a session is found and removed, the remove_session_cb is however
 called to synchronize with the external cache (see
-\&\fISSL_CTX_sess_set_get_cb\fR\|(3)).
+\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_flush_sessions()\fR does not return a value.
+\&\fBSSL_CTX_flush_sessions()\fR does not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
-\&\fISSL_CTX_set_timeout\fR\|(3),
-\&\fISSL_CTX_sess_set_get_cb\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_CTX_set_timeout\fR\|(3),
+\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libcrypto/man/SSL_CTX_free.3
index 702b9af168f65..f4956d189b8a2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_free.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_FREE 3"
-.TH SSL_CTX_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,29 +149,29 @@ SSL_CTX_free \- free an allocated SSL_CTX object
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the
+\&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the
 \&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0.
 .PP
-It also calls the \fIfree()\fRing procedures for indirectly affected items, if
+It also calls the \fBfree()\fRing procedures for indirectly affected items, if
 applicable: the session cache, the list of ciphers, the list of Client CAs,
 the certificates and keys.
 .PP
 If \fBctx\fR is \s-1NULL\s0 nothing is done.
 .SH "WARNINGS"
 .IX Header "WARNINGS"
-If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this
+If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this
 callback will be called for each session being freed from \fBctx\fR's
 session cache. This implies, that all corresponding sessions from an
 external session cache are removed as well. If this is not desired, the user
 should explicitly unset the callback by calling
-SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR.
+SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_free()\fR does not provide diagnostic information.
+\&\fBSSL_CTX_free()\fR does not provide diagnostic information.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(7),
-\&\fISSL_CTX_sess_set_get_cb\fR\|(3)
+\&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7),
+\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 b/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
index 94f0d5d1747e8..d1a5567f20bcd 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_GET0_PARAM 3"
-.TH SSL_CTX_GET0_PARAM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_GET0_PARAM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,16 +152,16 @@ SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get an
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR retrieve an internal pointer to
+\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to
 the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned
 pointer must not be freed by the calling application.
 .PP
-\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR set the verification parameters
+\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters
 to \fBvpm\fR for \fBctx\fR or \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure
-using \fISSL_CTX_get0_param()\fR or \fISSL_get0_param()\fR and an application modifies
+using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies
 them to suit its needs: for example to add a hostname check.
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
@@ -169,17 +173,17 @@ Check hostname matches \*(L"www.foo.com\*(R" in peer certificate:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR return a pointer to an
+\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an
 \&\fBX509_VERIFY_PARAM\fR structure.
 .PP
-\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR return 1 for success and 0
+\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0
 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3)
+\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
index c0cdcfcaafde1..888a1d8b3189d 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_GET_VERIFY_MODE 3"
-.TH SSL_CTX_GET_VERIFY_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_GET_VERIFY_MODE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,25 +154,25 @@ SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in
+\&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in
 \&\fBctx\fR.
 .PP
-\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in
+\&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in
 \&\fBssl\fR.
 .PP
-\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set
+\&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set
 in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the
 default value will be used.
 .PP
-\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set
+\&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set
 in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the
 default value will be used.
 .PP
-\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification
+\&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification
 callback currently set in \fBctx\fR. If no callback was explicitly set, the
 \&\s-1NULL\s0 pointer is returned and the default callback will be used.
 .PP
-\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification
+\&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification
 callback currently set in \fBssl\fR. If no callback was explicitly set, the
 \&\s-1NULL\s0 pointer is returned and the default callback will be used.
 .SH "RETURN VALUES"
@@ -176,7 +180,7 @@ callback currently set in \fBssl\fR. If no callback was explicitly set, the
 See \s-1DESCRIPTION\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 b/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
index 4fee378010d70..9ac39f7b3ebb7 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3"
-.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,15 +149,15 @@ SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a
-client extension of type \fBext_type\fR using \fISSL_CTX_add_client_custom_ext()\fR.
+\&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a
+client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 Returns 1 if a handler has been set, 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_add_client_custom_ext\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_add_client_custom_ext\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
index 83fd67e9fa901..663212fd1d560 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3"
-.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,11 +156,11 @@ SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_def
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at
+\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at
 which \s-1CA\s0 certificates for verification purposes are located. The certificates
 available via \fBCAfile\fR and \fBCApath\fR are trusted.
 .PP
-\&\fISSL_CTX_set_default_verify_paths()\fR specifies that the default locations from
+\&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from
 which \s-1CA\s0 certificates are loaded should be used. There is one default directory
 and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in
 the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment
@@ -164,12 +168,12 @@ variable can be defined to override this location. The default \s-1CA\s0 certifi
 file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the
 \&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location.
 .PP
-\&\fISSL_CTX_set_default_verify_dir()\fR is similar to
-\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default directory is
+\&\fBSSL_CTX_set_default_verify_dir()\fR is similar to
+\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is
 used.
 .PP
-\&\fISSL_CTX_set_default_verify_file()\fR is similar to
-\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default file is
+\&\fBSSL_CTX_set_default_verify_file()\fR is similar to
+\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is
 used.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -185,7 +189,7 @@ format. The file can contain several \s-1CA\s0 certificates identified by
 sequences. Before, between, and after the certificates text is allowed
 which can be used e.g. for descriptions of the certificates.
 .PP
-The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR
+The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR
 function.
 .PP
 If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates
@@ -214,14 +218,14 @@ In server mode, when requesting a client certificate, the server must send
 the list of CAs of which it will accept client certificates. This list
 is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must
 explicitly be set using the
-\&\fISSL_CTX_set_client_CA_list\fR\|(3)
+\&\fBSSL_CTX_set_client_CA_list\fR\|(3)
 family of functions.
 .PP
 When building its own certificate chain, an OpenSSL client/server will
 try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the
 certificate chain was not explicitly specified (see
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3),
-\&\fISSL_CTX_use_certificate\fR\|(3).
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3),
+\&\fBSSL_CTX_use_certificate\fR\|(3).
 .SH "WARNINGS"
 .IX Header "WARNINGS"
 If several \s-1CA\s0 certificates matching the name, key identifier, and serial
@@ -261,18 +265,18 @@ stack to find out the reason.
 .IX Item "1"
 The operation succeeded.
 .PP
-\&\fISSL_CTX_set_default_verify_paths()\fR, \fISSL_CTX_set_default_verify_dir()\fR and
-\&\fISSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A
+\&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and
+\&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A
 missing default location is still treated as a success.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_client_CA_list\fR\|(3),
-\&\fISSL_get_client_CA_list\fR\|(3),
-\&\fISSL_CTX_use_certificate\fR\|(3),
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3),
-\&\fISSL_CTX_set_cert_store\fR\|(3),
-\&\fISSL_CTX_set_client_CA_list\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_client_CA_list\fR\|(3),
+\&\fBSSL_get_client_CA_list\fR\|(3),
+\&\fBSSL_CTX_use_certificate\fR\|(3),
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3),
+\&\fBSSL_CTX_set_cert_store\fR\|(3),
+\&\fBSSL_CTX_set_client_CA_list\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3
index ae7108110c86f..a438f6b23f5b4 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_new.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_NEW 3"
-.TH SSL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -194,12 +198,12 @@ TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_C
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to
+\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to
 establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is
 reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments
 the reference count. Freeing it (using SSL_CTX_free) decrements it. When the
 reference count drops to zero, any memory or resources allocated to the
-\&\fB\s-1SSL_CTX\s0\fR object are freed. \fISSL_CTX_up_ref()\fR increments the reference count for
+\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for
 an existing \fB\s-1SSL_CTX\s0\fR structure.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -207,7 +211,7 @@ The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method.
 The methods exist in a generic type (for client and server use), a server only
 type, and a client only type.
 \&\fBmethod\fR can be of the following types:
-.IP "\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR" 4
+.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4
 .IX Item "TLS_method(), TLS_server_method(), TLS_client_method()"
 These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods.
 The actual protocol version used will be negotiated to the highest version
@@ -215,53 +219,53 @@ mutually supported by the client and the server.
 The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
 Applications should use these methods, and avoid the version-specific
 methods described below.
-.IP "\fISSLv23_method()\fR, \fISSLv23_server_method()\fR, \fISSLv23_client_method()\fR" 4
+.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4
 .IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()"
 Use of these functions is deprecated. They have been replaced with the above
-\&\fITLS_method()\fR, \fITLS_server_method()\fR and \fITLS_client_method()\fR respectively. New
+\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. New
 code should use those functions instead.
-.IP "\fITLSv1_2_method()\fR, \fITLSv1_2_server_method()\fR, \fITLSv1_2_client_method()\fR" 4
+.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4
 .IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()"
 A \s-1TLS/SSL\s0 connection established with these methods will only understand the
 TLSv1.2 protocol.
-.IP "\fITLSv1_1_method()\fR, \fITLSv1_1_server_method()\fR, \fITLSv1_1_client_method()\fR" 4
+.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4
 .IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()"
 A \s-1TLS/SSL\s0 connection established with these methods will only understand the
 TLSv1.1 protocol.
-.IP "\fITLSv1_method()\fR, \fITLSv1_server_method()\fR, \fITLSv1_client_method()\fR" 4
+.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4
 .IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()"
 A \s-1TLS/SSL\s0 connection established with these methods will only understand the
 TLSv1 protocol.
-.IP "\fISSLv3_method()\fR, \fISSLv3_server_method()\fR, \fISSLv3_client_method()\fR" 4
+.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4
 .IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()"
 A \s-1TLS/SSL\s0 connection established with these methods will only understand the
 SSLv3 protocol.
 The SSLv3 protocol is deprecated and should not be used.
-.IP "\fIDTLS_method()\fR, \fIDTLS_server_method()\fR, \fIDTLS_client_method()\fR" 4
+.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4
 .IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()"
 These are the version-flexible \s-1DTLS\s0 methods.
 Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0
-.IP "\fIDTLSv1_2_method()\fR, \fIDTLSv1_2_server_method()\fR, \fIDTLSv1_2_client_method()\fR" 4
+.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4
 .IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()"
 These are the version-specific methods for DTLSv1.2.
-.IP "\fIDTLSv1_method()\fR, \fIDTLSv1_server_method()\fR, \fIDTLSv1_client_method()\fR" 4
+.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4
 .IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()"
 These are the version-specific methods for DTLSv1.
 .PP
-\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the
+\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the
 callbacks, the keys and certificates and the options to their default values.
 .PP
-\&\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR, \fIDTLS_method()\fR,
-\&\fIDTLS_server_method()\fR and \fIDTLS_client_method()\fR are the \fIversion-flexible\fR
+\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR,
+\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR
 methods.
 All other methods only support one specific protocol version.
 Use the \fIversion-flexible\fR methods instead of the version specific methods.
 .PP
 If you want to limit the supported protocols for the version flexible
-methods you can use \fISSL_CTX_set_min_proto_version\fR\|(3),
-\&\fISSL_set_min_proto_version\fR\|(3), \fISSL_CTX_set_max_proto_version\fR\|(3) and
-\&\fISSL_set_max_proto_version\fR\|(3) functions.
-Using these functions it is possible to choose e.g. \fITLS_server_method()\fR
+methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3),
+\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and
+\&\fBSSL_set_max_proto_version\fR\|(3) functions.
+Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR
 and be able to negotiate with all possible clients, but to only
 allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0
 .PP
@@ -269,7 +273,7 @@ The list of protocols available can also be limited using the
 \&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR,
 \&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR
 options of the
-\&\fISSL_CTX_set_options\fR\|(3) or \fISSL_set_options\fR\|(3) functions, but this approach
+\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach
 is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of
 protocols they support. When disabling a protocol, make sure that you also
 disable either all previous or all subsequent protocol versions.
@@ -278,7 +282,7 @@ previous protocol versions, the effect is to also disable all subsequent
 protocol versions.
 .PP
 The SSLv3 protocol is deprecated and should generally not be used.
-Applications should typically use \fISSL_CTX_set_min_proto_version\fR\|(3) to set
+Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set
 the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -291,22 +295,22 @@ the reason.
 .IX Item "Pointer to an SSL_CTX object"
 The return value points to an allocated \s-1SSL_CTX\s0 object.
 .Sp
-\&\fISSL_CTX_up_ref()\fR returns 1 for success and 0 for failure.
+\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure.
 .SH "HISTORY"
 .IX Header "HISTORY"
-Support for SSLv2 and the corresponding \fISSLv2_method()\fR,
-\&\fISSLv2_server_method()\fR and \fISSLv2_client_method()\fR functions where
+Support for SSLv2 and the corresponding \fBSSLv2_method()\fR,
+\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where
 removed in OpenSSL 1.1.0.
 .PP
-\&\fISSLv23_method()\fR, \fISSLv23_server_method()\fR and \fISSLv23_client_method()\fR
-were deprecated and the preferred \fITLS_method()\fR, \fITLS_server_method()\fR
-and \fITLS_client_method()\fR functions were introduced in OpenSSL 1.1.0.
+\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR
+were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR
+and \fBTLS_client_method()\fR functions were introduced in OpenSSL 1.1.0.
 .PP
 All version-specific methods were deprecated in OpenSSL 1.1.0.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3),
-\&\fISSL_CTX_set_min_proto_version\fR\|(3), \fIssl\fR\|(7), \fISSL_set_connect_state\fR\|(3)
+\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3),
+\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
index 24f80480844f1..bea9ee15ae9af 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SESS_NUMBER 3"
-.TH SSL_CTX_SESS_NUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SESS_NUMBER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,53 +160,53 @@ SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_se
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal
+\&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal
 session cache.
 .PP
-\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in
+\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in
 client mode.
 .PP
-\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established
+\&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established
 \&\s-1SSL/TLS\s0 sessions in client mode.
 .PP
-\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations
+\&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations
 in client mode.
 .PP
-\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in
+\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in
 server mode.
 .PP
-\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established
+\&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established
 \&\s-1SSL/TLS\s0 sessions in server mode.
 .PP
-\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations
+\&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations
 in server mode.
 .PP
-\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions.
-In client mode a session set with \fISSL_set_session\fR\|(3)
+\&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions.
+In client mode a session set with \fBSSL_set_session\fR\|(3)
 successfully reused is counted as a hit. In server mode a session successfully
 retrieved from internal or external cache is counted as a hit.
 .PP
-\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions
+\&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions
 from the external session cache in server mode.
 .PP
-\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients
+\&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients
 that were not found in the internal session cache in server mode.
 .PP
-\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients
+\&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients
 and either found in the internal or external session cache in server mode,
  but that were invalid due to timeout. These sessions are not included in
-the \fISSL_CTX_sess_hits()\fR count.
+the \fBSSL_CTX_sess_hits()\fR count.
 .PP
-\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed
+\&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed
 because the maximum session cache size was exceeded.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The functions return the values indicated in the \s-1DESCRIPTION\s0 section.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
-\&\fISSL_CTX_sess_set_cache_size\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)
+\&\fBSSL_CTX_sess_set_cache_size\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
index 1e21c15ffa3a5..0a849443926fc 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3"
-.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,22 +150,22 @@ SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session c
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache
+\&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache
 of context \fBctx\fR to \fBt\fR.
 This value is a hint and not an absolute; see the notes below.
 .PP
-\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size.
+\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size.
 .SH "NOTES"
 .IX Header "NOTES"
 The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0
 currently 1024*20, so that up to 20000 sessions can be held. This size
-can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special
+can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special
 case is the size 0, which is used for unlimited size.
 .PP
 If adding the session makes the cache exceed its size, then unused
 sessions are dropped from the end of the cache.
 Cache space may also be reclaimed by calling
-\&\fISSL_CTX_flush_sessions\fR\|(3) to remove
+\&\fBSSL_CTX_flush_sessions\fR\|(3) to remove
 expired sessions.
 .PP
 If the size of the session cache is reduced and more sessions are already
@@ -170,15 +174,15 @@ session shall be added. This removal is not synchronized with the
 expiration of sessions.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size.
+\&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size.
 .PP
-\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size.
+\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
-\&\fISSL_CTX_sess_number\fR\|(3),
-\&\fISSL_CTX_flush_sessions\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_CTX_sess_number\fR\|(3),
+\&\fBSSL_CTX_flush_sessions\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
index 87db05672f8ef..e1f1f1a6195a6 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SESS_SET_GET_CB 3"
-.TH SSL_CTX_SESS_SET_GET_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SESS_SET_GET_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,22 +165,22 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically
+\&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically
 called whenever a new session was negotiated.
 .PP
-\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is
+\&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is
 automatically called whenever a session is removed by the \s-1SSL\s0 engine,
 because it is considered faulty or the session has become obsolete because
 of exceeding the timeout value.
 .PP
-\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called,
+\&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function which is called,
 whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session
 could not be found in the internal session cache (see
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3)).
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)).
 (\s-1SSL/TLS\s0 server only.)
 .PP
-\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and
-\&\fISSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the
+\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and
+\&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the
 corresponding set callback functions. If a callback function has not been
 set, the \s-1NULL\s0 pointer is returned.
 .SH "NOTES"
@@ -184,53 +188,53 @@ set, the \s-1NULL\s0 pointer is returned.
 In order to allow external session caching, synchronization with the internal
 session cache is realized via callback functions. Inside these callback
 functions, session can be saved to disk or put into a database using the
-\&\fId2i_SSL_SESSION\fR\|(3) interface.
+\&\fBd2i_SSL_SESSION\fR\|(3) interface.
 .PP
-The \fInew_session_cb()\fR is called, whenever a new session has been negotiated
+The \fBnew_session_cb()\fR is called, whenever a new session has been negotiated
 and session caching is enabled (see
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3)).
-The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)).
+The \fBnew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session
 \&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately
 removed again. Note that in TLSv1.3, sessions are established after the main
 handshake has completed. The server decides when to send the client the session
 information and this may occur some time after the end of the handshake (or not
-at all). This means that applications should expect the \fInew_session_cb()\fR
+at all). This means that applications should expect the \fBnew_session_cb()\fR
 function to be invoked during the handshake (for <= TLSv1.2) or after the
 handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to
-be established with a single connection. In these case the \fInew_session_cb()\fR
+be established with a single connection. In these case the \fBnew_session_cb()\fR
 function will be invoked multiple times.
 .PP
 In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for
 resumption once. One way of enforcing that is for applications to call
-\&\fISSL_CTX_remove_session\fR\|(3) after a session has been used.
+\&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used.
 .PP
-The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session
+The \fBremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session
 from the internal cache. This happens when the session is removed because
 it is expired or when a connection was not shutdown cleanly. It also happens
 for all sessions in the internal session cache when
-\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed
+\&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed
 the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback.
 .PP
-The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id
-proposed by the client. The \fIget_session_cb()\fR is always called, also when
-session caching was disabled. The \fIget_session_cb()\fR is passed the
+The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id
+proposed by the client. The \fBget_session_cb()\fR is always called, also when
+session caching was disabled. The \fBget_session_cb()\fR is passed the
 \&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location
 \&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the
 \&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object,
 Normally the reference count is not incremented and therefore the
 session must not be explicitly freed with
-\&\fISSL_SESSION_free\fR\|(3).
+\&\fBSSL_SESSION_free\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR and \fISSL_CTX_sess_get_get_cb()\fR
+\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR and \fBSSL_CTX_sess_get_get_cb()\fR
 return different callback function pointers respectively.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fId2i_SSL_SESSION\fR\|(3),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
-\&\fISSL_CTX_flush_sessions\fR\|(3),
-\&\fISSL_SESSION_free\fR\|(3),
-\&\fISSL_CTX_free\fR\|(3)
+\&\fBssl\fR\|(7), \fBd2i_SSL_SESSION\fR\|(3),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_CTX_flush_sessions\fR\|(3),
+\&\fBSSL_SESSION_free\fR\|(3),
+\&\fBSSL_CTX_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_sessions.3
index 58cc0874978f5..80658f5d7de1f 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sessions.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SESSIONS 3"
-.TH SSL_CTX_SESSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SESSIONS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,25 +149,25 @@ SSL_CTX_sessions \- access internal session cache
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the
+\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the
 internal session cache for \fBctx\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The sessions in the internal session cache are kept in an
-\&\s-1\fILHASH\s0\fR\|(3) type database. It is possible to directly
+\&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly
 access this database e.g. for searching. In parallel, the sessions
 form a linked list which is maintained separately from the
-\&\s-1\fILHASH\s0\fR\|(3) operations, so that the database must not be
+\&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be
 modified directly but by using the
-\&\fISSL_CTX_add_session\fR\|(3) family of functions.
+\&\fBSSL_CTX_add_session\fR\|(3) family of functions.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR.
+\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \s-1\fILHASH\s0\fR\|(3),
-\&\fISSL_CTX_add_session\fR\|(3),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
+\&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3),
+\&\fBSSL_CTX_add_session\fR\|(3),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
index b472fd76f94e8..85154140df4a5 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET0_CA_LIST 3"
-.TH SSL_CTX_SET0_CA_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET0_CA_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,7 +169,7 @@ between two communicating peers.
 For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the
 server to the client when requesting a client certificate. So any list of \s-1CA\s0
 names set is never sent from client to server and the list of \s-1CA\s0 names retrieved
-by \fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR.
+by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR.
 .PP
 For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR
 extension and may be sent by a client (in the ClientHello message) or by
@@ -182,34 +186,34 @@ should be avoided unless required.
 The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the
 server side.
 .PP
-\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
+\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
 requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred
 to \fBctx\fR and it should not be freed by the caller.
 .PP
-\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
+\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
 requesting a client certificate for the chosen \fBssl\fR, overriding the
 setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred
 to \fBs\fR and it should not be freed by the caller.
 .PP
-\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for
-\&\fBctx\fR using \fISSL_CTX_set_client_CA_list()\fR. The returned list should not be freed
+\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for
+\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed
 by the caller.
 .PP
-\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly
-set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with
-\&\fISSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode,
+\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly
+set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with
+\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode,
 SSL_get_client_CA_list returns the list of client CAs sent from the server, if
 any. The returned list should not be freed by the caller.
 .PP
-\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
+\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
 list of CAs sent to the client when requesting a client certificate for
 \&\fBctx\fR.
 .PP
-\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
+\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
 list of CAs sent to the client when requesting a client certificate for
 the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object.
 .PP
-\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer
+\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer
 has sent. This can be called on either the server or the client side. The
 returned list should not be freed by the caller.
 .PP
@@ -223,63 +227,63 @@ Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions sh
 preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on
 the client side.
 .PP
-\&\fISSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to
+\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to
 \&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and
 it should not be freed by the caller.
 .PP
-\&\fISSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR
+\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR
 overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of
 \&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller.
 .PP
-\&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for
+\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for
 \&\fBctx\fR. The returned list should not be freed by the caller.
 .PP
-\&\fISSL_get0_CA_list()\fR retrieves any previously set list of CAs set for
+\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for
 \&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The
 returned list should not be freed by the caller.
 .PP
-\&\fISSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
+\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
 list of CAs sent to peer for \fBctx\fR.
 .PP
-\&\fISSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
+\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
 list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent
 \&\fB\s-1SSL_CTX\s0\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 When a \s-1TLS/SSL\s0 server requests a client certificate (see
-\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept
+\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept
 certificates, to the client.
 .PP
-This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR or
-\&\fISSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fISSL_set_client_CA_list()\fR or
-\&\fISSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified
+This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or
+\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or
+\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified
 overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR
 only contains the names, not the complete certificates); use
-\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification.
+\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification.
 .PP
 If the list of acceptable CAs is compiled in a file, the
-\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help to import the
+\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the
 necessary data.
 .PP
-\&\fISSL_CTX_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR, \fISSL_add_client_CA()\fR and
-\&\fISSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no
-list was specified before using \fISSL_CTX_set_client_CA_list()\fR,
-\&\fISSL_CTX_set0_CA_list()\fR, \fISSL_set_client_CA_list()\fR or \fISSL_set0_CA_list()\fR, a
+\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and
+\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no
+list was specified before using \fBSSL_CTX_set_client_CA_list()\fR,
+\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a
 new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR,
-\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, \fISSL_CTX_set0_CA_list()\fR
-and \fISSL_set0_CA_list()\fR do not return a value.
+\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR,
+\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR
+and \fBSSL_set0_CA_list()\fR do not return a value.
 .PP
-\&\fISSL_CTX_get_client_CA_list()\fR, \fISSL_get_client_CA_list()\fR, \fISSL_CTX_get0_CA_list()\fR
-and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are
+\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR
+and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are
 set.
 .PP
-\&\fISSL_CTX_add_client_CA()\fR,\fISSL_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR and
-\&\fISSL_add1_to_CA_list()\fR return 1 for success and 0 for failure.
+\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and
+\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure.
 .PP
-\&\fISSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or
+\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or
 \&\fB\s-1NULL\s0\fR or an empty stack if no list was sent.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
@@ -290,12 +294,12 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_load_client_CA_file\fR\|(3),
-\&\fISSL_CTX_load_verify_locations\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_load_client_CA_file\fR\|(3),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
index 4ecaa4c28253b..8ba0f7a0bc70b 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET1_CURVES 3"
-.TH SSL_CTX_SET1_CURVES 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET1_CURVES 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -164,20 +168,20 @@ SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_
 For all of the functions below that set the supported groups there must be at
 least one group in the list.
 .PP
-\&\fISSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR
+\&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR
 groups in the array \fBglist\fR. The array consist of all NIDs of groups in
 preference order. For a \s-1TLS\s0 client the groups are used directly in the
 supported groups extension. For a \s-1TLS\s0 server the groups are used to
 determine the set of shared groups.
 .PP
-\&\fISSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to
+\&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to
 string \fBlist\fR. The string is a colon separated list of group NIDs or
 names, for example \*(L"P\-521:P\-384:P\-256\*(R".
 .PP
-\&\fISSL_set1_groups()\fR and \fISSL_set1_groups_list()\fR are similar except they set
+\&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set
 supported groups for the \s-1SSL\s0 structure \fBssl\fR.
 .PP
-\&\fISSL_get1_groups()\fR returns the set of supported groups sent by a client
+\&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client
 in the supported groups extension. It returns the total number of
 supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply
 return the number of groups for memory allocation purposes. The
@@ -185,7 +189,7 @@ return the number of groups for memory allocation purposes. The
 order. It can return zero if the client did not send a supported groups
 extension.
 .PP
-\&\fISSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side
+\&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side
 \&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is
 returned, which may be zero. Other than for diagnostic purposes,
 most applications will only be interested in the first shared group
@@ -206,24 +210,24 @@ configuration purposes either on a command line or in a file it should
 consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set1_groups()\fR, \fISSL_CTX_set1_groups_list()\fR, \fISSL_set1_groups()\fR and
-\&\fISSL_set1_groups_list()\fR, return 1 for success and 0 for failure.
+\&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and
+\&\fBSSL_set1_groups_list()\fR, return 1 for success and 0 for failure.
 .PP
-\&\fISSL_get1_groups()\fR returns the number of groups, which may be zero.
+\&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero.
 .PP
-\&\fISSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there
+\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there
 is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR
 is \-1.
 .PP
-When called on a client \fBssl\fR, \fISSL_get_shared_group()\fR has no meaning and
+When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and
 returns \-1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The curve functions were first added to OpenSSL 1.0.2. The equivalent group
-functions were first added to OpenSSL 1.1.1.
+The curve functions were added in OpenSSL 1.0.2. The equivalent group
+functions were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
index a9df67fd5a634..47b6e8640e0f7 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET1_SIGALGS 3"
-.TH SSL_CTX_SET1_SIGALGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET1_SIGALGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,23 +157,23 @@ SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_siga
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set1_sigalgs()\fR and \fISSL_set1_sigalgs()\fR set the supported signature
+\&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature
 algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR
 must consist of pairs of NIDs corresponding to digest and public key
 algorithms.
 .PP
-\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR set the supported
+\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR set the supported
 signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter
 must be a null terminated string consisting of a colon separated list of
 elements, where each element is either a combination of a public key
 algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named
 SignatureScheme such as rsa_pss_pss_sha256.
 .PP
-\&\fISSL_CTX_set1_client_sigalgs()\fR, \fISSL_set1_client_sigalgs()\fR,
-\&\fISSL_CTX_set1_client_sigalgs_list()\fR and \fISSL_set1_client_sigalgs_list()\fR set
+\&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR,
+\&\fBSSL_CTX_set1_client_sigalgs_list()\fR and \fBSSL_set1_client_sigalgs_list()\fR set
 signature algorithms related to client authentication, otherwise they are
-identical to \fISSL_CTX_set1_sigalgs()\fR, \fISSL_set1_sigalgs()\fR,
-\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR.
+identical to \fBSSL_CTX_set1_sigalgs()\fR, \fBSSL_set1_sigalgs()\fR,
+\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR.
 .PP
 All these functions are implemented as macros. The signature algorithm
 parameter (integer array or string) is not freed: the application should
@@ -233,8 +237,8 @@ using a string:
 All these functions return 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_shared_sigalgs\fR\|(3),
-\&\fISSL_CONF_CTX_new\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3),
+\&\fBSSL_CONF_CTX_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
index 69b7abdabd9ab..41437a2bbe968 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3"
-.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,14 +157,14 @@ SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_cha
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set0_verify_cert_store()\fR and \fISSL_CTX_set1_verify_cert_store()\fR
+\&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR
 set the certificate store used for certificate verification to \fBst\fR.
 .PP
-\&\fISSL_CTX_set0_chain_cert_store()\fR and \fISSL_CTX_set1_chain_cert_store()\fR
+\&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR
 set the certificate store used for certificate chain building to \fBst\fR.
 .PP
-\&\fISSL_set0_verify_cert_store()\fR, \fISSL_set1_verify_cert_store()\fR,
-\&\fISSL_set0_chain_cert_store()\fR and \fISSL_set1_chain_cert_store()\fR are similar
+\&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR,
+\&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar
 except they apply to \s-1SSL\s0 structure \fBssl\fR.
 .PP
 All these functions are implemented as macros. Those containing a \fB1\fR
@@ -171,7 +175,7 @@ after the operation.
 .SH "NOTES"
 .IX Header "NOTES"
 The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0
-structures when \fISSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be
+structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be
 affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value.
 .PP
 The verification store is used to verify the certificate chain sent by the
@@ -183,8 +187,8 @@ The chain store is used to build the certificate chain.
 .PP
 If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is
 configured already (for example using the functions such as
-\&\fISSL_CTX_add1_chain_cert\fR\|(3) or
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)) then
+\&\fBSSL_CTX_add1_chain_cert\fR\|(3) or
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then
 automatic chain building is disabled.
 .PP
 If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building
@@ -198,20 +202,20 @@ versions of OpenSSL.
 All these functions return 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
-\&\fISSL_CTX_set0_chain\fR\|(3)
-\&\fISSL_CTX_set1_chain\fR\|(3)
-\&\fISSL_CTX_add0_chain_cert\fR\|(3)
-\&\fISSL_CTX_add1_chain_cert\fR\|(3)
-\&\fISSL_set0_chain\fR\|(3)
-\&\fISSL_set1_chain\fR\|(3)
-\&\fISSL_add0_chain_cert\fR\|(3)
-\&\fISSL_add1_chain_cert\fR\|(3)
-\&\fISSL_CTX_build_cert_chain\fR\|(3)
-\&\fISSL_build_cert_chain\fR\|(3)
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fBSSL_CTX_set0_chain\fR\|(3)
+\&\fBSSL_CTX_set1_chain\fR\|(3)
+\&\fBSSL_CTX_add0_chain_cert\fR\|(3)
+\&\fBSSL_CTX_add1_chain_cert\fR\|(3)
+\&\fBSSL_set0_chain\fR\|(3)
+\&\fBSSL_set1_chain\fR\|(3)
+\&\fBSSL_add0_chain_cert\fR\|(3)
+\&\fBSSL_add1_chain_cert\fR\|(3)
+\&\fBSSL_CTX_build_cert_chain\fR\|(3)
+\&\fBSSL_build_cert_chain\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
index 31adb6da99be5..57fc3b9cc6220 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3"
-.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -179,12 +183,12 @@ SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CT
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR are used by the client to
+\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to
 set the list of protocols available to be negotiated. The \fBprotos\fR must be in
 protocol-list format, described below. The length of \fBprotos\fR is specified in
 \&\fBprotos_len\fR.
 .PP
-\&\fISSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a
+\&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a
 server to select which protocol to use for the incoming connection. When \fBcb\fR
 is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to
 the application callback.
@@ -194,9 +198,9 @@ vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector
 should be set to the value of a single protocol selected from the \fBin\fR,
 \&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a
 buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via
-\&\fISSL_CTX_set_alpn_select_cb()\fR.
+\&\fBSSL_CTX_set_alpn_select_cb()\fR.
 .PP
-\&\fISSL_select_next_proto()\fR is a helper function used to select protocols. It
+\&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It
 implements the standard protocol selection. It is expected that this function
 is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR,
 \&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format
@@ -207,7 +211,7 @@ in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver
 item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This
 function can also be used in the \s-1NPN\s0 callback.
 .PP
-\&\fISSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a
+\&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a
 client needs to select a protocol from the server's provided list, and a
 user-defined pointer argument \fBarg\fR which will be passed to this callback.
 For the callback itself, \fBout\fR
@@ -217,9 +221,9 @@ server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The
 callback can assume that \fBin\fR is syntactically valid. The client must
 select a protocol. It is fatal to the connection if this callback returns
 a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer
-set via \fISSL_CTX_set_next_proto_select_cb()\fR.
+set via \fBSSL_CTX_set_next_proto_select_cb()\fR.
 .PP
-\&\fISSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called
+\&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called
 when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol
 Negotiation. The returned list must be in protocol-list format, described
 below.  The list is
@@ -229,11 +233,11 @@ reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it
 wishes to advertise. Otherwise, no such extension will be included in the
 ServerHello.
 .PP
-\&\fISSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR
+\&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR
 with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR
 is set to 0 if no protocol has been selected. \fBdata\fR must not be freed.
 .PP
-\&\fISSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the
+\&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the
 client's requested protocol for this connection. If the client did not
 request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and
 \&\fBlen\fR to 0. Note that
@@ -265,10 +269,10 @@ If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback
 invoked.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR return 0 on success, and
+\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and
 non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention.
 .PP
-\&\fISSL_select_next_proto()\fR returns one of the following:
+\&\fBSSL_select_next_proto()\fR returns one of the following:
 .IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4
 .IX Item "OPENSSL_NPN_NEGOTIATED"
 A match was found and is returned in \fBout\fR, \fBoutlen\fR.
@@ -290,16 +294,16 @@ configuration.
 \&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for
 this connection.
 .PP
-The callback set using \fISSL_CTX_set_next_proto_select_cb()\fR should return
+The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return
 \&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection.
 .PP
-The callback set using \fISSL_CTX_set_next_protos_advertised_cb()\fR should return
+The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return
 \&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension
 will be included in the ServerHello.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3),
-\&\fISSL_CTX_set_tlsext_servername_arg\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3),
+\&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
index a820746e07e1e..f031b5370029f 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CERT_CB 3"
-.TH SSL_CTX_SET_CERT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CERT_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,31 +153,31 @@ SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR sets the \fIcert_cb()\fR callback,
+\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback,
 \&\fBarg\fR value is pointer which is passed to the application callback.
 .PP
-When \fIcert_cb()\fR is \s-1NULL,\s0 no callback function is used.
+When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used.
 .PP
-\&\fIcert_cb()\fR is the application defined callback. It is called before a
+\&\fBcert_cb()\fR is the application defined callback. It is called before a
 certificate will be used by a client or server. The callback can then inspect
 the passed \fBssl\fR structure and set or clear any appropriate certificates. If
 the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have
 been set. A zero is returned on error which will abort the handshake with a
 fatal internal error alert. A negative return value will suspend the handshake
 and the handshake function will return immediately.
-\&\fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to
+\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to
 indicate, that the handshake was suspended. The next call to the handshake
-function will again lead to the call of \fIcert_cb()\fR. It is the job of the
-\&\fIcert_cb()\fR to store information about the state of the last call,
+function will again lead to the call of \fBcert_cb()\fR. It is the job of the
+\&\fBcert_cb()\fR to store information about the state of the last call,
 if required to continue.
 .SH "NOTES"
 .IX Header "NOTES"
-An application will typically call \fISSL_use_certificate()\fR and
-\&\fISSL_use_PrivateKey()\fR to set the end entity certificate and private key.
+An application will typically call \fBSSL_use_certificate()\fR and
+\&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key.
 It can add intermediate and optionally the root \s-1CA\s0 certificates using
-\&\fISSL_add1_chain_cert()\fR.
+\&\fBSSL_add1_chain_cert()\fR.
 .PP
-It might also call \fISSL_certs_clear()\fR to delete any certificates associated
+It might also call \fBSSL_certs_clear()\fR to delete any certificates associated
 with the \fB\s-1SSL\s0\fR object.
 .PP
 The certificate callback functionality supersedes the (largely broken)
@@ -192,13 +196,13 @@ by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not
 support it will \fBnot\fR be used.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR do not return values.
+\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR do not return values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_use_certificate\fR\|(3),
-\&\fISSL_add1_chain_cert\fR\|(3),
-\&\fISSL_get_client_CA_list\fR\|(3),
-\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_use_certificate\fR\|(3),
+\&\fBSSL_add1_chain_cert\fR\|(3),
+\&\fBSSL_get_client_CA_list\fR\|(3),
+\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
index b4cd6315ebe28..39f816210b255 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CERT_STORE 3"
-.TH SSL_CTX_SET_CERT_STORE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CERT_STORE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,15 +151,15 @@ SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manip
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage
+\&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage
 of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently
-set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed.
+set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed.
 .PP
-\&\fISSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage
+\&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage
 of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented.
-If another X509_STORE object is currently set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed.
+If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed.
 .PP
-\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate
+\&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate
 verification storage.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -165,46 +169,46 @@ via lookup methods, handled inside the X509_STORE. From the X509_STORE
 the X509_STORE_CTX used when verifying certificates is created.
 .PP
 Typically the trusted certificate store is handled indirectly via using
-\&\fISSL_CTX_load_verify_locations\fR\|(3).
-Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions
+\&\fBSSL_CTX_load_verify_locations\fR\|(3).
+Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions
 it is possible to manipulate the X509_STORE object beyond the
-\&\fISSL_CTX_load_verify_locations\fR\|(3)
+\&\fBSSL_CTX_load_verify_locations\fR\|(3)
 call.
 .PP
 Currently no detailed documentation on how to use the X509_STORE
 object is available. Not all members of the X509_STORE are used when
-the verification takes place. So will e.g. the \fIverify_callback()\fR be
-overridden with the \fIverify_callback()\fR set via the
-\&\fISSL_CTX_set_verify\fR\|(3) family of functions.
+the verification takes place. So will e.g. the \fBverify_callback()\fR be
+overridden with the \fBverify_callback()\fR set via the
+\&\fBSSL_CTX_set_verify\fR\|(3) family of functions.
 This document must therefore be updated when documentation about the
 X509_STORE object and its handling becomes available.
 .PP
-\&\fISSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference
+\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference
 count, so it should not be used to assign an X509_STORE that is owned
 by another \s-1SSL_CTX.\s0
 .PP
-To share X509_STOREs between two SSL_CTXs, use \fISSL_CTX_get_cert_store()\fR
+To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR
 to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use
-\&\fISSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and
+\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and
 increment the reference count of the X509_STORE.
 .SH "RESTRICTIONS"
 .IX Header "RESTRICTIONS"
 The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer
 certificates and building certificate chains, it is also shared by
 every child \s-1SSL\s0 structure. Applications wanting finer control can use
-functions such as \fISSL_CTX_set1_verify_cert_store()\fR instead.
+functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output.
+\&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output.
 .PP
-\&\fISSL_CTX_set1_cert_store()\fR does not return diagnostic output.
+\&\fBSSL_CTX_set1_cert_store()\fR does not return diagnostic output.
 .PP
-\&\fISSL_CTX_get_cert_store()\fR returns the current setting.
+\&\fBSSL_CTX_get_cert_store()\fR returns the current setting.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_load_verify_locations\fR\|(3),
-\&\fISSL_CTX_set_verify\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3),
+\&\fBSSL_CTX_set_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
index 7ce851d7c8173..ddd1976b3521a 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3"
-.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,16 +151,16 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for
+\&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for
 \&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at
-the time when \fISSL_new\fR\|(3) is called.
+the time when \fBSSL_new\fR\|(3) is called.
 .SH "NOTES"
 .IX Header "NOTES"
 Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification
 function is called. If the application does not explicitly specify a
 verification callback function, the built-in verification function is used.
 If a verification callback \fIcallback\fR is specified via
-\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called
+\&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called
 instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored.
 .PP
 When the verification must be performed, \fIcallback\fR will be called with
@@ -172,15 +176,15 @@ returning 1) the verification result must be set in any case using the
 will be informed about the detailed result of the verification procedure!
 .PP
 Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR
-function set using \fISSL_CTX_set_verify\fR\|(3).
+function set using \fBSSL_CTX_set_verify\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_cert_verify_callback()\fR does not return a value.
+\&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value.
 .SH "WARNINGS"
 .IX Header "WARNINGS"
 Do not mix the verification callback described in this function with the
 \&\fBverify_callback\fR function called during the verification process. The
-latter is set using the \fISSL_CTX_set_verify\fR\|(3)
+latter is set using the \fBSSL_CTX_set_verify\fR\|(3)
 family of functions.
 .PP
 Providing a complete verification procedure including certificate purpose
@@ -189,12 +193,12 @@ and in most cases it should be sufficient to modify its behaviour using
 the \fBverify_callback\fR function.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information.
+\&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3),
-\&\fISSL_get_verify_result\fR\|(3),
-\&\fISSL_CTX_load_verify_locations\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3),
+\&\fBSSL_get_verify_result\fR\|(3),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
index 0ca9184fd1f55..e6b9289667c04 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CIPHER_LIST 3"
-.TH SSL_CTX_SET_CIPHER_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CIPHER_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,16 +153,16 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below)
+\&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below)
 for \fBctx\fR using the control string \fBstr\fR. The format of the string is described
-in \fIciphers\fR\|(1). The list of ciphers is inherited by all
+in \fBciphers\fR\|(1). The list of ciphers is inherited by all
 \&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3
-ciphersuites. Use \fISSL_CTX_set_ciphersuites()\fR to configure those.
+ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those.
 .PP
-\&\fISSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for
+\&\fBSSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for
 \&\fBssl\fR.
 .PP
-\&\fISSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3
+\&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3
 ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3
 ciphersuite names in order of perference. Valid TLSv1.3 ciphersuite names are:
 .IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4
@@ -178,12 +182,12 @@ An empty list is permissible. The default value for the this setting is:
 .PP
 \&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0
 .PP
-\&\fISSL_set_ciphersuites()\fR is the same as \fISSL_CTX_set_ciphersuites()\fR except it
+\&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it
 configures the ciphersuites for \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The control string \fBstr\fR for \fISSL_CTX_set_cipher_list()\fR and
-\&\fISSL_set_cipher_list()\fR should be universally usable and not depend
+The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and
+\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend
 on details of the library configuration (ciphers compiled in). Thus no
 syntax checking takes place. Items that are not recognized, because the
 corresponding ciphers are not compiled in or because they are mistyped,
@@ -199,11 +203,11 @@ All other ciphers need a corresponding certificate and key.
 .PP
 A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available.
 \&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters
-(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
+(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)).
 .PP
 A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available.
 \&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters
-(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
+(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)).
 .PP
 When these conditions are not met for any cipher in the list (e.g. a
 client only supports export \s-1RSA\s0 ciphers with an asymmetric key length
@@ -212,17 +216,17 @@ keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is g
 and the handshake will fail.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher
+\&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher
 could be selected and 0 on complete failure.
 .PP
-\&\fISSL_CTX_set_ciphersuites()\fR and \fISSL_set_ciphersuites()\fR return 1 if the requested
+\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR return 1 if the requested
 ciphersuite list was configured, and 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_ciphers\fR\|(3),
-\&\fISSL_CTX_use_certificate\fR\|(3),
-\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
-\&\fIciphers\fR\|(1)
+\&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3),
+\&\fBSSL_CTX_use_certificate\fR\|(3),
+\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3),
+\&\fBciphers\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
index e17a64c5e6f06..6e04b2032b303 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3"
-.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,25 +154,25 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certific
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fIclient_cert_cb()\fR callback, that is
+\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is
 called when a client certificate is requested by a server and no certificate
 was yet set for the \s-1SSL\s0 object.
 .PP
-When \fIclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used.
+When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used.
 .PP
-\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback
+\&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback
 function.
 .PP
-\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to
+\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to
 set a certificate, a certificate/private key combination must be set
 using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The
 certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections.
 If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate
 will be sent. A negative return value will suspend the handshake and the
-handshake function will return immediately. \fISSL_get_error\fR\|(3)
+handshake function will return immediately. \fBSSL_get_error\fR\|(3)
 will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was
 suspended. The next call to the handshake function will again lead to the call
-of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information
+of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information
 about the state of the last call, if required to continue.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -177,7 +181,7 @@ from the client. A client certificate must only be sent, when the server
 did send the request.
 .PP
 When a certificate was set using the
-\&\fISSL_CTX_use_certificate\fR\|(3) family of functions,
+\&\fBSSL_CTX_use_certificate\fR\|(3) family of functions,
 it will be sent to the server. The \s-1TLS\s0 standard requires that only a
 certificate is sent, if it matches the list of acceptable CAs sent by the
 server. This constraint is violated by the default behavior of the OpenSSL
@@ -189,18 +193,18 @@ If a callback function is defined and no certificate was yet defined for the
 \&\s-1SSL\s0 object, the callback function will be called.
 If the callback function returns a certificate, the OpenSSL library
 will try to load the private key and certificate data into the \s-1SSL\s0
-object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions.
+object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions.
 Thus it will permanently install the certificate and key for this \s-1SSL\s0
-object. It will not be reset by calling \fISSL_clear\fR\|(3).
+object. It will not be reset by calling \fBSSL_clear\fR\|(3).
 If the callback returns no certificate, the OpenSSL library will not send
 a certificate.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_get_client_cert_cb()\fR returns function pointer of \fIclient_cert_cb()\fR or
+\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or
 \&\s-1NULL\s0 if the callback is not set.
 .SH "BUGS"
 .IX Header "BUGS"
-The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can
+The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can
 only return one client certificate. If the chain only has a length of 2,
 the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and
 thus a standard conforming answer can be sent to the server. For a
@@ -210,7 +214,7 @@ either adding the intermediate \s-1CA\s0 certificates into the trusted
 certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add
 \&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding
 the chain certificates using the
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)
 function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that
 therefore probably can only apply for one client certificate, making
 the concept of the callback function (to allow the choice from several
@@ -218,15 +222,15 @@ certificates) questionable.
 .PP
 Once the \s-1SSL\s0 object has been used in conjunction with the callback function,
 the certificate will be set for the \s-1SSL\s0 object and will not be cleared
-even when \fISSL_clear\fR\|(3) is being called. It is therefore
-mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3)
+even when \fBSSL_clear\fR\|(3) is being called. It is therefore
+mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3)
 and create a new one to return to the previous state.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_use_certificate\fR\|(3),
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3),
-\&\fISSL_get_client_CA_list\fR\|(3),
-\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_use_certificate\fR\|(3),
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3),
+\&\fBSSL_get_client_CA_list\fR\|(3),
+\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
index 7afa7f2c18c26..e1a2d0f6edc4a 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3"
-.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,46 +160,46 @@ SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically
+\&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically
 called during the early stages of ClientHello processing on the server.
 The argument supplied when setting the callback is passed back to the
 callback at runtime.  A callback that returns failure (0) will cause the
 connection to terminate, and callbacks returning failure should indicate
 what alert value is to be sent in the \fBal\fR parameter.  A callback may
 also return a negative value to suspend the handshake, and the handshake
-function will return immediately.  \fISSL_get_error\fR\|(3) will return
+function will return immediately.  \fBSSL_get_error\fR\|(3) will return
 \&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended.
 It is the job of the ClientHello callback to store information about the state
 of the last call if needed to continue.  On the next call into the handshake
 function, the ClientHello callback will be called again, and, if it returns
 success, normal handshake processing will continue from that point.
 .PP
-\&\fISSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a
+\&\fBSSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a
 SSLv2 record and is in the SSLv2 format.  The SSLv2 format has substantial
 differences from the normal SSLv3 format, including using three bytes per
 cipher suite, and not allowing extensions.  Additionally, the SSLv2 format
-\&'challenge' field is exposed via \fISSL_client_hello_get0_random()\fR, padded to
+\&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to
 \&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed.  For SSLv2 format ClientHellos,
-\&\fISSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes
+\&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes
 the null compression method, since the SSLv2 format does not include a
 mechanism by which to negotiate compression.
 .PP
-\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR,
-\&\fISSL_client_hello_get0_ciphers()\fR, and
-\&\fISSL_client_hello_get0_compression_methods()\fR provide access to the corresponding
+\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR,
+\&\fBSSL_client_hello_get0_ciphers()\fR, and
+\&\fBSSL_client_hello_get0_compression_methods()\fR provide access to the corresponding
 ClientHello fields, returning the field length and optionally setting an out
 pointer to the octets of that field.
 .PP
-Similarly, \fISSL_client_hello_get0_ext()\fR provides access to individual extensions
+Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions
 from the ClientHello on a per-extension basis.  For the provided wire
 protocol extension type value, the extension value and length are returned
 in the output parameters (if present).
 .PP
-\&\fISSL_client_hello_get1_extensions_present()\fR can be used prior to
-\&\fISSL_client_hello_get0_ext()\fR, to determine which extensions are present in the
+\&\fBSSL_client_hello_get1_extensions_present()\fR can be used prior to
+\&\fBSSL_client_hello_get0_ext()\fR, to determine which extensions are present in the
 ClientHello before querying for them.  The \fBout\fR and \fBoutlen\fR parameters are
 both required, and on success the caller must release the storage allocated for
-\&\fB*out\fR using \fIOPENSSL_free()\fR.  The contents of \fB*out\fR is an array of integers
+\&\fB*out\fR using \fBOPENSSL_free()\fR.  The contents of \fB*out\fR is an array of integers
 holding the numerical value of the \s-1TLS\s0 extension types in the order they appear
 in the ClientHello.  \fB*outlen\fR contains the number of elements in the array.
 .SH "NOTES"
@@ -223,28 +227,28 @@ The application's supplied ClientHello callback returns
 \&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and
 \&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing.
 .PP
-\&\fISSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise.
+\&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise.
 .PP
-\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR,
-\&\fISSL_client_hello_get0_ciphers()\fR, and
-\&\fISSL_client_hello_get0_compression_methods()\fR return the length of the
+\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR,
+\&\fBSSL_client_hello_get0_ciphers()\fR, and
+\&\fBSSL_client_hello_get0_compression_methods()\fR return the length of the
 corresponding ClientHello fields.  If zero is returned, the output pointer
 should not be assumed to be valid.
 .PP
-\&\fISSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and
+\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and
 0 otherwise.
 .PP
-\&\fISSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure.
+\&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3),
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3),
 SSL_bytes_to_cipher_list
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \s-1SSL\s0 ClientHello callback, \fISSL_client_hello_isv2()\fR,
-\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR,
-\&\fISSL_client_hello_get0_ciphers()\fR, \fISSL_client_hello_get0_compression_methods()\fR,
-\&\fISSL_client_hello_get0_ext()\fR, and \fISSL_client_hello_get1_extensions_present()\fR
+The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR,
+\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR,
+\&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR,
+\&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR
 were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
index 84d916e9a7675..59be2ec7190c3 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3"
-.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -158,7 +162,7 @@ ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_enable_ct()\fR and \fISSL_CTX_enable_ct()\fR enable the processing of signed
+\&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed
 certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all
 connections that share the given \s-1SSL\s0 context, respectively.
 This is accomplished by setting a built-in \s-1CT\s0 validation callback.
@@ -174,10 +178,10 @@ despite lack of valid SCTs.
 However, in that case if the verification status before the built-in callback
 was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the
 callback.
-Applications can call \fISSL_get_verify_result\fR\|(3) to check the status at
+Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at
 handshake completion, even after session resumption since the verification
 status is part of the saved session state.
-See \fISSL_set_verify\fR\|(3), <\fISSL_get_verify_result\fR\|(3)>, \fISSL_session_reused\fR\|(3).
+See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3).
 .PP
 If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the
 handshake continues, and the verification status is not modified, regardless of
@@ -190,7 +194,7 @@ Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after
 handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the
 session is not resumed.
 .PP
-\&\fISSL_set_ct_validation_callback()\fR and \fISSL_CTX_set_ct_validation_callback()\fR
+\&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR
 register a custom callback that may implement a different policy than either of
 the above.
 This callback can examine the peer's SCTs and determine whether they are
@@ -211,25 +215,25 @@ employing an anonymous (aNULL) cipher suite.
 In that case the handshake continues as it would had no callback been
 requested.
 Callbacks are also not invoked when the peer certificate chain is invalid or
-validated via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509
+validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509
 \&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively.
 Clients that require SCTs are expected to not have enabled any aNULL ciphers
-nor to have specified server verification via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
+nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
 records.
 .PP
-\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether
+\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether
 enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback.
 These may be implemented as macros.
 .PP
-\&\fISSL_ct_is_enabled()\fR and \fISSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is
-enabled via either \fISSL_enable_ct()\fR or a non-null custom callback, and 0
+\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is
+enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0
 otherwise.
 .SH "NOTES"
 .IX Header "NOTES"
 When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because
 one possible source of SCTs is the \s-1OCSP\s0 response from a server.
 .PP
-The time returned by \fISSL_SESSION_get_time()\fR will be used to evaluate whether any
+The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any
 presented SCTs have timestamps that are in the future (and therefore invalid).
 .SH "RESTRICTIONS"
 .IX Header "RESTRICTIONS"
@@ -238,25 +242,25 @@ be set if a custom client extension handler has been registered to handle \s-1SC
 extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_enable_ct()\fR, \fISSL_CTX_enable_ct()\fR, \fISSL_CTX_set_ct_validation_callback()\fR and
-\&\fISSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully
+\&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and
+\&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully
 set.
 They return 0 if an error occurs, e.g. a custom client extension handler has
 been setup to handle SCTs.
 .PP
-\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR do not return a result.
+\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result.
 .PP
-\&\fISSL_CTX_ct_is_enabled()\fR and \fISSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0
+\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0
 validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0
 callback) is set.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-<\fISSL_get_verify_result\fR\|(3)>,
-\&\fISSL_session_reused\fR\|(3),
-\&\fISSL_set_verify\fR\|(3),
-\&\fISSL_CTX_set_verify\fR\|(3),
-\&\fISSL_SESSION_get_time\fR\|(3)
+\&\fBssl\fR\|(7),
+<\fBSSL_get_verify_result\fR\|(3)>,
+\&\fBSSL_session_reused\fR\|(3),
+\&\fBSSL_set_verify\fR\|(3),
+\&\fBSSL_CTX_set_verify\fR\|(3),
+\&\fBSSL_SESSION_get_time\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
index 668dfba07c10d..f8a5daa487f02 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3"
-.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,12 +150,12 @@ SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certi
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency
+\&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency
 (\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the
 directory where OpenSSL is installed.
 .PP
-\&\fISSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path.
-See \fICTLOG_STORE_new\fR\|(3) for the file format.
+\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path.
+See \fBCTLOG_STORE_new\fR\|(3) for the file format.
 .SH "NOTES"
 .IX Header "NOTES"
 These functions will not clear the existing \s-1CT\s0 log list \- it will be appended
@@ -161,17 +165,17 @@ If an error occurs whilst parsing a particular log entry in the file, that log
 entry will be skipped.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_default_ctlog_list_file()\fR and \fISSL_CTX_set_ctlog_list_file()\fR
+\&\fBSSL_CTX_set_default_ctlog_list_file()\fR and \fBSSL_CTX_set_ctlog_list_file()\fR
 return 1 if the log list is successfully loaded, and 0 if an error occurs. In
 the case of an error, the log list may have been partially loaded.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_ct_validation_callback\fR\|(3),
-\&\fICTLOG_STORE_new\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3),
+\&\fBCTLOG_STORE_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
index d305fc2692394..0f5d335ae8abe 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3"
-.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,22 +157,22 @@ SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_g
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called
+\&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called
 when loading/storing a \s-1PEM\s0 certificate with encryption.
 .PP
-\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR,
+\&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR,
 which will be provided to the password callback on invocation.
 .PP
-\&\fISSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password
+\&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password
 callback currently set in \fBctx\fR. If no callback was explicitly set, the
 \&\s-1NULL\s0 pointer is returned.
 .PP
-\&\fISSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata
+\&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata
 currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer
 is returned.
 .PP
-\&\fISSL_set_default_passwd_cb()\fR, \fISSL_set_default_passwd_cb_userdata()\fR,
-\&\fISSL_get_default_passwd_cb()\fR and \fISSL_get_default_passwd_cb_userdata()\fR perform
+\&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR,
+\&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform
 the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object.
 .PP
 The password callback, which must be provided by the application, hands back the
@@ -179,7 +183,7 @@ is provided. The function must store the password into the provided buffer
 be returned to the calling function. \fBrwflag\fR indicates whether the
 callback is used for reading/decryption (rwflag=0) or writing/encryption
 (rwflag=1).
-For more details, see \fIpem_password_cb\fR\|(3).
+For more details, see \fBpem_password_cb\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 When loading or storing private keys, a password might be supplied to
@@ -219,13 +223,13 @@ truncated.
 .Ve
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_CTX_get_default_passwd_cb()\fR, \fISSL_CTX_get_default_passwd_cb_userdata()\fR,
-\&\fISSL_set_default_passwd_cb()\fR and \fISSL_set_default_passwd_cb_userdata()\fR were
-first added to OpenSSL 1.1.0
+\&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR,
+\&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were
+added in OpenSSL 1.1.0.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_use_certificate\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_use_certificate\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
index bf336888eaf68..dcb97a30708d2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_EX_DATA 3"
-.TH SSL_CTX_SET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_EX_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,23 +155,23 @@ SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\-
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-SSL*\fI_set_ex_data()\fR functions can be used to store arbitrary user data into the
+SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the
 \&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index
-which they can subsequently use to retrieve the data using SSL*\fI_get_ex_data()\fR.
+which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR.
 .PP
-For more detailed information see \fICRYPTO_get_ex_data\fR\|(3) and
-\&\fICRYPTO_set_ex_data\fR\|(3) which implement these functions and
-\&\fICRYPTO_get_ex_new_index\fR\|(3) for generating a unique index.
+For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and
+\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and
+\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The SSL*\fI_set_ex_data()\fR functions return 1 if the item is successfully stored
+The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored
 and 0 if it is not.
-The SSL*\fI_get_ex_data()\fR functions return the ex_data pointer if successful,
+The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful,
 otherwise \s-1NULL.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fICRYPTO_get_ex_data\fR\|(3), \fICRYPTO_set_ex_data\fR\|(3),
-\&\fICRYPTO_get_ex_new_index\fR\|(3)
+\&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3),
+\&\fBCRYPTO_get_ex_new_index\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
index 2d015ae123853..6abe0346164e2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3"
-.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,13 +155,13 @@ SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_s
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating
+\&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating
 new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR.
 .PP
-\&\fISSL_set_generate_session_id()\fR sets the callback function for generating
+\&\fBSSL_set_generate_session_id()\fR sets the callback function for generating
 new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR.
 .PP
-\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR
+\&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR
 (of length \fBid_len\fR) is already contained in the internal session cache
 of the parent context of \fBssl\fR.
 .SH "NOTES"
@@ -190,7 +194,7 @@ Since the sessions must be distinguished, session ids must be unique.
 Without the callback a random number is used, so that the probability
 of generating the same session id is extremely small (2^256 for SSLv3/TLSv1).
 In order to assure the uniqueness of the generated session id, the callback must call
-\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs.
+\&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs.
 If an id conflict is not resolved, the handshake will fail.
 If the application codes e.g. a unique host id, a unique process number, and
 a unique sequence number into the session id, uniqueness could easily be
@@ -200,13 +204,13 @@ guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and
 fill in the bytes not used to code special information with random data
 to avoid collisions.
 .PP
-\&\fISSL_has_matching_session_id()\fR will only query the internal session cache,
+\&\fBSSL_has_matching_session_id()\fR will only query the internal session cache,
 not the external one. Since the session id is generated before the
 handshake is completed, it is not immediately added to the cache. If
 another thread is using the same internal session cache, a race condition
 can occur in that another thread generates the same session id.
 Collisions can also occur when using an external session cache, since
-the external cache is not tested with \fISSL_has_matching_session_id()\fR
+the external cache is not tested with \fBSSL_has_matching_session_id()\fR
 and the same race condition applies.
 .PP
 The callback must return 0 if it cannot generate a session id for whatever
@@ -245,14 +249,14 @@ server id given, and will fill the rest with pseudo random bytes:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR
+\&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR
 always return 1.
 .PP
-\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the
+\&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the
 same id is already in the cache.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_version\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
index 459d4603df737..bf37b719ed114 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_INFO_CALLBACK 3"
-.TH SSL_CTX_SET_INFO_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_INFO_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,21 +153,21 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
+\&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
 obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection
 setup and use. The setting for \fBctx\fR is overridden from the setting for
 a specific \s-1SSL\s0 object, if specified.
 When \fBcallback\fR is \s-1NULL,\s0 no callback function is used.
 .PP
-\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
+\&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
 obtain state information for \fBssl\fR during connection setup and use.
 When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for
 \&\fBctx\fR is used.
 .PP
-\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information
+\&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information
 callback function for \fBctx\fR.
 .PP
-\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information
+\&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information
 callback function for \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -214,27 +218,23 @@ Callback has been called due to an alert being sent or received.
 .IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4
 .IX Item "SSL_CB_HANDSHAKE_START"
 .PD
-Callback has been called because a new handshake is started. In TLSv1.3 this is
-also used for the start of post-handshake message exchanges such as for the
-exchange of session tickets, or for key updates. It also occurs when resuming a
-handshake following a pause to handle early data.
-.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0           0x20" 4
-.IX Item "SSL_CB_HANDSHAKE_DONE 0x20"
-Callback has been called because a handshake is finished. In TLSv1.3 this is
-also used at the end of an exchange of post-handshake messages such as for
-session tickets or key updates. It also occurs if the handshake is paused to
-allow the exchange of early data.
+Callback has been called because a new handshake is started. It also occurs when
+resuming a handshake following a pause to handle early data.
+.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4
+.IX Item "SSL_CB_HANDSHAKE_DONE"
+Callback has been called because a handshake is finished.  It also occurs if the
+handshake is paused to allow the exchange of early data.
 .PP
 The current state information can be obtained using the
-\&\fISSL_state_string\fR\|(3) family of functions.
+\&\fBSSL_state_string\fR\|(3) family of functions.
 .PP
 The \fBret\fR information can be evaluated using the
-\&\fISSL_alert_type_string\fR\|(3) family of functions.
+\&\fBSSL_alert_type_string\fR\|(3) family of functions.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_set_info_callback()\fR does not provide diagnostic information.
+\&\fBSSL_set_info_callback()\fR does not provide diagnostic information.
 .PP
-\&\fISSL_get_info_callback()\fR returns the current setting.
+\&\fBSSL_get_info_callback()\fR returns the current setting.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 The following example callback function prints state strings, information
@@ -273,11 +273,11 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_state_string\fR\|(3),
-\&\fISSL_alert_type_string\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3),
+\&\fBSSL_alert_type_string\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
index 5240fc42b9fdb..f62bf78860dd8 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3"
-.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,11 +152,11 @@ SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback
+\&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback
 is called whenever \s-1TLS\s0 key material is generated or received, in order to allow
 applications to store this keying material for debugging purposes.
 .PP
-\&\fISSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging
+\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging
 callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no
 key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as
 the value of cb, no logging of key material will be done.
@@ -164,11 +168,11 @@ file, the key logging callback should log \fBline\fR, followed by a newline.
 \&\fBline\fR will always be a NULL-terminated string.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or
+\&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or
 \&\s-1NULL\s0 if the callback is not set.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
index 725d719172a8b..799d66fee8e91 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_MAX_CERT_LIST 3"
-.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,18 +153,18 @@ SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's
+\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's
 certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes.
 The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time
-\&\fISSL_new\fR\|(3) is being called.
+\&\fBSSL_new\fR\|(3) is being called.
 .PP
-\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR.
+\&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR.
 .PP
-\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's
+\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's
 certificate chain for \fBssl\fR to be <size> bytes. This setting stays valid
 until a new value is set.
 .PP
-\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR.
+\&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 During the handshake process, the peer may send a certificate chain.
@@ -173,7 +177,7 @@ chain is set.
 The default value for the maximum certificate chain size is 100kB (30kB
 on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate
 chains (OpenSSL's default maximum chain length is 10, see
-\&\fISSL_CTX_set_verify\fR\|(3), and certificates
+\&\fBSSL_CTX_set_verify\fR\|(3), and certificates
 without special extensions have a typical size of 1\-2kB).
 .PP
 For special applications it can be necessary to extend the maximum certificate
@@ -190,15 +194,15 @@ If the maximum certificate chain size allowed is exceeded, the handshake will
 fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously
+\&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously
 set value.
 .PP
-\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently
+\&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently
 set value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3),
-\&\fISSL_CTX_set_verify\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3),
+\&\fBSSL_CTX_set_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
index 1685d23072518..97170bf5c8f77 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3"
-.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,7 +160,7 @@ SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_pr
 The functions get or set the minimum and maximum supported protocol versions
 for the \fBctx\fR or \fBssl\fR.
 This works in combination with the options set via
-\&\fISSL_CTX_set_options\fR\|(3) that also make it possible to disable
+\&\fBSSL_CTX_set_options\fR\|(3) that also make it possible to disable
 specific protocol versions.
 Use these functions instead of disabling specific protocol versions.
 .PP
@@ -184,7 +188,7 @@ The setter functions were added in OpenSSL 1.1.0. The getter functions
 were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CONF_cmd\fR\|(3)
+\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
index 72263e57e0a66..b1be601175686 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_MODE 3"
-.TH SSL_CTX_SET_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_MODE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,17 +155,17 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR.
+\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR.
 Options already set before are not cleared.
-\&\fISSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR.
+\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR.
 .PP
-\&\fISSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR.
+\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR.
 Options already set before are not cleared.
-\&\fISSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR.
+\&\fBSSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR.
 .PP
-\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR.
+\&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR.
 .PP
-\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR.
+\&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The following mode changes are available:
@@ -169,23 +173,23 @@ The following mode changes are available:
 .IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE"
 Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success
 when just a single record has been written). This works in a similar way for
-\&\fISSL_write()\fR. When not set (the default), \fISSL_write_ex()\fR or \fISSL_write()\fR will only
-report success once the complete chunk was written. Once \fISSL_write_ex()\fR or
-\&\fISSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call
-to \fISSL_write_ex()\fR or \fISSL_write()\fR must only send the n\-r bytes left, imitating
-the behaviour of \fIwrite()\fR.
+\&\fBSSL_write()\fR. When not set (the default), \fBSSL_write_ex()\fR or \fBSSL_write()\fR will only
+report success once the complete chunk was written. Once \fBSSL_write_ex()\fR or
+\&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call
+to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating
+the behaviour of \fBwrite()\fR.
 .IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4
 .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER"
-Make it possible to retry \fISSL_write_ex()\fR or \fISSL_write()\fR with changed buffer
+Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer
 location (the buffer contents must stay the same). This is not the default to
-avoid the misconception that non-blocking \fISSL_write()\fR behaves like
-non-blocking \fIwrite()\fR.
+avoid the misconception that non-blocking \fBSSL_write()\fR behaves like
+non-blocking \fBwrite()\fR.
 .IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4
 .IX Item "SSL_MODE_AUTO_RETRY"
 During normal operations, non-application data records might need to be sent or
 received that the application is not aware of.
 If a non-application data record was processed,
-\&\fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) can return with a failure and indicate the
+\&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the
 need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR.
 If such a non-application data record was processed, the flag
 \&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of
@@ -204,8 +208,8 @@ to only return after successfully processing an application data record or a
 failure.
 .Sp
 Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case
-they are used in combination with something like \fIselect()\fR or \fIpoll()\fR.
-Otherwise the call to \fISSL_read()\fR or \fISSL_read_ex()\fR might hang when a
+they are used in combination with something like \fBselect()\fR or \fBpoll()\fR.
+Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a
 non-application record was sent and no application data was sent.
 .IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4
 .IX Item "SSL_MODE_RELEASE_BUFFERS"
@@ -227,26 +231,34 @@ in draft\-ietf\-tls\-downgrade\-scsv\-00.
 .IX Item "SSL_MODE_ASYNC"
 Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with
 \&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is
-used to perform cryptographic operations. See \fISSL_get_error\fR\|(3).
+used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3).
+.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4
+.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG"
+Older versions of OpenSSL had a bug in the computation of the label length
+used for computing the endpoint-pair shared secret. The bug was that the
+terminating zero was included in the length of the label. Setting this option
+enables this behaviour to allow interoperability with such broken
+implementations. Please note that setting this option breaks interoperability
+with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0
 .PP
 All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by
 default since 1.1.1.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask
+\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask
 after adding \fBmode\fR.
 .PP
-\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask.
+\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or
-\&\fISSL_write\fR\|(3), \fISSL_get_error\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or
+\&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\s-1SSL_MODE_ASYNC\s0 was first added to OpenSSL 1.1.0.
+\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
index 30f526327b503..7390cfb6ae4a6 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_MSG_CALLBACK 3"
-.TH SSL_CTX_SET_MSG_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_MSG_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,18 +159,18 @@ SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SS
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to
+\&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to
 define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0
 protocol messages (such as handshake messages) that are received or
 sent, as well as other events that occur during processing.
-\&\fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR
+\&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR
 can be used to set argument \fIarg\fR to the callback function, which is
 available for arbitrary application use.
 .PP
-\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify
+\&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify
 default settings that will be copied to new \fB\s-1SSL\s0\fR objects by
-\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and
-\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR
+\&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and
+\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR
 object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback.
 .PP
 When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the
@@ -199,7 +203,7 @@ The \fB\s-1SSL\s0\fR object that received or sent the message.
 .IP "\fIarg\fR" 4
 .IX Item "arg"
 The user-defined argument optionally defined by
-\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR.
+\&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Protocol messages are passed to the callback function after decryption
@@ -230,15 +234,14 @@ records the content type in the record header is always
 an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, \fISSL_set_msg_callback()\fR
-and \fISSL_set_msg_callback_arg()\fR do not return values.
+\&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR
+and \fBSSL_set_msg_callback_arg()\fR do not return values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL
-1.1.1.
+The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 b/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
index 27ae20e524990..005baf0e20496 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_NUM_TICKETS 3"
-.TH SSL_CTX_SET_NUM_TICKETS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_NUM_TICKETS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,36 +152,36 @@ SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_n
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR can be called for a server
-application and set the number of session tickets that will be sent to the
-client after a full handshake. Set the desired value (which could be 0) in the
-\&\fBnum_tickets\fR argument. Typically these functions should be called before the
-start of the handshake.
+\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server
+application and set the number of TLSv1.3 session tickets that will be sent to
+the client after a full handshake. Set the desired value (which could be 0) in
+the \fBnum_tickets\fR argument. Typically these functions should be called before
+the start of the handshake.
 .PP
 The default number of tickets is 2; the default number of tickets sent following
 a resumption handshake is 1 but this cannot be changed using these functions.
 The number of tickets following a resumption handshake can be reduced to 0 using
-custom session ticket callbacks (see \fISSL_CTX_set_session_ticket_cb\fR\|(3)).
+custom session ticket callbacks (see \fBSSL_CTX_set_session_ticket_cb\fR\|(3)).
 .PP
 Tickets are also issued on receipt of a post-handshake certificate from the
 client following a request by the server using
-\&\fISSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated
+\&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated
 with the updated client identity (i.e. including their certificate and
 verification status). The number of tickets issued will normally be the same as
 was used for the initial handshake. If the initial handshake was a full
-handshake then \fISSL_set_num_tickets()\fR can be called again prior to calling
-\&\fISSL_verify_client_post_handshake()\fR to update the number of tickets that will be
+handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling
+\&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be
 sent.
 .PP
-\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of
-tickets set by a previous call to \fISSL_CTX_set_num_tickets()\fR or
-\&\fISSL_set_num_tickets()\fR, or 2 if no such call has been made.
+\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of
+tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or
+\&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR return 1 on success or 0 on
+\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on
 failure.
 .PP
-\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of tickets
+\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets
 that have been previously set.
 .SH "HISTORY"
 .IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/SSL_CTX_set_options.3
index 6ec99200e9c3d..b599d30b36a9c 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_options.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_OPTIONS 3"
-.TH SSL_CTX_SET_OPTIONS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_OPTIONS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,22 +158,22 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR.
+\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR.
 Options already set before are not cleared!
 .PP
-\&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR.
+\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR.
 Options already set before are not cleared!
 .PP
-\&\fISSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR
+\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR
 to \fBctx\fR.
 .PP
-\&\fISSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR.
+\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR.
 .PP
-\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR.
+\&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR.
 .PP
-\&\fISSL_get_options()\fR returns the options set for \fBssl\fR.
+\&\fBSSL_get_options()\fR returns the options set for \fBssl\fR.
 .PP
-\&\fISSL_get_secure_renegotiation_support()\fR indicates whether the peer supports
+\&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports
 secure renegotiation.
 Note, this is implemented via a macro.
 .SH "NOTES"
@@ -178,15 +182,15 @@ The behaviour of the \s-1SSL\s0 library can be changed by setting several option
 The options are coded as bitmasks and can be combined by a bitwise \fBor\fR
 operation (|).
 .PP
-\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external)
+\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external)
 protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of
 the \s-1API\s0 can be changed by using the similar
-\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions.
+\&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions.
 .PP
 During a handshake, the option settings of the \s-1SSL\s0 object are used. When
-a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current
+a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current
 option setting is copied. Changes to \fBctx\fR do not affect already created
-\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings.
+\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings.
 .PP
 The following \fBbug workaround\fR options are available:
 .IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4
@@ -237,8 +241,8 @@ These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol
 versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0
 respectively.
 As of OpenSSL 1.1.0, these options are deprecated, use
-\&\fISSL_CTX_set_min_proto_version\fR\|(3) and
-\&\fISSL_CTX_set_max_proto_version\fR\|(3) instead.
+\&\fBSSL_CTX_set_min_proto_version\fR\|(3) and
+\&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead.
 .IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4
 .IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION"
 When performing renegotiation as a server, always start a new session
@@ -287,8 +291,8 @@ ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be
 sent. This is a server-side option only.
 .Sp
 In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from
-being sent by calling \fISSL_CTX_set_num_tickets\fR\|(3) or
-\&\fISSL_set_num_tickets\fR\|(3).
+being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or
+\&\fBSSL_set_num_tickets\fR\|(3).
 .IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4
 .IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION"
 Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
@@ -328,11 +332,11 @@ has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that
 do not understand TLSv1.3 will not drop the connection. Regardless of whether
 this option is set or not \s-1CCS\s0 messages received from the peer will always be
 ignored in TLSv1.3. This option is set by default. To switch it off use
-\&\fISSL_clear_options()\fR. A future version of OpenSSL may not set this by default.
+\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default.
 .IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4
 .IX Item "SSL_OP_NO_ANTI_REPLAY"
 By default, when a server is configured for early data (i.e., max_early_data > 0),
-OpenSSL will switch on replay protection. See \fISSL_read_early_data\fR\|(3) for a
+OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a
 description of the replay protection feature. Anti-replay measures are required
 to comply with the TLSv1.3 specification. Some applications may be able to
 mitigate the replay risks in other ways and in such cases the built in OpenSSL
@@ -423,8 +427,8 @@ servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR
 .PP
 OpenSSL client applications that want to ensure they can \fBnot\fR connect to
 unpatched servers (and thus avoid any security issues) should always \fBclear\fR
-\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fISSL_CTX_clear_options()\fR or
-\&\fISSL_clear_options()\fR.
+\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or
+\&\fBSSL_clear_options()\fR.
 .PP
 The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and
 \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that
@@ -434,29 +438,29 @@ renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while
 and renegotiation between OpenSSL and unpatched clients or servers.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask
+\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask
 after adding \fBoptions\fR.
 .PP
-\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR return the new options bitmask
+\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask
 after clearing \fBoptions\fR.
 .PP
-\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask.
+\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask.
 .PP
-\&\fISSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports
+\&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports
 secure renegotiation and 0 if it does not.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3),
-\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
-\&\fISSL_CTX_set_min_proto_version\fR\|(3),
-\&\fIdhparam\fR\|(1)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3),
+\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3),
+\&\fBSSL_CTX_set_min_proto_version\fR\|(3),
+\&\fBdhparam\fR\|(1)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The attempt to always try to use secure renegotiation was added in
-Openssl 0.9.8m.
+OpenSSL 0.9.8m.
 .PP
-\&\fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR were added in
-OpenSSL 1.1.1.
+The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options
+were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
index 94d8b538b645c..d2d74297701cd 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3"
-.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,7 +169,7 @@ SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_call
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 A client application wishing to use TLSv1.3 PSKs should use either
-\&\fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR as
+\&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as
 appropriate. These functions cannot be used for TLSv1.2 and below PSKs.
 .PP
 The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR.
@@ -187,23 +191,23 @@ Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object
 the following fields set:
 .IP "The master key" 4
 .IX Item "The master key"
-This can be set via a call to \fISSL_SESSION_set1_master_key\fR\|(3).
+This can be set via a call to \fBSSL_SESSION_set1_master_key\fR\|(3).
 .IP "A ciphersuite" 4
 .IX Item "A ciphersuite"
 Only the handshake digest associated with the ciphersuite is relevant for the
 \&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with
 the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is
 not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same.
-The ciphersuite can be set via a call to <\fISSL_SESSION_set_cipher\fR\|(3)>. The
+The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The
 handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using
-<\fISSL_CIPHER_get_handshake_digest\fR\|(3)>.
+<\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>.
 .IP "The protocol version" 4
 .IX Item "The protocol version"
-This can be set via a call to \fISSL_SESSION_set_protocol_version\fR\|(3) and should
+This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should
 be \s-1TLS1_3_VERSION.\s0
 .PP
 Additionally the maximum early data value should be set via a call to
-\&\fISSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early
+\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early
 data.
 .PP
 Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also
@@ -224,8 +228,8 @@ client is sending the ClientKeyExchange message to the server.
 The purpose of the callback function is to select the \s-1PSK\s0 identity and
 the pre-shared key to use during the connection setup phase.
 .PP
-The callback is set using functions \fISSL_CTX_set_psk_client_callback()\fR
-or \fISSL_set_psk_client_callback()\fR. The callback function is given the
+The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR
+or \fBSSL_set_psk_client_callback()\fR. The callback function is given the
 connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint
 sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of
 length \fBmax_identity_len\fR bytes where the resulting
@@ -234,13 +238,13 @@ length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to
 be stored.
 .PP
 The callback for use in TLSv1.2 will also work in TLSv1.3 although it is
-recommended to use \fISSL_CTX_set_psk_use_session_callback()\fR
-or \fISSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has
+recommended to use \fBSSL_CTX_set_psk_use_session_callback()\fR
+or \fBSSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has
 been negotiated then OpenSSL will first check to see if a callback has been set
-via \fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR
+via \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR
 and it will use that in preference. If no such callback is present then it will
-check to see if a callback has been set via \fISSL_CTX_set_psk_client_callback()\fR or
-\&\fISSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will
+check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or
+\&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will
 always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned
 \&\s-1PSK.\s0
 .SH "NOTES"
@@ -248,7 +252,7 @@ always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 f
 Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR.
 .PP
 A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption
-has occurred so that \fISSL_session_reused\fR\|(3) will return true.
+has occurred so that \fBSSL_session_reused\fR\|(3) will return true.
 .PP
 There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or
 below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution:
@@ -272,11 +276,11 @@ The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on
 failure. In the event of failure the connection setup fails.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_set_psk_find_session_callback\fR\|(3),
-\&\fISSL_set_psk_find_session_callback\fR\|(3)
+\&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3),
+\&\fBSSL_set_psk_find_session_callback\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_CTX_set_psk_use_session_callback()\fR and \fISSL_set_psk_use_session_callback()\fR
+\&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR
 were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
index ab6fa6a8b5b2b..d1081186d168a 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3"
-.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,29 +153,29 @@ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be
+\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be
 \&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time
-\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1.
+\&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1.
 .PP
-\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR.
+\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR.
 .PP
-\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be
+\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be
 \&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with
-\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again.
-It is not changed when \fISSL_clear\fR\|(3) is called.
+\&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again.
+It is not changed when \fBSSL_clear\fR\|(3) is called.
 \&\fBmode\fR may be 0 or 1.
 .PP
-\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR.
+\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Normally when a \s-1SSL\s0 connection is finished, the parties must send out
-close_notify alert messages using \fISSL_shutdown\fR\|(3)
+close_notify alert messages using \fBSSL_shutdown\fR\|(3)
 for a clean shutdown.
 .PP
-When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3)
+When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3)
 will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
-(\fISSL_shutdown\fR\|(3) then behaves like
-\&\fISSL_set_shutdown\fR\|(3) called with
+(\fBSSL_shutdown\fR\|(3) then behaves like
+\&\fBSSL_set_shutdown\fR\|(3) called with
 SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
 The session is thus considered to be shutdown, but no close_notify alert
 is sent to the peer. This behaviour violates the \s-1TLS\s0 standard.
@@ -179,16 +183,16 @@ is sent to the peer. This behaviour violates the \s-1TLS\s0 standard.
 The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return
+\&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return
 diagnostic information.
 .PP
-\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current
+\&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current
 setting.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3),
-\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3),
-\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3),
+\&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3),
+\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
index 53c5a3eca1fa2..84435b27103a8 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_READ_AHEAD 3"
-.TH SSL_CTX_SET_READ_AHEAD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_READ_AHEAD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,7 +154,7 @@ SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_read_ahead()\fR and \fISSL_set_read_ahead()\fR set whether we should read as
+\&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as
 many input bytes as possible (for non-blocking reads) or not. For example if
 \&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from
 the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes
@@ -158,36 +162,36 @@ into its buffer (providing that the buffer is large enough) if reading ahead is
 on, or \fBx\fR bytes otherwise.
 Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn
 it on.
-\&\fISSL_CTX_set_default_read_ahead()\fR is identical to \fISSL_CTX_set_read_ahead()\fR.
+\&\fBSSL_CTX_set_default_read_ahead()\fR is identical to \fBSSL_CTX_set_read_ahead()\fR.
 .PP
-\&\fISSL_CTX_get_read_ahead()\fR and \fISSL_get_read_ahead()\fR indicate whether reading
+\&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading
 ahead has been set or not.
-\&\fISSL_CTX_get_default_read_ahead()\fR is identical to \fISSL_CTX_get_read_ahead()\fR.
+\&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 These functions have no impact when used with \s-1DTLS.\s0 The return values for
-\&\fISSL_CTX_get_read_head()\fR and \fISSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting
-\&\fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR function
-(see \fISSL_pending\fR\|(3)).
+\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting
+\&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function
+(see \fBSSL_pending\fR\|(3)).
 .PP
-Since \fISSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data
-records, and \fISSL_has_pending()\fR can't tell the difference between processed and
+Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data
+records, and \fBSSL_has_pending()\fR can't tell the difference between processed and
 unprocessed data, it's recommended that if read ahead is turned on that
-\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fISSL_CTX_clear_mode()\fR.
+\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR.
 That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete
 record availale that hasn't been processed.
 .PP
 If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0
-connection) after the \s-1SSL\s0 connection is finished using \fISSL_shutdown()\fR reading
+connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading
 ahead should be turned off.
 Otherwise the \s-1SSL\s0 structure might read data that it shouldn't.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_get_read_ahead()\fR and \fISSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off,
+\&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off,
 and non zero otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_pending\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
index 3fb7c5f343213..5d5acc0be7951 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3"
-.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,28 +149,28 @@ SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_se
 \& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
 \&
 \& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
-\& void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx);
+\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
 \&
 \& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
-\& void *SSL_get_record_padding_callback_arg(SSL *ssl);
+\& void *SSL_get_record_padding_callback_arg(const SSL *ssl);
 \&
 \& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
 \& int SSL_set_block_padding(SSL *ssl, size_t block_size);
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_record_padding_callback()\fR or \fISSL_set_record_padding_callback()\fR
+\&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR
 can be used to assign a callback function \fIcb\fR to specify the padding
-for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR.
+for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR.
 .PP
-\&\fISSL_CTX_set_record_padding_callback_arg()\fR and \fISSL_set_record_padding_callback_arg()\fR
+\&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR
 assign a value \fBarg\fR that is passed to the callback when it is invoked. The value
-set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR.
+set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR.
 .PP
-\&\fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR
+\&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR
 retrieve the \fBarg\fR value that is passed to the callback.
 .PP
-\&\fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR pads the record to a multiple
+\&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple
 of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of
 \&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0
 .PP
@@ -174,14 +178,14 @@ The callback is invoked for every record before encryption.
 The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be
 one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0
 The \fBlen\fR parameter is the current plaintext length of the record before encryption.
-The \fBarg\fR parameter is the value set via \fISSL_CTX_set_record_padding_callback_arg()\fR
-or \fISSL_set_record_padding_callback_arg()\fR.
+The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR
+or \fBSSL_set_record_padding_callback_arg()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The \fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR
+The \fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR
 functions return the \fBarg\fR value assigned in the corresponding set functions.
 .PP
-The \fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR functions return 1 on success
+The \fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR functions return 1 on success
 or 0 if \fBblock_size\fR is too large.
 .PP
 The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0
@@ -193,7 +197,7 @@ maximum record size.
 The default behavior is to add no padding to the record.
 .PP
 A user-supplied padding callback function will override the behavior set by
-\&\fISSL_set_block_padding()\fR or \fISSL_CTX_set_block_padding()\fR. Setting the user-supplied
+\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied
 callback to \s-1NULL\s0 will restore the configured block padding behavior.
 .PP
 These functions only apply to \s-1TLS 1.3\s0 records being written.
@@ -201,13 +205,13 @@ These functions only apply to \s-1TLS 1.3\s0 records being written.
 Padding bytes are not added in constant-time.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 b/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
index 4064897fbf8cf..12e65a00b8d00 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_SECURITY_LEVEL 3"
-.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -171,21 +175,21 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The functions \fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR set
+The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set
 the security level to \fBlevel\fR. If not set the library default security level
 is used.
 .PP
-The functions \fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR
+The functions \fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR
 retrieve the current security level.
 .PP
-\&\fISSL_CTX_set_security_callback()\fR, \fISSL_set_security_callback()\fR,
-\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR get or set
+\&\fBSSL_CTX_set_security_callback()\fR, \fBSSL_set_security_callback()\fR,
+\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR get or set
 the security callback associated with \fBctx\fR or \fBs\fR. If not set a default
 security callback is used. The meaning of the parameters and the behaviour
 of the default callbacks is described below.
 .PP
-\&\fISSL_CTX_set0_security_ex_data()\fR, \fISSL_set0_security_ex_data()\fR,
-\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR set the
+\&\fBSSL_CTX_set0_security_ex_data()\fR, \fBSSL_set0_security_ex_data()\fR,
+\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR set the
 extra data pointer passed to the \fBex\fR parameter of the callback. This
 value is passed to the callback verbatim and can be set to any convenient
 application specific value.
@@ -274,27 +278,27 @@ alert.
 .PP
 Attempts to set certificates or parameters with insufficient security are
 also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0
-key using \fISSL_CTX_use_certificate()\fR at level 1. Applications which do not
+key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not
 check the return values for errors will misbehave: for example it might
 appear that a certificate is not set at all because it had been rejected.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR do not return values.
+\&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values.
 .PP
-\&\fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR return a integer that
+\&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that
 represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively.
 .PP
-\&\fISSL_CTX_set_security_callback()\fR and \fISSL_set_security_callback()\fR do not return
+\&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return
 values.
 .PP
-\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR return the pointer
+\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer
 to the security callback or \s-1NULL\s0 if the callback is not set.
 .PP
-\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR return the extra
+\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra
 data pointer or \s-1NULL\s0 if the ex data is not set.
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.1.0
+These functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
index 258f0e8d64467..a9c9c6321817f 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3"
-.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,10 +150,10 @@ SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching
+\&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching
 by setting the operational mode for \fBctx\fR to <mode>.
 .PP
-\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode.
+\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode.
 .SH "NOTES"
 .IX Header "NOTES"
 The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse.
@@ -169,7 +173,7 @@ the external storage if available.
 .PP
 Since a client may try to reuse a session intended for use in a different
 context, the session id context must be set by the server (see
-\&\fISSL_CTX_set_session_id_context\fR\|(3)).
+\&\fBSSL_CTX_set_session_id_context\fR\|(3)).
 .PP
 The following session cache modes and modifiers are available:
 .IP "\s-1SSL_SESS_CACHE_OFF\s0" 4
@@ -181,7 +185,7 @@ Client sessions are added to the session cache. As there is no reliable way
 for the OpenSSL library to know whether a session should be reused or which
 session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not
 have details about the connection), the application must select the session
-to be reused by using the \fISSL_set_session\fR\|(3)
+to be reused by using the \fBSSL_set_session\fR\|(3)
 function. This option is not activated by default.
 .IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4
 .IX Item "SSL_SESS_CACHE_SERVER"
@@ -197,10 +201,10 @@ Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the
 .IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR"
 Normally the session cache is checked for expired sessions every
 255 connections using the
-\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since
+\&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since
 this may lead to a delay which cannot be controlled, the automatic
 flushing may be disabled and
-\&\fISSL_CTX_flush_sessions\fR\|(3) can be called
+\&\fBSSL_CTX_flush_sessions\fR\|(3) can be called
 explicitly by the application.
 .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4
 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP"
@@ -217,7 +221,7 @@ sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible re
 Normally a new session is added to the internal cache as well as any external
 session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will
 prevent sessions being stored in the internal cache (though the application can
-add them manually using \fISSL_CTX_add_session\fR\|(3)). Note:
+add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note:
 in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful
 session lookups in the external cache (ie. for session-resume requests) would
 normally be copied into the local cache before processing continues \- this flag
@@ -230,20 +234,20 @@ Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and
 The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode.
+\&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode.
 .PP
-\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode.
+\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3),
-\&\fISSL_session_reused\fR\|(3),
-\&\fISSL_CTX_add_session\fR\|(3),
-\&\fISSL_CTX_sess_number\fR\|(3),
-\&\fISSL_CTX_sess_set_cache_size\fR\|(3),
-\&\fISSL_CTX_sess_set_get_cb\fR\|(3),
-\&\fISSL_CTX_set_session_id_context\fR\|(3),
-\&\fISSL_CTX_set_timeout\fR\|(3),
-\&\fISSL_CTX_flush_sessions\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3),
+\&\fBSSL_session_reused\fR\|(3),
+\&\fBSSL_CTX_add_session\fR\|(3),
+\&\fBSSL_CTX_sess_number\fR\|(3),
+\&\fBSSL_CTX_sess_set_cache_size\fR\|(3),
+\&\fBSSL_CTX_sess_set_get_cb\fR\|(3),
+\&\fBSSL_CTX_set_session_id_context\fR\|(3),
+\&\fBSSL_CTX_set_timeout\fR\|(3),
+\&\fBSSL_CTX_flush_sessions\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
index e2baae0bec7ce..4ad5e3fcd2812 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3"
-.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,10 +152,10 @@ SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
+\&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
 \&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object.
 .PP
-\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
+\&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
 \&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -166,8 +170,8 @@ to use e.g. the name of the application and/or the hostname and/or service
 name ...
 .PP
 The session id context becomes part of the session. The session id context
-is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and
-\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the
+is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and
+\&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the
 server side.
 .PP
 OpenSSL clients will check the session id context returned by the server
@@ -189,7 +193,7 @@ as an OpenSSL server checks the session id context itself before reusing
 a session as described above.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR
+\&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR
 return the following values:
 .IP "0" 4
 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded
@@ -200,7 +204,7 @@ is logged to the error stack.
 The operation succeeded.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
index b31566c3208f4..4b48d0b138d94 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3"
-.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,15 +160,15 @@ SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR
+\&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR
 and \fBdec_cb\fR that are used by a server to set and get application data stored
 with a session, and placed into a session ticket. Either callback function may
 be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks.
 .PP
 \&\fBgen_cb\fR is the application defined callback invoked when a session ticket is
-about to be created. The application can call \fISSL_SESSION_set1_ticket_appdata()\fR
+about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR
 at this time to add application data to the session ticket. The value of \fBarg\fR
-is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR
+is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR
 callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR.
 .PP
 \&\fBdec_cb\fR is the application defined callback invoked after session ticket
@@ -173,22 +177,22 @@ available. If ticket decryption was successful then the \fBss\fR argument contai
 the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key
 used to decrypt the session ticket. The \fBstatus\fR argument is the result of the
 ticket decryption. See the \s-1NOTES\s0 section below for further details. The value
-of \fBarg\fR is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The
+of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The
 \&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR.
 .PP
-\&\fISSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by
+\&\fBSSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by
 \&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session
 tickets. It can be called at any time before a session ticket is created to
 update the data placed into the session ticket. However, given that sessions
 and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify
 the application that a session ticket is about to be generated.
 .PP
-\&\fISSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket
+\&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket
 application data and assigns \fBlen\fR to the length of the session ticket
 application data from \fBss\fR. The application data can be set via
-\&\fISSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned
+\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned
 to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket
-application data. \fISSL_SESSION_get0_ticket_appdata()\fR can be called any time
+application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time
 after a session has been created. The \fBdec_cb\fR is provided to notify the
 application that a session ticket has just been decrypted.
 .SH "NOTES"
@@ -258,21 +262,21 @@ If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET
 no session data will be available and the callback must not use the \fBss\fR
 argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or
 \&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call
-\&\fISSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR
+\&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR
 argument to retrieve the application data.
 .PP
-When the \fBgen_cb\fR callback is invoked, the \fISSL_get_session()\fR function can be
-used to retrieve the \s-1SSL_SESSION\s0 for \fISSL_SESSION_set1_ticket_appdata()\fR.
+When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be
+used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR.
 .PP
 By default, in TLSv1.2 and below, a new session ticket is not issued on a
 successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the
 default behaviour is to always issue a new ticket on resumption. In both cases
 this behaviour can be changed if a ticket key callback is in use (see
-\&\fISSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)).
+\&\fBSSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The \fISSL_CTX_set_session_ticket_cb()\fR, \fISSL_SESSION_set1_ticket_appdata()\fR and
-\&\fISSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on
+The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and
+\&\fBSSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on
 failure.
 .PP
 The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0
@@ -281,12 +285,12 @@ will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert.
 The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_get_session\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_get_session\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_CTX_set_session_ticket_cb()\fR, \fISSSL_SESSION_set1_ticket_appdata()\fR and
-\&\fISSL_SESSION_get_ticket_appdata()\fR were added to OpenSSL 1.1.1.
+The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSSL_SESSION_set1_ticket_appdata()\fR
+and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 b/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
index 37184bfc026d6..15d3a6dff5ed8 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3"
-.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -171,27 +175,27 @@ that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine pro
 \&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for
 development and test purposes only.
 .PP
-\&\fISSL_CTX_set_max_send_fragment()\fR and \fISSL_set_max_send_fragment()\fR set the
+\&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the
 \&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This
 value restricts the amount of plaintext bytes that will be sent in any one
 \&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These
 functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0
 .PP
-\&\fISSL_CTX_set_max_pipelines()\fR and \fISSL_set_max_pipelines()\fR set the maximum number
+\&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number
 of pipelines that will be used at any one time. This value applies to both
 \&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be
 used (i.e. normal non-parallel operation). The number of pipelines set must be
 in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also
-automatically turn on \*(L"read_ahead\*(R" (see \fISSL_CTX_set_read_ahead\fR\|(3)). This is
+automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is
 explained further below. OpenSSL will only every use more than one pipeline if
 a cipher suite is negotiated that uses a pipeline capable cipher provided by an
 engine.
 .PP
 Pipelining operates slightly differently for reading encrypted data compared to
-writing encrypted data. \fISSL_CTX_set_split_send_fragment()\fR and
-\&\fISSL_set_split_send_fragment()\fR define how data is split up into pipelines when
+writing encrypted data. \fBSSL_CTX_set_split_send_fragment()\fR and
+\&\fBSSL_set_split_send_fragment()\fR define how data is split up into pipelines when
 writing encrypted data. The number of pipelines used will be determined by the
-amount of data provided to the \fISSL_write_ex()\fR or \fISSL_write()\fR call divided by
+amount of data provided to the \fBSSL_write_ex()\fR or \fBSSL_write()\fR call divided by
 \&\fBsplit_send_fragment\fR.
 .PP
 For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4
@@ -222,29 +226,29 @@ read as much data into the read buffer as the network can provide and will fit
 into the buffer. Without this set data is read into the read buffer one record
 at a time. The more data that can be read, the more opportunity there is for
 parallelising the processing at the cost of increased memory overhead per
-connection. Setting \fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR
-function (see \fISSL_pending\fR\|(3)).
+connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR
+function (see \fBSSL_pending\fR\|(3)).
 .PP
-The \fISSL_CTX_set_default_read_buffer_len()\fR and \fISSL_set_default_read_buffer_len()\fR
+The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR
 functions control the size of the read buffer that will be used. The \fBlen\fR
 parameter sets the size of the buffer. The value will only be used if it is
 greater than the default that would have been used anyway. The normal default
 value depends on a number of factors but it will be at least
 \&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes.
 .PP
-\&\fISSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment
+\&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment
 length negotiation mode via value \fBmode\fR to \fBctx\fR.
 This setting affects only \s-1SSL\s0 instances created after this function is called.
 It affects the client-side as only its side may initiate this extension use.
 .PP
-\&\fISSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length
+\&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length
 negotiation mode via value \fBmode\fR to \fBssl\fR.
 This setting will be used during a handshake when extensions are exchanged
 between client and server.
 So it only affects \s-1SSL\s0 sessions created after this function is called.
 It affects the client-side as only its side may initiate this extension use.
 .PP
-\&\fISSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length
+\&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length
 negotiated in \fBsession\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -253,7 +257,7 @@ All non-void functions return 1 on success and 0 on failure.
 .IX Header "NOTES"
 The Maximum Fragment Length extension support is optional on the server side.
 If the server does not support this extension then
-\&\fISSL_SESSION_get_max_fragment_length()\fR will return:
+\&\fBSSL_SESSION_get_max_fragment_length()\fR will return:
 TLSEXT_max_fragment_length_DISABLED.
 .PP
 The following modes are available:
@@ -273,22 +277,22 @@ Sets Maximum Fragment Length to 2048.
 .IX Item "TLSEXT_max_fragment_length_4096"
 Sets Maximum Fragment Length to 4096.
 .PP
-With the exception of \fISSL_CTX_set_default_read_buffer_len()\fR
-\&\fISSL_set_default_read_buffer_len()\fR, \fISSL_CTX_set_tlsext_max_fragment_length()\fR,
-\&\fISSL_set_tlsext_max_fragment_length()\fR and \fISSL_SESSION_get_max_fragment_length()\fR
+With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR
+\&\fBSSL_set_default_read_buffer_len()\fR, \fBSSL_CTX_set_tlsext_max_fragment_length()\fR,
+\&\fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR
 all these functions are implemented using macros.
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fISSL_CTX_set_max_pipelines()\fR, \fISSL_set_max_pipelines()\fR,
-\&\fISSL_CTX_set_split_send_fragment()\fR, \fISSL_set_split_send_fragment()\fR,
-\&\fISSL_CTX_set_default_read_buffer_len()\fR and  \fISSL_set_default_read_buffer_len()\fR
+The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR,
+\&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR,
+\&\fBSSL_CTX_set_default_read_buffer_len()\fR and  \fBSSL_set_default_read_buffer_len()\fR
 functions were added in OpenSSL 1.1.0.
 .PP
-\&\fISSL_CTX_set_tlsext_max_fragment_length()\fR, \fISSL_set_tlsext_max_fragment_length()\fR
-and \fISSL_SESSION_get_max_fragment_length()\fR were added in OpenSSL 1.1.1.
+The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR
+and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_set_read_ahead\fR\|(3), \fISSL_pending\fR\|(3)
+\&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
index 0395f566801e2..1304770132e96 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_SSL_VERSION 3"
-.TH SSL_CTX_SET_SSL_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_SSL_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,32 +147,32 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a ne
 \&
 \& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
 \& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
-\& const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl);
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects
+\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects
 newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with
-\&\fISSL_new\fR\|(3) are not affected, except when
-\&\fISSL_clear\fR\|(3) is being called.
+\&\fBSSL_new\fR\|(3) are not affected, except when
+\&\fBSSL_clear\fR\|(3) is being called.
 .PP
-\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR
-object. It may be reset, when \fISSL_clear()\fR is called.
+\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR
+object. It may be reset, when \fBSSL_clear()\fR is called.
 .PP
-\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method
+\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method
 set in \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The available \fBmethod\fR choices are described in
-\&\fISSL_CTX_new\fR\|(3).
+\&\fBSSL_CTX_new\fR\|(3).
 .PP
-When \fISSL_clear\fR\|(3) is called and no session is connected to
+When \fBSSL_clear\fR\|(3) is called and no session is connected to
 an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently
 set in the corresponding \s-1SSL_CTX\s0 object.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The following return values can occur for \fISSL_CTX_set_ssl_version()\fR
-and \fISSL_set_ssl_method()\fR:
+The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR
+and \fBSSL_set_ssl_method()\fR:
 .IP "0" 4
 The new choice failed, check the error stack to find out the reason.
 .IP "1" 4
@@ -176,12 +180,12 @@ The new choice failed, check the error stack to find out the reason.
 The operation succeeded.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3),
-\&\fISSL_clear\fR\|(3), \fIssl\fR\|(7),
-\&\fISSL_set_connect_state\fR\|(3)
+\&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3),
+\&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7),
+\&\fBSSL_set_connect_state\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
index b6c96ba3e964f..df7bb39ce5f75 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3"
-.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,26 +158,26 @@ SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fISSL_stateless\fR\|(3)
+\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3)
 to generate the application-controlled portion of the cookie provided to clients
 in the HelloRetryRequest transmitted as a response to a ClientHello with a
-missing or invalid cookie. \fIgen_stateless_cookie_cb()\fR must write at most
+missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must write at most
 \&\s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number of bytes
 written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value
 can be used to abort the handshake.
 .PP
-\&\fISSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fISSL_stateless\fR\|(3) to
+\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) to
 determine whether the application-controlled portion of a ClientHello cookie is
-valid. A nonzero return value from \fIapp_verify_cookie_cb()\fR communicates that the
+valid. A nonzero return value from \fBapp_verify_cookie_cb()\fR communicates that the
 cookie is valid. The integrity of the entire cookie, including the
 application-controlled portion, is automatically verified by \s-1HMAC\s0 before
-\&\fIverify_stateless_cookie_cb()\fR is called.
+\&\fBverify_stateless_cookie_cb()\fR is called.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 Neither function returns a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_stateless\fR\|(3)
+\&\fBSSL_stateless\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
index 263dfb5aa860d..22b18d8c20437 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_TIMEOUT 3"
-.TH SSL_CTX_SET_TIMEOUT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_TIMEOUT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,10 +150,10 @@ SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for sessio
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for
+\&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for
 \&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds.
 .PP
-\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR.
+\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Whenever a new session is created, it is assigned a maximum lifetime. This
@@ -162,29 +166,29 @@ valid at the time of the session negotiation. Changes of the timeout value
 do not affect already established sessions.
 .PP
 The expiration time of a single session can be modified using the
-\&\fISSL_SESSION_get_time\fR\|(3) family of functions.
+\&\fBSSL_SESSION_get_time\fR\|(3) family of functions.
 .PP
 Expired sessions are removed from the internal session cache, whenever
-\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either
+\&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either
 directly by the application or automatically (see
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3))
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3))
 .PP
 The default value for session timeout is decided on a per protocol
-basis, see \fISSL_get_default_timeout\fR\|(3).
+basis, see \fBSSL_get_default_timeout\fR\|(3).
 All currently supported protocols have the same default timeout value
 of 300 seconds.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value.
+\&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value.
 .PP
-\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value.
+\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
-\&\fISSL_SESSION_get_time\fR\|(3),
-\&\fISSL_CTX_flush_sessions\fR\|(3),
-\&\fISSL_get_default_timeout\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_SESSION_get_time\fR\|(3),
+\&\fBSSL_CTX_flush_sessions\fR\|(3),
+\&\fBSSL_get_default_timeout\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
index 72818fd0f1d1b..f0c8c513282d2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3"
-.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,26 +157,26 @@ SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_g
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The functionality provided by the servername callback is superseded by the
-ClientHello callback, which can be set using \fISSL_CTX_set_client_hello_cb()\fR.
+ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR.
 The servername callback is retained for historical compatibility.
 .PP
-\&\fISSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR
+\&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR
 used by a server to perform any actions or configuration required based on
 the servername extension received in the incoming connection. When \fBcb\fR
 is \s-1NULL, SNI\s0 is not used. The \fBarg\fR value is a pointer which is passed to
 the application callback.
 .PP
-\&\fISSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be
+\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be
 passed into the callback for this \fB\s-1SSL_CTX\s0\fR.
 .PP
-\&\fISSL_get_servername()\fR returns a servername extension value of the specified
+\&\fBSSL_get_servername()\fR returns a servername extension value of the specified
 type if provided in the Client Hello or \s-1NULL.\s0
 .PP
-\&\fISSL_get_servername_type()\fR returns the servername type or \-1 if no servername
+\&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername
 is present. Currently the only supported type (defined in \s-1RFC3546\s0) is
 \&\fBTLSEXT_NAMETYPE_host_name\fR.
 .PP
-\&\fISSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension
+\&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension
 to contain the value \fBname\fR. The type of server name indication extension is set
 to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0).
 .SH "NOTES"
@@ -181,17 +185,17 @@ Several callbacks are executed during ClientHello processing, including
 the ClientHello, \s-1ALPN,\s0 and servername callbacks.  The ClientHello callback is
 executed first, then the servername callback, followed by the \s-1ALPN\s0 callback.
 .PP
-The \fISSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects
+The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects
 that will act as clients; otherwise the configured \fBname\fR will be ignored.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_tlsext_servername_callback()\fR and
-\&\fISSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success.
-\&\fISSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error.
+\&\fBSSL_CTX_set_tlsext_servername_callback()\fR and
+\&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success.
+\&\fBSSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_alpn_select_cb\fR\|(3),
-\&\fISSL_get0_alpn_selected\fR\|(3), \fISSL_CTX_set_client_hello_cb\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3),
+\&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
index 112071245e8be..8bbc513e0582b 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3"
-.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,46 +164,46 @@ SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_s
 .IX Header "DESCRIPTION"
 A client application may request that a server send back an \s-1OCSP\s0 status response
 (also known as \s-1OCSP\s0 stapling). To do so the client should call the
-\&\fISSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0
-objects. Alternatively an application can call the \fISSL_set_tlsext_status_type()\fR
+\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0
+objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR
 function on an individual \s-1SSL\s0 object prior to the start of the handshake.
 Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value
 should be passed in the \fBtype\fR argument. Calling
-\&\fISSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR
-previously set via \fISSL_CTX_set_tlsext_status_type()\fR or \-1 if not set.
+\&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR
+previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set.
 .PP
 The client should additionally provide a callback function to decide what to do
-with the returned \s-1OCSP\s0 response by calling \fISSL_CTX_set_tlsext_status_cb()\fR. The
+with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The
 callback function should determine whether the returned \s-1OCSP\s0 response is
 acceptable or not. The callback will be passed as an argument the value
-previously set via a call to \fISSL_CTX_set_tlsext_status_arg()\fR. Note that the
+previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the
 callback will not be called in the event of a handshake where session resumption
 occurs (because there are no Certificates exchanged in such a handshake).
-The callback previously set via \fISSL_CTX_set_tlsext_status_cb()\fR can be retrieved
-by calling \fISSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling
-\&\fISSL_CTX_get_tlsext_status_arg()\fR.
+The callback previously set via \fBSSL_CTX_set_tlsext_status_cb()\fR can be retrieved
+by calling \fBSSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling
+\&\fBSSL_CTX_get_tlsext_status_arg()\fR.
 .PP
-On the client side \fISSL_get_tlsext_status_type()\fR can be used to determine whether
-the client has previously called \fISSL_set_tlsext_status_type()\fR. It will return
+On the client side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether
+the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return
 \&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server
-side \fISSL_get_tlsext_status_type()\fR can be used to determine whether the client
+side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client
 requested \s-1OCSP\s0 stapling. If the client requested it then this function will
 return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise.
 .PP
 The response returned by the server can be obtained via a call to
-\&\fISSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point
+\&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point
 to the \s-1OCSP\s0 response data and the return value will be the length of that data.
 Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a
-call to the \fId2i_OCSP_RESPONSE()\fR function. If the server has not provided any
+call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any
 response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from
-\&\fISSL_get_tlsext_status_ocsp_resp()\fR will be \-1.
+\&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1.
 .PP
-A server application must also call the \fISSL_CTX_set_tlsext_status_cb()\fR function
+A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function
 if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status
 responses. Typically the server callback would obtain the server certificate
-that is being sent back to the client via a call to \fISSL_get_certificate()\fR;
+that is being sent back to the client via a call to \fBSSL_get_certificate()\fR;
 obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by
-calling \fISSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should
+calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should
 be provided in the \fBresp\fR argument, and the length of that data should be in
 the \fBlen\fR argument.
 .SH "RETURN VALUES"
@@ -214,23 +218,23 @@ returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response sho
 returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has
 occurred).
 .PP
-\&\fISSL_CTX_set_tlsext_status_cb()\fR, \fISSL_CTX_set_tlsext_status_arg()\fR,
-\&\fISSL_CTX_set_tlsext_status_type()\fR, \fISSL_set_tlsext_status_type()\fR and
-\&\fISSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success.
+\&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR,
+\&\fBSSL_CTX_set_tlsext_status_type()\fR, \fBSSL_set_tlsext_status_type()\fR and
+\&\fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success.
 .PP
-\&\fISSL_CTX_get_tlsext_status_type()\fR returns the value previously set by
-\&\fISSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set.
+\&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by
+\&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set.
 .PP
-\&\fISSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data
+\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data
 or \-1 if there is no \s-1OCSP\s0 response data.
 .PP
-\&\fISSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client
-side if \fISSL_set_tlsext_status_type()\fR was previously called, or on the server
+\&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client
+side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server
 side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_get_tlsext_status_type()\fR, \fISSL_CTX_get_tlsext_status_type()\fR and
-\&\fISSL_CTX_set_tlsext_status_type()\fR were added in OpenSSL 1.1.0.
+The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR
+and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
index be751a3b0d9b4..f25f15421d2a2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3"
-.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,7 +152,7 @@ SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling
+\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling
 session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in
 \&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server
 implementation is not required to maintain per session state. It only applies
@@ -171,7 +175,7 @@ ticket information or it starts a full \s-1TLS\s0 handshake to create a new sess
 ticket.
 .PP
 Before the callback function is started \fIctx\fR and \fIhctx\fR have been
-initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
+initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively.
 .PP
 For new sessions tickets, when the client doesn't present a session ticket, or
 an attempted retrieval of the ticket failed, or a renew option was indicated,
@@ -186,8 +190,8 @@ maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBe
 .PP
 The initialization vector \fIiv\fR should be a random value. The cipher context
 \&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be
-set using \fIEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using
-\&\fIHMAC_Init_ex\fR\|(3).
+set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using
+\&\fBHMAC_Init_ex\fR\|(3).
 .PP
 When the client presents a session ticket, the callback function with be called
 with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set
@@ -195,8 +199,8 @@ of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out
 the session ticket. The OpenSSL library expects that the \fIname\fR will be used
 to retrieve a cryptographic parameters and that the cryptographic context
 \&\fIctx\fR will be set with the retrieved parameters and the initialization vector
-\&\fIiv\fR. using a function like \fIEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be
-set using \fIHMAC_Init_ex\fR\|(3).
+\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be
+set using \fBHMAC_Init_ex\fR\|(3).
 .PP
 If the \fIname\fR is still valid but a renewal of the ticket is required the
 callback function should return 2. The library will call the callback again
@@ -303,12 +307,12 @@ Reference Implementation:
 returns 0 to indicate the callback function was set.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3),
-\&\fISSL_session_reused\fR\|(3),
-\&\fISSL_CTX_add_session\fR\|(3),
-\&\fISSL_CTX_sess_number\fR\|(3),
-\&\fISSL_CTX_sess_set_get_cb\fR\|(3),
-\&\fISSL_CTX_set_session_id_context\fR\|(3),
+\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3),
+\&\fBSSL_session_reused\fR\|(3),
+\&\fBSSL_CTX_add_session\fR\|(3),
+\&\fBSSL_CTX_sess_number\fR\|(3),
+\&\fBSSL_CTX_sess_set_get_cb\fR\|(3),
+\&\fBSSL_CTX_set_session_id_context\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
index c4b996593968e..e736ce0c1114d 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3"
-.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,9 +163,9 @@ extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will b
 \&\s-1TLS\s0 connection is attempted.
 .PP
 An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call
-\&\fISSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently
+\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently
 created from an \s-1SSL_CTX.\s0 Alternatively a client may call
-\&\fISSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The
+\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The
 \&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of
 \&\s-1SRTP\s0 protection profile names.
 .PP
@@ -182,23 +186,23 @@ This corresponds to the profile of the same name defined in \s-1RFC7714.\s0
 Supplying an unrecognised protection profile name will result in an error.
 .PP
 An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call
-\&\fISSL_CTX_set_tlsext_use_srtp()\fR or \fISSL_set_tlsext_use_srtp()\fR to indicate the
+\&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the
 protection profiles that it is willing to negotiate.
 .PP
 The currently configured list of protection profiles for either a client or a
-server can be obtained by calling \fISSL_get_srtp_profiles()\fR. This returns a stack
+server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack
 of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of
 this function should not be freed by the caller.
 .PP
 After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if
 any) can be obtained (on the client or the server) by calling
-\&\fISSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0
+\&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0
 protection profile was negotiated. The memory returned from this function should
 not be freed by the caller.
 .PP
 If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0
 keying material (on both the client and server) should be obtained via a call to
-\&\fISSL_export_keying_material\fR\|(3). This call should provide a label value of
+\&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of
 \&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total
 length of keying material obtained should be equal to two times the sum of the
 master key length and the salt length as defined for the protection profile in
@@ -206,17 +210,17 @@ use. This provides the client write master key, the server write master key, the
 client write master salt and the server write master salt in that order.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_tlsext_use_srtp()\fR and \fISSL_set_tlsext_use_srtp()\fR return 0 on success
+\&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success
 or 1 on error.
 .PP
-\&\fISSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on
+\&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on
 success or \s-1NULL\s0 on error or if no protection profiles have been configured.
 .PP
-\&\fISSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0
+\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0
 object if one has been negotiated or \s-1NULL\s0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_export_keying_material\fR\|(3)
+\&\fBSSL_export_keying_material\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
index aeead48d763cf..80ec6b6ff938e 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3"
-.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,16 +157,16 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be
+\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be
 used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR.
 The callback is inherited by all \fBssl\fR objects created from \fBctx\fR.
 .PP
-\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR.
+\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR.
 The key is inherited by all \fBssl\fR objects created from \fBctx\fR.
 .PP
-\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR.
+\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR.
 .PP
-\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR.
+\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR.
 .PP
 These functions apply to \s-1SSL/TLS\s0 servers only.
 .SH "NOTES"
@@ -191,14 +195,14 @@ should not generate the parameters on the fly but supply the parameters.
 the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker
 may specialize on a very often used \s-1DH\s0 group. Applications should therefore
 generate their own \s-1DH\s0 parameters during the installation process using the
-openssl \fIdhparam\fR\|(1) application. This application
+openssl \fBdhparam\fR\|(1) application. This application
 guarantees that \*(L"strong\*(R" primes are used.
 .PP
 Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
 version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters,
 which use safe primes and were generated verifiably pseudo-randomly.
 These files can be converted into C code using the \fB\-C\fR option of the
-\&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0
+\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0
 parameters during installation should still be preferred to stop an
 attacker from specializing on a commonly used group. File dh1024.pem
 contains old parameters that must not be used by applications.
@@ -209,7 +213,7 @@ can supply the \s-1DH\s0 parameters via a callback function.
 Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR
 parameters to control parameter generation for export and non-export
 cipher suites. Modern servers that do not support export cipher suites
-are advised to either use \fISSL_CTX_set_tmp_dh()\fR or alternatively, use
+are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use
 the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply
 supply at least 2048\-bit parameters in the callback.
 .SH "EXAMPLES"
@@ -245,16 +249,16 @@ Code for setting up parameters during server initialization:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return
+\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return
 diagnostic output.
 .PP
-\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0
+\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0
 on failure. Check the error queue to find out the reason of failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3),
-\&\fISSL_CTX_set_options\fR\|(3),
-\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3),
+\&\fBSSL_CTX_set_options\fR\|(3),
+\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
index 487592294d9af..480b992b52616 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_SET_VERIFY 3"
-.TH SSL_CTX_SET_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_VERIFY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,34 +160,34 @@ SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and
+\&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and
 specifies the \fBverify_callback\fR function to be used. If no callback function
 shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR.
 .PP
-\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and
+\&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and
 specifies the \fBverify_callback\fR function to be used. If no callback function
 shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In
 this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If
 no special \fBcallback\fR was set before, the default callback for the underlying
 \&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with
-\&\fISSL_new\fR\|(3). Within the callback function,
+\&\fBSSL_new\fR\|(3). Within the callback function,
 \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index
 of the current \s-1SSL\s0 object that is doing the verification.
 .PP
-\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
+\&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
 verification that shall be allowed for \fBctx\fR.
 .PP
-\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
+\&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
 verification that shall be allowed for \fBssl\fR.
 .PP
-\&\fISSL_CTX_set_post_handshake_auth()\fR and \fISSL_set_post_handshake_auth()\fR enable the
+\&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the
 Post-Handshake Authentication extension to be added to the ClientHello such that
 post-handshake authentication can be requested by the server. If \fBval\fR is 0
 then the extension is not sent, otherwise it is. By default the extension is not
 sent. A certificate callback will need to be set via
-\&\fISSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization.
+\&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization.
 .PP
-\&\fISSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be
+\&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be
 sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must
 be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional.
 .SH "NOTES"
@@ -198,7 +202,7 @@ client, so the client will not send a certificate.
 \&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the
 server will send a certificate which will be checked. The result of the
 certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake
-using the \fISSL_get_verify_result\fR\|(3) function.
+using the \fBSSL_get_verify_result\fR\|(3) function.
 The handshake will be continued regardless of the verification result.
 .IP "\s-1SSL_VERIFY_PEER\s0" 4
 .IX Item "SSL_VERIFY_PEER"
@@ -236,7 +240,7 @@ during the initial handshake. This flag must be used together with
 .IX Item "SSL_VERIFY_POST_HANDSHAKE"
 \&\fBServer mode:\fR the server will not send a client certificate request
 during the initial handshake, but will send the request via
-\&\fISSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0
+\&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0
 to be configured for post-handshake peer verification before the
 handshake occurs. This flag must be used together with
 \&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections.
@@ -248,13 +252,13 @@ If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set.
 The actual verification procedure is performed either using the built-in
 verification procedure or using another application provided verification
 function set with
-\&\fISSL_CTX_set_cert_verify_callback\fR\|(3).
+\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3).
 The following descriptions apply in the case of the built-in procedure. An
 application provided procedure also has access to the verify depth information
-and the \fIverify_callback()\fR function, but the way this information is used
+and the \fBverify_callback()\fR function, but the way this information is used
 may be different.
 .PP
-\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set a limit on the
+\&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the
 number of certificates between the end-entity and trust-anchor certificates.
 Neither the
 end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the
@@ -294,7 +298,7 @@ the verification process is continued. If \fBverify_callback\fR always returns
 1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification
 failures and the connection will be established. The calling process can
 however retrieve the error code of the last verification error using
-\&\fISSL_get_verify_result\fR\|(3) or by maintaining its
+\&\fBSSL_get_verify_result\fR\|(3) or by maintaining its
 own error storage managed by \fBverify_callback\fR.
 .PP
 If no \fBverify_callback\fR is specified, the default callback will be used.
@@ -302,15 +306,15 @@ Its return value is identical to \fBpreverify_ok\fR, so that any verification
 failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an
 alert message, if \s-1SSL_VERIFY_PEER\s0 is set.
 .PP
-After calling \fISSL_set_post_handshake_auth()\fR, the client will need to add a
+After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a
 certificate or certificate callback to its configuration before it can
-successfully authenticate. This must be called before \fISSL_connect()\fR.
+successfully authenticate. This must be called before \fBSSL_connect()\fR.
 .PP
-\&\fISSL_verify_client_post_handshake()\fR requires that verify flags have been
+\&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been
 previously set, and that a client sent the post-handshake authentication
 extension. When the client returns a certificate the verify callback will be
 invoked. A write operation must take place for the Certificate Request to be
-sent to the client, this can be done with \fISSL_do_handshake()\fR or \fISSL_write_ex()\fR.
+sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR.
 Only one certificate request may be outstanding at any time.
 .PP
 When post-handshake authentication occurs, a refreshed NewSessionTicket
@@ -325,7 +329,7 @@ required.
 .IX Header "RETURN VALUES"
 The SSL*_set_verify*() functions do not provide diagnostic information.
 .PP
-The \fISSL_verify_client_post_handshake()\fR function returns 1 if the request
+The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request
 succeeded, and 0 if the request failed. The error stack can be examined
 to determine the failure reason.
 .SH "EXAMPLES"
@@ -342,8 +346,8 @@ certificates.
 .PP
 The example makes use of the ex_data technique to store application data
 into/retrieve application data from the \s-1SSL\s0 structure
-(see \fICRYPTO_get_ex_new_index\fR\|(3),
-\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)).
+(see \fBCRYPTO_get_ex_new_index\fR\|(3),
+\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)).
 .PP
 .Vb 7
 \& ...
@@ -445,19 +449,19 @@ into/retrieve application data from the \s-1SSL\s0 structure
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3),
-\&\fISSL_CTX_get_verify_mode\fR\|(3),
-\&\fISSL_get_verify_result\fR\|(3),
-\&\fISSL_CTX_load_verify_locations\fR\|(3),
-\&\fISSL_get_peer_certificate\fR\|(3),
-\&\fISSL_CTX_set_cert_verify_callback\fR\|(3),
-\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3),
-\&\fISSL_CTX_set_client_cert_cb\fR\|(3),
-\&\fICRYPTO_get_ex_new_index\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3),
+\&\fBSSL_CTX_get_verify_mode\fR\|(3),
+\&\fBSSL_get_verify_result\fR\|(3),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3),
+\&\fBSSL_get_peer_certificate\fR\|(3),
+\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3),
+\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3),
+\&\fBSSL_CTX_set_client_cert_cb\fR\|(3),
+\&\fBCRYPTO_get_ex_new_index\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fISSL_verify_client_post_handshake()\fR
-and \fISSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1.
+The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR
+and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
index 862eca97053e4..1369d9db0022d 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_USE_CERTIFICATE 3"
-.TH SSL_CTX_USE_CERTIFICATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_USE_CERTIFICATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -178,49 +182,49 @@ or \s-1SSL\s0 object, respectively.
 .PP
 The SSL_CTX_* class of functions loads the certificates and keys into the
 \&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR
-created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that
+created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that
 changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects.
 .PP
 The SSL_* class of functions only loads certificates and keys into a
 specific \s-1SSL\s0 object. The specific information is kept, when
-\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object.
+\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object.
 .PP
-\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR,
-\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the
+\&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR,
+\&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the
 certificates needed to form the complete certificate chain can be
 specified using the
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)
 function.
 .PP
-\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from
+\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from
 the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR,
-\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR.
+\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR.
 .PP
-\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR
+\&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR
 into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified
 from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0
-\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR.
-See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR
+\&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR.
+See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR
 should be preferred.
 .PP
-\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from
+\&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from
 \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must
 be sorted starting with the subject's certificate (actual client or server
 certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and
-ending at the highest level (root) \s-1CA.\s0 \fISSL_use_certificate_chain_file()\fR is
+ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is
 similar except it loads the certificate chain into \fBssl\fR.
 .PP
-\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR.
-\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0
-to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR;
-\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR.
+\&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR.
+\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0
+to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR;
+\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR.
 If a certificate has already been set and the private does not belong
 to the certificate an error is returned. To change a certificate, private
-key pair the new certificate needs to be set with \fISSL_use_certificate()\fR
-or \fISSL_CTX_use_certificate()\fR before setting the private key with
-\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR.
+key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR
+or \fBSSL_CTX_use_certificate()\fR before setting the private key with
+\&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR.
 .PP
-\&\fISSL_CTX_use_cert_and_key()\fR and \fISSL_use_cert_and_key()\fR assign the X.509
+\&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509
 certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the
 corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private
 key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then
@@ -232,48 +236,48 @@ interface) that stores the private key securely, such that it cannot be
 accessed by OpenSSL. The reference count of the public key is incremented
 (twice if there is no private key); it is not copied nor duplicated. This
 allows all private key validations checks to succeed without an actual
-private key being assigned via \fISSL_CTX_use_PrivateKey()\fR, etc.
+private key being assigned via \fBSSL_CTX_use_PrivateKey()\fR, etc.
 .PP
-\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR
+\&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR
 stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR.
-\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0
+\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0
 stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR.
-\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private
+\&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private
 key to \fBssl\fR.
 .PP
-\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in
+\&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in
 \&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified
 from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0
-\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in
-\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found
-in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private
+\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in
+\&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found
+in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private
 \&\s-1RSA\s0 key found to \fBssl\fR.
 .PP
-\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with
+\&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with
 the corresponding certificate loaded into \fBctx\fR. If more than one
 key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will
 be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0
-key/certificate pair will be checked. \fISSL_check_private_key()\fR performs
+key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs
 the same check for \fBssl\fR. If no key/certificate was explicitly added for
 this \fBssl\fR, the last item added into \fBctx\fR will be checked.
 .SH "NOTES"
 .IX Header "NOTES"
 The internal certificate store of OpenSSL can hold several private
 key/certificate pairs at a time. The certificate used depends on the
-cipher selected, see also \fISSL_CTX_set_cipher_list\fR\|(3).
+cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3).
 .PP
 When reading certificates and private keys from file, files of type
 \&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
 one certificate or private key, consequently
-\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting.
+\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting.
 Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item.
 .PP
-\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found
+\&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found
 in the file to the certificate store. The other certificates are added
-to the store of chain certificates using \fISSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single
+to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single
 certificate chain store for all certificate types, OpenSSL 1.0.2 and later
-have a separate chain store for each type. \fISSL_CTX_use_certificate_chain_file()\fR
-should be used instead of the \fISSL_CTX_use_certificate_file()\fR function in order
+have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR
+should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order
 to allow the use of complete certificate chains even when no trusted \s-1CA\s0
 storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to
 the trusted \s-1CA\s0 storage.
@@ -281,12 +285,12 @@ the trusted \s-1CA\s0 storage.
 If additional certificates are needed to complete the chain during the
 \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the
 locations of trusted \s-1CA\s0 certificates, see
-\&\fISSL_CTX_load_verify_locations\fR\|(3).
+\&\fBSSL_CTX_load_verify_locations\fR\|(3).
 .PP
 The private keys loaded from file can be encrypted. In order to successfully
 load encrypted keys, a function returning the passphrase must have been
 supplied, see
-\&\fISSL_CTX_set_default_passwd_cb\fR\|(3).
+\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3).
 (Certificate files might be encrypted as well from the technical point
 of view, it however does not make sense as the data in the certificate
 is considered public anyway.)
@@ -294,8 +298,8 @@ is considered public anyway.)
 All of the functions to set a new certificate will replace any existing
 certificate of the same type that has already been set. Similarly all of the
 functions to set a new private key will replace any private key that has already
-been set. Applications should call \fISSL_CTX_check_private_key\fR\|(3) or
-\&\fISSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and
+been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or
+\&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and
 private key to confirm that the certificate and key match.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -303,13 +307,13 @@ On success, the functions return 1.
 Otherwise check out the error stack to find out the reason.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3),
-\&\fISSL_CTX_load_verify_locations\fR\|(3),
-\&\fISSL_CTX_set_default_passwd_cb\fR\|(3),
-\&\fISSL_CTX_set_cipher_list\fR\|(3),
-\&\fISSL_CTX_set_client_CA_list\fR\|(3),
-\&\fISSL_CTX_set_client_cert_cb\fR\|(3),
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3),
+\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3),
+\&\fBSSL_CTX_set_cipher_list\fR\|(3),
+\&\fBSSL_CTX_set_client_CA_list\fR\|(3),
+\&\fBSSL_CTX_set_client_cert_cb\fR\|(3),
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
index 1b9cf02b8ca46..3fa1aaf8e7477 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3"
-.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,15 +169,15 @@ SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_h
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 A client application wishing to use TLSv1.3 PSKs should set a callback
-using either \fISSL_CTX_set_psk_use_session_callback()\fR or
-\&\fISSL_set_psk_use_session_callback()\fR as appropriate.
+using either \fBSSL_CTX_set_psk_use_session_callback()\fR or
+\&\fBSSL_set_psk_use_session_callback()\fR as appropriate.
 .PP
 The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and
 an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function
 should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it
 in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key,
 the ciphersuite and the protocol version. See
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) for details.
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details.
 .PP
 It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this
 case no \s-1PSK\s0 will be used but the handshake will continue. To do this the
@@ -181,9 +185,9 @@ callback should return successfully and ensure that \fB*sess\fR is
 \&\s-1NULL.\s0
 .PP
 Identity hints are not relevant for TLSv1.3. A server application wishing to use
-\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fISSL_CTX_use_psk_identity_hint()\fR
+\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR
 to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context
-object \fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
+object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
 identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is
 \&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted.
 .PP
@@ -195,27 +199,27 @@ callback function which is called when the server receives the
 ClientKeyExchange message from the client. The purpose of the callback function
 is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used
 during the connection setup phase. The callback is set using the functions
-\&\fISSL_CTX_set_psk_server_callback()\fR or \fISSL_set_psk_server_callback()\fR. The callback
+\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback
 function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
 identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of
 length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored.
 .PP
 The callback for use in TLSv1.2 will also work in TLSv1.3 although it is
-recommended to use \fISSL_CTX_set_psk_find_session_callback()\fR
-or \fISSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has
+recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR
+or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has
 been negotiated then OpenSSL will first check to see if a callback has been set
-via \fISSL_CTX_set_psk_find_session_callback()\fR or \fISSL_set_psk_find_session_callback()\fR
+via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR
 and it will use that in preference. If no such callback is present then it will
-check to see if a callback has been set via \fISSL_CTX_set_psk_server_callback()\fR or
-\&\fISSL_set_psk_server_callback()\fR and use that. In this case the handshake digest
+check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or
+\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest
 will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0
 .SH "NOTES"
 .IX Header "NOTES"
 A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption
-has occurred so that \fISSL_session_reused\fR\|(3) will return true.
+has occurred so that \fBSSL_session_reused\fR\|(3) will return true.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fB\f(BISSL_CTX_use_psk_identity_hint()\fB\fR and \fB\f(BISSL_use_psk_identity_hint()\fB\fR return
+\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return
 1 on success, 0 otherwise.
 .PP
 Return values from the TLSv1.2 and below server callback are interpreted as
@@ -249,11 +253,11 @@ ensure safety from cross-protocol related output by not reusing PSKs between
 \&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3),
-\&\fISSL_set_psk_use_session_callback\fR\|(3)
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3),
+\&\fBSSL_set_psk_use_session_callback\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_CTX_set_psk_find_session_callback()\fR and \fISSL_set_psk_find_session_callback()\fR
+\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR
 were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
index bcc2cb52b3124..f1d37260ca245 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_USE_SERVERINFO 3"
-.TH SSL_CTX_USE_SERVERINFO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_USE_SERVERINFO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,14 +160,14 @@ These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL
 \&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello
 Extension.
 .PP
-\&\fISSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from
+\&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from
 a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the
 byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR.
 .PP
 If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must
 consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then
 length bytes of extension_data. The context and type values have the same
-meaning as for \fISSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for
+meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for
 extensions to be added to a Certificate message, then the extension will only
 be added for the first certificate in the message (which is always the
 end-entity certificate).
@@ -171,7 +175,7 @@ end-entity certificate).
 If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must
 consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of
 extension_data. The type value has the same meaning as for
-\&\fISSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used
+\&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used
 in this case:
 .PP
 .Vb 2
@@ -179,23 +183,23 @@ in this case:
 \& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
 .Ve
 .PP
-\&\fISSL_CTX_use_serverinfo()\fR does the same thing as \fISSL_CTX_use_serverinfo_ex()\fR
+\&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR
 except that there is no \fBversion\fR parameter so a default version of
 \&\s-1SSL_SERVERINFOV1\s0 is used instead.
 .PP
-\&\fISSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from
+\&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from
 \&\fBfile\fR into \fBctx\fR.  The extensions must be in \s-1PEM\s0 format.  Each extension
-must be in a format as described above for \fISSL_CTX_use_serverinfo_ex()\fR.  Each
+must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR.  Each
 \&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for
 \&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data.
 .PP
 If more than one certificate (\s-1RSA/DSA\s0) is installed using
-\&\fISSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the
+\&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the
 last certificate installed.  If e.g. the last item was a \s-1RSA\s0 certificate, the
 loaded serverinfo extension data will be loaded for that certificate.  To
 use the serverinfo extension for multiple certificates,
-\&\fISSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR
-each time a certificate is loaded via a call to \fISSL_CTX_use_certificate()\fR.
+\&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR
+each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 On success, the functions return 1.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/SSL_SESSION_free.3
index 31597ad8ac190..b69b24a970daa 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_free.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_FREE 3"
-.TH SSL_SESSION_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,16 +152,16 @@ SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to
+\&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to
 it.
 .PP
-\&\fISSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR
+\&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR
 and returns a pointer to it.
 .PP
-\&\fISSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0
+\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0
 structure.
 .PP
-\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes
+\&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes
 the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated
 memory, if the reference count has reached 0.
 If \fBsession\fR is \s-1NULL\s0 nothing is done.
@@ -165,7 +169,7 @@ If \fBsession\fR is \s-1NULL\s0 nothing is done.
 .IX Header "NOTES"
 \&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation
 is successfully completed. Depending on the settings, see
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
 the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and
 linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object;
 as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0
@@ -176,13 +180,13 @@ dangling pointers. These failures may also appear delayed, e.g.
 when an \s-1SSL_SESSION\s0 object was completely freed as the reference count
 incorrectly became 0, but it is still referenced in the internal
 session cache and the cache list is processed during a
-\&\fISSL_CTX_flush_sessions\fR\|(3) operation.
+\&\fBSSL_CTX_flush_sessions\fR\|(3) operation.
 .PP
-\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for
+\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for
 which the reference count was explicitly incremented (e.g.
-by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3))
+by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3))
 or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake
-operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3).
+operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3).
 It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause
 incorrect reference counts and therefore program failures.
 .SH "RETURN VALUES"
@@ -193,13 +197,13 @@ or \s-1NULL\s0 on error.
 SSL_SESSION_up_ref returns 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_session\fR\|(3),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
-\&\fISSL_CTX_flush_sessions\fR\|(3),
-\&\fId2i_SSL_SESSION\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_get_session\fR\|(3),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_CTX_flush_sessions\fR\|(3),
+\&\fBd2i_SSL_SESSION\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_SESSION_dup()\fR was added in OpenSSL 1.1.1.
+The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
index 9d797c91cd913..08a826053340a 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET0_CIPHER 3"
-.TH SSL_SESSION_GET0_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET0_CIPHER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,33 +150,33 @@ SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL ci
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the
+\&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the
 connection when the session was created, or \s-1NULL\s0 if it cannot be determined.
 .PP
 The value returned is a pointer to an object maintained within \fBs\fR and
 should not be released.
 .PP
-\&\fISSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the
+\&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the
 \&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a
-session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)).
+session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0
+\&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0
 or \s-1NULL\s0 if it cannot be determined.
 .PP
-\&\fISSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure.
+\&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fId2i_SSL_SESSION\fR\|(3),
-\&\fISSL_SESSION_get_time\fR\|(3),
-\&\fISSL_SESSION_get0_hostname\fR\|(3),
-\&\fISSL_SESSION_free\fR\|(3),
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBd2i_SSL_SESSION\fR\|(3),
+\&\fBSSL_SESSION_get_time\fR\|(3),
+\&\fBSSL_SESSION_get0_hostname\fR\|(3),
+\&\fBSSL_SESSION_free\fR\|(3),
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_SESSION_get0_cipher()\fR was first added to OpenSSL 1.1.0.
-\&\fISSL_SESSION_set_cipher()\fR was first added to OpenSSL 1.1.1.
+The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0.
+The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
index a0bbae80a3ffd..e6a70c264d36f 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET0_HOSTNAME 3"
-.TH SSL_SESSION_GET0_HOSTNAME 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET0_HOSTNAME 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,41 +156,41 @@ SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_sele
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the
+\&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the
 client when the session was created, or \s-1NULL\s0 if no value was sent.
 .PP
 The value returned is a pointer to memory maintained within \fBs\fR and
 should not be free'd.
 .PP
-\&\fISSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of
+\&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of
 the string provided in hostname.
 .PP
-\&\fISSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this
+\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this
 session and its associated length in bytes. The returned value of \fB*alpn\fR is a
 pointer to memory maintained within \fBs\fR and should not be free'd.
 .PP
-\&\fISSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the
+\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the
 value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input
 value is made, and the caller retains ownership of the memory pointed to by
 \&\fBalpn\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there
+\&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there
 is the \s-1SNI\s0 value sent by client.
 .PP
-\&\fISSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error.
+\&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error.
 .PP
-\&\fISSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error.
+\&\fBSSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fId2i_SSL_SESSION\fR\|(3),
-\&\fISSL_SESSION_get_time\fR\|(3),
-\&\fISSL_SESSION_free\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBd2i_SSL_SESSION\fR\|(3),
+\&\fBSSL_SESSION_get_time\fR\|(3),
+\&\fBSSL_SESSION_free\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_SESSION_set1_hostname()\fR, \fISSL_SESSION_get0_alpn_selected()\fR and
-\&\fISSL_SESSION_set1_alpn_selected()\fR were added in OpenSSL 1.1.1.
+The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and
+\&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
index debcc119b3c53..8ca89c6106114 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET0_ID_CONTEXT 3"
-.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,29 +152,29 @@ SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SS
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-See \fISSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0
+See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0
 contexts.
 .PP
-\&\fISSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with
+\&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with
 the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to
 \&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0
 .PP
 The value returned is a pointer to an object maintained within \fBs\fR and
 should not be released.
 .PP
-\&\fISSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in
+\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in
 \&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context
 is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error.
+\&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_set_session_id_context\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_set_session_id_context\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_SESSION_get0_id_context()\fR was first added to OpenSSL 1.1.0
+The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
index c65ad11e6c486..e7c0491807834 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET0_PEER 3"
-.TH SSL_SESSION_GET0_PEER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET0_PEER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,16 +149,16 @@ SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session
+\&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session
 \&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the
-returned value (unless \fIX509_up_ref\fR\|(3) has also been called).
+returned value (unless \fBX509_up_ref\fR\|(3) has also been called).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if
+\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if
 no peer certificate is available.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
index b64c4ca3d6b93..fdec546722592 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET_COMPRESS_ID 3"
-.TH SSL_SESSION_GET_COMPRESS_ID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET_COMPRESS_ID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,16 +150,16 @@ SSL_SESSION_get_compress_id \&\- get details about the compression associated wi
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 If compression has been negotiated for an ssl session then
-\&\fISSL_SESSION_get_compress_id()\fR will return the id for the compression method or
+\&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or
 0 otherwise. The only built-in supported compression method is zlib which has an
 id of 1.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if
+\&\fBSSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if
 none.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
index 1096d9a4d220d..92ef07ebd2714 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET_EX_DATA 3"
-.TH SSL_SESSION_GET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET_EX_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,23 +150,23 @@ SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application sp
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application
+\&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application
 specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should
-be a value previously returned from a call to \fICRYPTO_get_ex_new_index\fR\|(3).
+be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3).
 .PP
-\&\fISSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored
+\&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored
 in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that
 used when originally storing the data.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure.
+\&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure.
 .PP
-\&\fISSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on
+\&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on
 failure. \s-1NULL\s0 may also be a valid value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fICRYPTO_get_ex_new_index\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBCRYPTO_get_ex_new_index\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
index 91f24a1cd651c..9af52188a15e0 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3"
-.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,31 +150,31 @@ SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_get_protocol_version()\fR returns the protocol version number used
+\&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used
 by session \fBs\fR.
 .PP
-\&\fISSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the
+\&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the
 \&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version
 constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set
-up a session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)).
+up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol
+\&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol
 version used for the session; this number matches the constants \fIe.g.\fR
 \&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR.
 .PP
-Note that the \fISSL_SESSION_get_protocol_version()\fR function
+Note that the \fBSSL_SESSION_get_protocol_version()\fR function
 does \fBnot\fR perform a null check on the provided session \fBs\fR pointer.
 .PP
-\&\fISSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure.
+\&\fBSSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_SESSION_get_protocol_version()\fR was first added to OpenSSL 1.1.0.
-\&\fISSL_SESSION_set_protocol_version()\fR was first added to OpenSSL 1.1.1.
+The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0.
+The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
index 945efdf26ae9b..4fc9bd4478f9a 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_GET_TIME 3"
-.TH SSL_SESSION_GET_TIME 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_GET_TIME 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,43 +157,43 @@ SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was
+\&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was
 established. The time is given in seconds since the Epoch and therefore
-compatible to the time delivered by the \fItime()\fR call.
+compatible to the time delivered by the \fBtime()\fR call.
 .PP
-\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with
+\&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with
 the chosen value \fBtm\fR.
 .PP
-\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR
+\&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR
 in seconds.
 .PP
-\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds
+\&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds
 to \fBtm\fR.
 .PP
-The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR
+The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR
 functions are synonyms for the SSL_SESSION_*() counterparts.
 .SH "NOTES"
 .IX Header "NOTES"
 Sessions are expired by examining the creation time and the timeout value.
 Both are set at creation time of the session to the actual time and the
 default timeout value at creation, respectively, as set by
-\&\fISSL_CTX_set_timeout\fR\|(3).
+\&\fBSSL_CTX_set_timeout\fR\|(3).
 Using these functions it is possible to extend or shorten the lifetime
 of the session.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently
+\&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently
 valid values.
 .PP
-\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success.
+\&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success.
 .PP
 If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR,
 0 is returned.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_timeout\fR\|(3),
-\&\fISSL_get_default_timeout\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_timeout\fR\|(3),
+\&\fBSSL_get_default_timeout\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 b/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
index 43c4eb014ab2b..cb1d930e12199 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_HAS_TICKET 3"
-.TH SSL_SESSION_HAS_TICKET 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_HAS_TICKET 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,7 +152,7 @@ SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with
+\&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with
 this session, and 0 otherwise.
 .PP
 SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds
@@ -158,22 +162,22 @@ SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a
 session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non
 \&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only
 valid while the connection is in use. The session (and hence the ticket pointer)
-may also become invalid as a result of a call to \fISSL_CTX_flush_sessions()\fR.
+may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise.
+\&\fBSSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise.
 .PP
-\&\fISSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds.
+\&\fBSSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fId2i_SSL_SESSION\fR\|(3),
-\&\fISSL_SESSION_get_time\fR\|(3),
-\&\fISSL_SESSION_free\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBd2i_SSL_SESSION\fR\|(3),
+\&\fBSSL_SESSION_get_time\fR\|(3),
+\&\fBSSL_SESSION_free\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and
-SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0.
+The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR
+and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 b/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
index 73b1b705cd337..4d85589567eeb 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_IS_RESUMABLE 3"
-.TH SSL_SESSION_IS_RESUMABLE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_IS_RESUMABLE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,21 +149,21 @@ SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be use
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used
+\&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used
 to resume a session or not. Returns 1 if it can or 0 if not. Note that
 attempting to resume with a non-resumable session will result in a full
 handshake.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise.
+\&\fBSSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_get_session\fR\|(3),
-\&\fISSL_CTX_sess_set_new_cb\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_get_session\fR\|(3),
+\&\fBSSL_CTX_sess_set_new_cb\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_SESSION_is_resumable()\fR was first added to OpenSSL 1.1.1
+The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_print.3 b/secure/lib/libcrypto/man/SSL_SESSION_print.3
index 86b328b5db2f7..3f4d69ca0279a 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_print.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_print.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_PRINT 3"
-.TH SSL_SESSION_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_PRINT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,21 +151,21 @@ SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf in
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_print()\fR prints summary information about the session provided in
+\&\fBSSL_SESSION_print()\fR prints summary information about the session provided in
 \&\fBses\fR to the \s-1BIO\s0 \fBfp\fR.
 .PP
-\&\fISSL_SESSION_print_fp()\fR does the same as \fISSL_SESSION_print()\fR except it prints it
+\&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it
 to the \s-1FILE\s0 \fBfp\fR.
 .PP
-\&\fISSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 <bp>
+\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 <bp>
 in \s-1NSS\s0 keylog format.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_print()\fR, \fISSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return
+\&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return
 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
index 48ea91dd9b3f9..8bff5855022a7 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_SET1_ID 3"
-.TH SSL_SESSION_SET1_ID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_SET1_ID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,23 +152,23 @@ SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the
+\&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the
 session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may
 be 0. The caller should not free the returned pointer directly.
 .PP
-\&\fISSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session
+\&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session
 to \fBsid\fR of length \fBsid_len\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_get_id()\fR returns a pointer to the session id value.
-\&\fISSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example
+\&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value.
+\&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example
 if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_SESSION_set1_id()\fR was first added to OpenSSL 1.1.0
+The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libcrypto/man/SSL_accept.3
index eba67d00b4cd1..b867aaa5c8459 100644
--- a/secure/lib/libcrypto/man/SSL_accept.3
+++ b/secure/lib/libcrypto/man/SSL_accept.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_ACCEPT 3"
-.TH SSL_ACCEPT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_ACCEPT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,25 +149,25 @@ SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake.
+\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake.
 The communication channel must already have been set and assigned to the
 \&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO.\s0
+The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0
 .PP
-If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the
 handshake has been finished or an error occurred.
 .PP
-If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return
-when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR
 to continue the handshake, indicating the problem by the return value \-1.
-In this case a call to \fISSL_get_error()\fR with the
-return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+In this case a call to \fBSSL_get_error()\fR with the
+return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
 \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of \fISSL_accept()\fR.
+taking appropriate action to satisfy the needs of \fBSSL_accept()\fR.
 The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
-nothing is to be done, but \fIselect()\fR can be used to check for the required
+nothing is to be done, but \fBselect()\fR can be used to check for the required
 condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
 into or retrieved out of the \s-1BIO\s0 before being able to continue.
 .SH "RETURN VALUES"
@@ -171,7 +175,7 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue.
 The following return values can occur:
 .IP "0" 4
 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and
-by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the
+by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the
 return value \fBret\fR to find out the reason.
 .IP "1" 4
 .IX Item "1"
@@ -182,15 +186,15 @@ established.
 The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
 not clean. It can also occur of action is need to continue the operation
-for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR
+for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR
 to find out the reason.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
-\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7),
-\&\fISSL_set_connect_state\fR\|(3),
-\&\fISSL_do_handshake\fR\|(3),
-\&\fISSL_CTX_new\fR\|(3)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3),
+\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7),
+\&\fBSSL_set_connect_state\fR\|(3),
+\&\fBSSL_do_handshake\fR\|(3),
+\&\fBSSL_CTX_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/SSL_alert_type_string.3
index 044ebedbe7fb8..195b0a52005e8 100644
--- a/secure/lib/libcrypto/man/SSL_alert_type_string.3
+++ b/secure/lib/libcrypto/man/SSL_alert_type_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_ALERT_TYPE_STRING 3"
-.TH SSL_ALERT_TYPE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_ALERT_TYPE_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,16 +153,16 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_alert_type_string()\fR returns a one letter string indicating the
+\&\fBSSL_alert_type_string()\fR returns a one letter string indicating the
 type of the alert specified by \fBvalue\fR.
 .PP
-\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert
+\&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert
 specified by \fBvalue\fR.
 .PP
-\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form
+\&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form
 describing the reason of the alert specified by \fBvalue\fR.
 .PP
-\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason
+\&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason
 of the alert specified by \fBvalue\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -179,8 +183,8 @@ Several alert messages must be sent as fatal alert messages as specified
 by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The following strings can occur for \fISSL_alert_type_string()\fR or
-\&\fISSL_alert_type_string_long()\fR:
+The following strings can occur for \fBSSL_alert_type_string()\fR or
+\&\fBSSL_alert_type_string_long()\fR:
 .ie n .IP """W""/""warning""" 4
 .el .IP "``W''/``warning''" 4
 .IX Item "W/warning"
@@ -195,8 +199,8 @@ The following strings can occur for \fISSL_alert_type_string()\fR or
 This indicates that no support is available for this alert type.
 Probably \fBvalue\fR does not contain a correct alert message.
 .PP
-The following strings can occur for \fISSL_alert_desc_string()\fR or
-\&\fISSL_alert_desc_string_long()\fR:
+The following strings can occur for \fBSSL_alert_desc_string()\fR or
+\&\fBSSL_alert_desc_string_long()\fR:
 .ie n .IP """\s-1CN""/\s0""close notify""" 4
 .el .IP "``\s-1CN''/\s0``close notify''" 4
 .IX Item "CN/close notify"
@@ -354,7 +358,7 @@ This indicates that no description is available for this alert type.
 Probably \fBvalue\fR does not contain a correct alert message.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_alloc_buffers.3 b/secure/lib/libcrypto/man/SSL_alloc_buffers.3
index ba739434c2f85..bcd5f1ac5d34d 100644
--- a/secure/lib/libcrypto/man/SSL_alloc_buffers.3
+++ b/secure/lib/libcrypto/man/SSL_alloc_buffers.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_ALLOC_BUFFERS 3"
-.TH SSL_ALLOC_BUFFERS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_ALLOC_BUFFERS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,38 +150,38 @@ SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR.
-\&\fISSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR.
+\&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR.
+\&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR.
 .PP
 The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever
 the buffers have been drained. These functions allow applications to manually
 control when buffers are freed and allocated.
 .PP
 After freeing the buffers, the buffers are automatically reallocated upon a
-new read or write. The \fISSL_alloc_buffers()\fR does not need to be called, but
+new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but
 can be used to make sure the buffers are pre-allocated. This can be used to
-avoid allocation during data processing or with \fICRYPTO_set_mem_functions()\fR
+avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR
 to control where and how buffers are allocated.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The following return values can occur:
 .IP "0 (Failure)" 4
 .IX Item "0 (Failure)"
-The \fISSL_free_buffers()\fR function returns 0 when there is pending data to be
-read or written. The \fISSL_alloc_buffers()\fR function returns 0 when there is
+The \fBSSL_free_buffers()\fR function returns 0 when there is pending data to be
+read or written. The \fBSSL_alloc_buffers()\fR function returns 0 when there is
 an allocation failure.
 .IP "1 (Success)" 4
 .IX Item "1 (Success)"
-The \fISSL_free_buffers()\fR function returns 1 if the buffers have been freed. This
+The \fBSSL_free_buffers()\fR function returns 1 if the buffers have been freed. This
 value is also returned if the buffers had been freed before calling
-\&\fISSL_free_buffers()\fR.
-The \fISSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated.
+\&\fBSSL_free_buffers()\fR.
+The \fBSSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated.
 This value is also returned if the buffers had been allocated before calling
-\&\fISSL_alloc_buffers()\fR.
+\&\fBSSL_alloc_buffers()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3),
-\&\fISSL_new\fR\|(3), \fISSL_CTX_set_mode\fR\|(3),
+\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3),
+\&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3),
 CRYPTO_set_mem_functions
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/SSL_check_chain.3 b/secure/lib/libcrypto/man/SSL_check_chain.3
index 7af0e5fe22757..ed1a4ac26d95b 100644
--- a/secure/lib/libcrypto/man/SSL_check_chain.3
+++ b/secure/lib/libcrypto/man/SSL_check_chain.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CHECK_CHAIN 3"
-.TH SSL_CHECK_CHAIN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CHECK_CHAIN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,12 +149,12 @@ SSL_check_chain \- check certificate chain suitability
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and
+\&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and
 certificate chain \fBchain\fR is suitable for use with the current session
 \&\fBs\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_check_chain()\fR returns a bitmap of flags indicating the validity of the
+\&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the
 chain.
 .PP
 \&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session.
@@ -184,7 +188,7 @@ for client authentication.
 \&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_check_chain()\fR must be called in servers after a client hello message or in
+\&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in
 clients after a certificate request message. It will typically be called
 in the certificate callback.
 .PP
@@ -209,8 +213,8 @@ be very useful. Applications may wish to specify a different \*(L"legacy\*(R" ch
 for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_set_cert_cb\fR\|(3),
-\&\fIssl\fR\|(7)
+\&\fBSSL_CTX_set_cert_cb\fR\|(3),
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libcrypto/man/SSL_clear.3
index 20490576a99b5..48e69a902e3c2 100644
--- a/secure/lib/libcrypto/man/SSL_clear.3
+++ b/secure/lib/libcrypto/man/SSL_clear.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CLEAR 3"
-.TH SSL_CLEAR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CLEAR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,8 +157,8 @@ SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While al
 settings are kept, a side effect is the handling of the current \s-1SSL\s0 session.
 If a session is still \fBopen\fR, it is considered bad and will be removed
 from the session cache, as required by \s-1RFC2246. A\s0 session is considered open,
-if \fISSL_shutdown\fR\|(3) was not called for the connection
-or at least \fISSL_set_shutdown\fR\|(3) was used to
+if \fBSSL_shutdown\fR\|(3) was not called for the connection
+or at least \fBSSL_set_shutdown\fR\|(3) was used to
 set the \s-1SSL_SENT_SHUTDOWN\s0 state.
 .PP
 If a session was closed cleanly, the session object will be kept and all
@@ -163,37 +167,37 @@ used during the session will be kept for the next handshake. So if the
 session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client
 method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1
 server method, even if TLS_*_methods were chosen on startup. This
-will might lead to connection failures (see \fISSL_new\fR\|(3))
+will might lead to connection failures (see \fBSSL_new\fR\|(3))
 for a description of the method's properties.
 .SH "WARNINGS"
 .IX Header "WARNINGS"
-\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The
+\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The
 reset operation however keeps several settings of the last sessions
 (some of these settings were made automatically during the last
 handshake). It only makes sense for a new connection with the exact
 same peer that shares these settings, and may fail if that peer
 changes its settings between connections. Use the sequence
-\&\fISSL_get_session\fR\|(3);
-\&\fISSL_new\fR\|(3);
-\&\fISSL_set_session\fR\|(3);
-\&\fISSL_free\fR\|(3)
+\&\fBSSL_get_session\fR\|(3);
+\&\fBSSL_new\fR\|(3);
+\&\fBSSL_set_session\fR\|(3);
+\&\fBSSL_free\fR\|(3)
 instead to avoid such failures
-(or simply \fISSL_free\fR\|(3); \fISSL_new\fR\|(3)
+(or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3)
 if session reuse is not desired).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The following return values can occur:
 .IP "0" 4
-The \fISSL_clear()\fR operation could not be performed. Check the error stack to
+The \fBSSL_clear()\fR operation could not be performed. Check the error stack to
 find out the reason.
 .IP "1" 4
 .IX Item "1"
-The \fISSL_clear()\fR operation was successful.
+The \fBSSL_clear()\fR operation was successful.
 .PP
-\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3),
-\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3),
-\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(7),
-\&\fISSL_CTX_set_client_cert_cb\fR\|(3)
+\&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3),
+\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3),
+\&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7),
+\&\fBSSL_CTX_set_client_cert_cb\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libcrypto/man/SSL_connect.3
index e195b15c2333a..355b6f56000b8 100644
--- a/secure/lib/libcrypto/man/SSL_connect.3
+++ b/secure/lib/libcrypto/man/SSL_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CONNECT 3"
-.TH SSL_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CONNECT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,25 +149,25 @@ SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication
+\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication
 channel must already have been set and assigned to the \fBssl\fR by setting an
 underlying \fB\s-1BIO\s0\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO.\s0
+The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0
 .PP
-If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the
 handshake has been finished or an error occurred.
 .PP
-If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return
-when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR
 to continue the handshake, indicating the problem by the return value \-1.
-In this case a call to \fISSL_get_error()\fR with the
-return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+In this case a call to \fBSSL_get_error()\fR with the
+return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
 \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of \fISSL_connect()\fR.
+taking appropriate action to satisfy the needs of \fBSSL_connect()\fR.
 The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
-nothing is to be done, but \fIselect()\fR can be used to check for the required
+nothing is to be done, but \fBselect()\fR can be used to check for the required
 condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
 into or retrieved out of the \s-1BIO\s0 before being able to continue.
 .PP
@@ -179,14 +183,14 @@ been received for the final handshake message.
 The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's
 algorithm. If an application opts to disable Nagle's algorithm consideration
 should be given to turning it back on again later if appropriate. The helper
-function \fIBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR
+function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR
 option.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The following return values can occur:
 .IP "0" 4
 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and
-by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the
+by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the
 return value \fBret\fR to find out the reason.
 .IP "1" 4
 .IX Item "1"
@@ -197,15 +201,15 @@ established.
 The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
 not clean. It can also occur of action is need to continue the operation
-for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR
+for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR
 to find out the reason.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3),
-\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7),
-\&\fISSL_set_connect_state\fR\|(3),
-\&\fISSL_do_handshake\fR\|(3),
-\&\fISSL_CTX_new\fR\|(3)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3),
+\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7),
+\&\fBSSL_set_connect_state\fR\|(3),
+\&\fBSSL_do_handshake\fR\|(3),
+\&\fBSSL_CTX_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libcrypto/man/SSL_do_handshake.3
index 7a33c1b866eee..21d3c1a16bdf0 100644
--- a/secure/lib/libcrypto/man/SSL_do_handshake.3
+++ b/secure/lib/libcrypto/man/SSL_do_handshake.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_DO_HANDSHAKE 3"
-.TH SSL_DO_HANDSHAKE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_DO_HANDSHAKE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,26 +149,26 @@ SSL_do_handshake \- perform a TLS/SSL handshake
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the
+\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the
 connection is in client mode, the handshake will be started. The handshake
 routines may have to be explicitly set in advance using either
-\&\fISSL_set_connect_state\fR\|(3) or
-\&\fISSL_set_accept_state\fR\|(3).
+\&\fBSSL_set_connect_state\fR\|(3) or
+\&\fBSSL_set_accept_state\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
-The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0
+The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0
 .PP
-If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return
 once the handshake has been finished or an error occurred.
 .PP
-If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return
-when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR
-to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
-return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR
+to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the
+return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
 \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR.
+taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR.
 The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
-nothing is to be done, but \fIselect()\fR can be used to check for the required
+nothing is to be done, but \fBselect()\fR can be used to check for the required
 condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
 into or retrieved out of the \s-1BIO\s0 before being able to continue.
 .SH "RETURN VALUES"
@@ -172,7 +176,7 @@ into or retrieved out of the \s-1BIO\s0 before being able to continue.
 The following return values can occur:
 .IP "0" 4
 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and
-by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the
+by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the
 return value \fBret\fR to find out the reason.
 .IP "1" 4
 .IX Item "1"
@@ -183,13 +187,13 @@ established.
 The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
 not clean. It can also occur of action is need to continue the operation
-for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR
+for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR
 to find out the reason.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
-\&\fISSL_accept\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7),
-\&\fISSL_set_connect_state\fR\|(3)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3),
+\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7),
+\&\fBSSL_set_connect_state\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_export_keying_material.3 b/secure/lib/libcrypto/man/SSL_export_keying_material.3
index c6735b133b47d..1a544d0861b59 100644
--- a/secure/lib/libcrypto/man/SSL_export_keying_material.3
+++ b/secure/lib/libcrypto/man/SSL_export_keying_material.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_EXPORT_KEYING_MATERIAL 3"
-.TH SSL_EXPORT_KEYING_MATERIAL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_EXPORT_KEYING_MATERIAL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,14 +159,14 @@ SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying
 .IX Header "DESCRIPTION"
 During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is
 established between the two endpoints. The functions
-\&\fISSL_export_keying_material()\fR and \fISSL_export_keying_material_early()\fR enable an
+\&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an
 application to use some of this keying material for its own purposes in
 accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3).
 .PP
-\&\fISSL_export_keying_material()\fR derives keying material using
+\&\fBSSL_export_keying_material()\fR derives keying material using
 the \fIexporter_master_secret\fR established in the handshake.
 .PP
-\&\fISSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives
+\&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives
 keying material using the \fIearly_exporter_master_secret\fR (as defined in the
 \&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only
 available when the client attempts to send 0\-RTT data. For the server, it is
@@ -190,18 +194,19 @@ An application specific label should be provided in the location pointed to by
 the \s-1IANA\s0 Exporter Label Registry
 (<https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#exporter\-labels>).
 Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard
-to be used without registration.
+to be used without registration. TLSv1.3 imposes a maximum label length of
+249 bytes.
 .PP
 Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
 above. Attempting to use it in SSLv3 will result in an error.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success.
+\&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success.
 .PP
-\&\fISSL_export_keying_material_early()\fR returns 0 on failure or 1 on success.
+\&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_export_keying_material_early()\fR was first added in OpenSSL 1.1.1.
+The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_extension_supported.3 b/secure/lib/libcrypto/man/SSL_extension_supported.3
index d9c24bee58807..dd0e53fcb6192 100644
--- a/secure/lib/libcrypto/man/SSL_extension_supported.3
+++ b/secure/lib/libcrypto/man/SSL_extension_supported.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_EXTENSION_SUPPORTED 3"
-.TH SSL_EXTENSION_SUPPORTED 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_EXTENSION_SUPPORTED 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -198,16 +202,16 @@ SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server
+\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server
 for all supported protocol versions with extension type \fBext_type\fR and
 callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the
 \&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines
 which messages and under what conditions the extension will be added/parsed (see
 the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below).
 .PP
-\&\fISSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client
+\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client
 with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and
-\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it only
+\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only
 applies to clients, uses the older style of callbacks, and implicitly sets the
 \&\fBcontext\fR value to:
 .PP
@@ -216,17 +220,17 @@ applies to clients, uses the older style of callbacks, and implicitly sets the
 \& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
 .Ve
 .PP
-\&\fISSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server
+\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server
 with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and
-\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it
+\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it
 only applies to servers, uses the older style of callbacks, and implicitly sets
-the \fBcontext\fR value to the same as for \fISSL_CTX_add_client_custom_ext()\fR above.
+the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above.
 .PP
 The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of
 \&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be
 handled by OpenSSL internally or an error occurs.
 .PP
-\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled
+\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled
 internally by OpenSSL and 0 otherwise.
 .SH "EXTENSION CALLBACKS"
 .IX Header "EXTENSION CALLBACKS"
@@ -373,18 +377,18 @@ callback is called at most once and that an application can never send
 unsolicited extensions.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_CTX_add_custom_ext()\fR, \fISSL_CTX_add_client_custom_ext()\fR and
-\&\fISSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A
+\&\fBSSL_CTX_add_custom_ext()\fR, \fBSSL_CTX_add_client_custom_ext()\fR and
+\&\fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A
 failure can occur if an attempt is made to add the same \fBext_type\fR more than
 once, if an attempt is made to use an extension type handled internally by
 OpenSSL or if an internal error occurs (for example a memory allocation
 failure).
 .PP
-\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled
+\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled
 internally by OpenSSL and 0 otherwise.
 .SH "HISTORY"
 .IX Header "HISTORY"
-The function \fISSL_CTX_add_custom_ext()\fR was added in OpenSSL 1.1.1.
+The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libcrypto/man/SSL_free.3
index 8daddfba3af20..cf75d95e899ab 100644
--- a/secure/lib/libcrypto/man/SSL_free.3
+++ b/secure/lib/libcrypto/man/SSL_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_FREE 3"
-.TH SSL_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_FREE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,33 +149,33 @@ SSL_free \- free an allocated SSL structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0
+\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0
 structure pointed to by \fBssl\fR and frees up the allocated memory if the
 reference count has reached 0.
 If \fBssl\fR is \s-1NULL\s0 nothing is done.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if
+\&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if
 applicable: the buffering \s-1BIO,\s0 the read and write BIOs,
 cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR.
 Do not explicitly free these indirectly freed up items before or after
-calling \fISSL_free()\fR, as trying to free things twice may lead to program
+calling \fBSSL_free()\fR, as trying to free things twice may lead to program
 failure.
 .PP
 The ssl session has reference counts from two users: the \s-1SSL\s0 object, for
-which the reference count is removed by \fISSL_free()\fR and the internal
+which the reference count is removed by \fBSSL_free()\fR and the internal
 session cache. If the session is considered bad, because
-\&\fISSL_shutdown\fR\|(3) was not called for the connection
-and \fISSL_set_shutdown\fR\|(3) was not used to set the
+\&\fBSSL_shutdown\fR\|(3) was not called for the connection
+and \fBSSL_set_shutdown\fR\|(3) was not used to set the
 \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed
 from the session cache as required by \s-1RFC2246.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_free()\fR does not provide diagnostic information.
+\&\fBSSL_free()\fR does not provide diagnostic information.
 .PP
-\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3),
-\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3),
-\&\fIssl\fR\|(7)
+\&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3),
+\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3),
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 b/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
index 7b41dfc59295f..db93cbae7714f 100644
--- a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
+++ b/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET0_PEER_SCTS 3"
-.TH SSL_GET0_PEER_SCTS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET0_PEER_SCTS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,7 +149,7 @@ SSL_get0_peer_scts \- get SCTs received
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have
+\&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have
 been received. If this is the first time that this function has been called for
 a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and
 the peer's certificate for SCTs. Future calls will return the same SCTs.
@@ -157,11 +161,11 @@ this function is not guaranteed to return all of the SCTs that the peer is
 capable of sending.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs.
+\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_ct_validation_callback\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
index 9f1c2caff40e3..7673a90a8888f 100644
--- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
+++ b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_SSL_CTX 3"
-.TH SSL_GET_SSL_CTX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_SSL_CTX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,14 +149,14 @@ SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which
-\&\fBssl\fR was created with \fISSL_new\fR\|(3).
+\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which
+\&\fBssl\fR was created with \fBSSL_new\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The pointer to the \s-1SSL_CTX\s0 object is returned.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 b/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
index 97851f7d9d3d8..9e6c70f69326d 100644
--- a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
+++ b/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_ALL_ASYNC_FDS 3"
-.TH SSL_GET_ALL_ASYNC_FDS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_ALL_ASYNC_FDS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,17 +153,17 @@ SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- man
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently
+\&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently
 waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in
-\&\fISSL_CTX_set_mode\fR\|(3)).
+\&\fBSSL_CTX_set_mode\fR\|(3)).
 .PP
-\&\fISSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a
-call to \fIselect()\fR or \fIpoll()\fR to determine whether the current asynchronous
+\&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a
+call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous
 operation has completed or not. A completed operation will result in data
 appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read
 from the file descriptor). This function should only be called if the \s-1SSL\s0 object
 is currently waiting for asynchronous work to complete (i.e.
-\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fISSL_get_error\fR\|(3)). Typically the
+\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the
 list will only contain one file descriptor. However if multiple asynchronous
 capable engines are in use then more than one is possible. The number of file
 descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves
@@ -169,20 +173,20 @@ responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typical
 this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once
 without).
 .PP
-\&\fISSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors
+\&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors
 that have been added and a list that have been deleted since the last
 \&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no
-\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fISSL_get_all_async_fds()\fR it
+\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it
 is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have
 sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds
 and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR
 respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting
+\&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting
 for an async operation to complete and 0 otherwise.
 .PP
-\&\fISSL_get_all_async_fds()\fR and \fISSL_get_changed_async_fds()\fR return 1 on success or
+\&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or
 0 on error.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -194,11 +198,11 @@ it is defined as an application developer's responsibility to include
 windows.h prior to async.h.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_CTX_set_mode\fR\|(3)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_waiting_for_async()\fR, \fISSL_get_all_async_fds()\fR and \fISSL_get_changed_async_fds()\fR
-were first added to OpenSSL 1.1.0.
+The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR
+and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/SSL_get_ciphers.3
index 6d2d782ad078d..4f1d6d2a292a6 100644
--- a/secure/lib/libcrypto/man/SSL_get_ciphers.3
+++ b/secure/lib/libcrypto/man/SSL_get_ciphers.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_CIPHERS 3"
-.TH SSL_GET_CIPHERS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_CIPHERS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,13 +157,13 @@ SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR,
+\&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR,
 sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0
 is returned.
 .PP
-\&\fISSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR.
+\&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR.
 .PP
-\&\fISSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for
+\&\fBSSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for
 \&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference).
 The list depends on settings like the cipher list, the supported protocol
 versions, the security level, and the enabled signature algorithms.
@@ -172,11 +176,11 @@ a gap in the list of supported protocols, and some ciphers may not be
 usable by a server if there is not a suitable certificate configured.
 If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned.
 .PP
-\&\fISSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the
+\&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the
 list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are
 available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned.
 .PP
-\&\fISSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR
+\&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR
 as a wire-protocol cipher suite specification (in the three-octet-per-cipher
 SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet
 SSLv3/TLS wire format), and parses the cipher suites supported by the library
@@ -184,12 +188,12 @@ into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-S
 Values scsvs.  Unsupported cipher suites are ignored.  Returns 1 on success
 and 0 on failure.
 .PP
-\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0
+\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0
 listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are
 available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0
 is returned.
 .PP
-\&\fISSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of
+\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of
 \&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is
 the buffer that should be populated with the list of names and \fBsize\fR is the
 size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on
@@ -197,36 +201,36 @@ error. If the supplied buffer is not large enough to contain the complete list
 of names then a truncated list of names will be returned. Note that just because
 a ciphersuite is available (i.e. it is configured in the cipher list) and shared
 by both the client and the server it does not mean that it is enabled (see the
-description of \fISSL_get1_supported_ciphers()\fR above). This function will return
+description of \fBSSL_get1_supported_ciphers()\fR above). This function will return
 available shared ciphersuites whether or not they are enabled. This is a server
 side function only and must only be called after the completion of the initial
 handshake.
 .SH "NOTES"
 .IX Header "NOTES"
-The details of the ciphers obtained by \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR
-\&\fISSL_get1_supported_ciphers()\fR and \fISSL_get_client_ciphers()\fR can be obtained using
-the \fISSL_CIPHER_get_name\fR\|(3) family of functions.
+The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR
+\&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using
+the \fBSSL_CIPHER_get_name\fR\|(3) family of functions.
 .PP
-Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the
+Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the
 sorted list of available ciphers, until \s-1NULL\s0 is returned.
 .PP
-Note: \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR and \fISSL_get_client_ciphers()\fR
+Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR
 return a pointer to an internal cipher stack, which will be freed later on when
 the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed.  Therefore, the calling code \fB\s-1MUST NOT\s0\fR
 free the return value itself.
 .PP
-The stack returned by \fISSL_get1_supported_ciphers()\fR should be freed using
-\&\fIsk_SSL_CIPHER_free()\fR.
+The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using
+\&\fBsk_SSL_CIPHER_free()\fR.
 .PP
-The stacks returned by \fISSL_bytes_to_cipher_list()\fR should be freed using
-\&\fIsk_SSL_CIPHER_free()\fR.
+The stacks returned by \fBSSL_bytes_to_cipher_list()\fR should be freed using
+\&\fBsk_SSL_CIPHER_free()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 See \s-1DESCRIPTION\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3),
-\&\fISSL_CIPHER_get_name\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3),
+\&\fBSSL_CIPHER_get_name\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_client_random.3 b/secure/lib/libcrypto/man/SSL_get_client_random.3
index df66be4a69254..b6ca1a949eca2 100644
--- a/secure/lib/libcrypto/man/SSL_get_client_random.3
+++ b/secure/lib/libcrypto/man/SSL_get_client_random.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_CLIENT_RANDOM 3"
-.TH SSL_GET_CLIENT_RANDOM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_CLIENT_RANDOM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,24 +154,24 @@ SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SE
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_client_random()\fR extracts the random value sent from the client
+\&\fBSSL_get_client_random()\fR extracts the random value sent from the client
 to the server during the initial \s-1SSL/TLS\s0 handshake.  It copies as many
 bytes as it can of this value into the buffer provided in \fBout\fR,
 which must have at least \fBoutlen\fR bytes available. It returns the
 total number of bytes that were actually copied.  If \fBoutlen\fR is
-zero, \fISSL_get_client_random()\fR copies nothing, and returns the
+zero, \fBSSL_get_client_random()\fR copies nothing, and returns the
 total size of the client_random value.
 .PP
-\&\fISSL_get_server_random()\fR behaves the same, but extracts the random value
+\&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value
 sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake.
 .PP
-\&\fISSL_SESSION_get_master_key()\fR behaves the same, but extracts the master
+\&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master
 secret used to guarantee the security of the \s-1SSL/TLS\s0 session.  This one
 can be dangerous if misused; see \s-1NOTES\s0 below.
 .PP
-\&\fISSL_SESSION_set1_master_key()\fR sets the master key value associated with the
+\&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the
 \&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based
-\&\s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length
+\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length
 \&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the
 function, so the caller is responsible for freeing and cleaning any memory
 associated with \fBin\fR. The caller must ensure that the length of the key is
@@ -181,20 +185,20 @@ use in low-level protocols.  You probably should not use them, unless
 you are implementing something that needs access to the internal protocol
 details.
 .PP
-Despite the names of \fISSL_get_client_random()\fR and \fISSL_get_server_random()\fR, they
+Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they
 \&\s-1ARE NOT\s0 random number generators.  Instead, they return the mostly-random values that
 were already generated and used in the \s-1TLS\s0 protocol.  Using them
-in place of \fIRAND_bytes()\fR would be grossly foolish.
+in place of \fBRAND_bytes()\fR would be grossly foolish.
 .PP
 The security of your \s-1TLS\s0 session depends on keeping the master key secret:
 do not expose it, or any information about it, to anybody.
 If you need to calculate another secret value that depends on the master
-secret, you should probably use \fISSL_export_keying_material()\fR instead, and
+secret, you should probably use \fBSSL_export_keying_material()\fR instead, and
 forget that you ever saw these functions.
 .PP
 In current versions of the \s-1TLS\s0 protocols, the length of client_random
 (and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for
-other outlen arguments to the SSL_get_*\fI_random()\fR functions is provided
+other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided
 in case of the unlikely event that a future version or variant of \s-1TLS\s0
 uses some other length there.
 .PP
@@ -203,7 +207,7 @@ Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values a
 values based on their view of the current time.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure.
+\&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure.
 .PP
 For the other functions, if \fBoutlen\fR is greater than 0 then these functions
 return the number of bytes actually copied, which will be less than or equal to
@@ -211,10 +215,10 @@ return the number of bytes actually copied, which will be less than or equal to
 of bytes they would copy \*(-- that is, the length of the underlying field.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fIRAND_bytes\fR\|(3),
-\&\fISSL_export_keying_material\fR\|(3),
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBRAND_bytes\fR\|(3),
+\&\fBSSL_export_keying_material\fR\|(3),
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/SSL_get_current_cipher.3
index 0ff62b8e03063..d9b4d15028930 100644
--- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3
+++ b/secure/lib/libcrypto/man/SSL_get_current_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_CURRENT_CIPHER 3"
-.TH SSL_GET_CURRENT_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_CURRENT_CIPHER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,33 +155,33 @@ SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing
+\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing
 the description of the actually used cipher of a connection established with
 the \fBssl\fR object.
-See \fISSL_CIPHER_get_name\fR\|(3) for more details.
+See \fBSSL_CIPHER_get_name\fR\|(3) for more details.
 .PP
-\&\fISSL_get_cipher_name()\fR obtains the
+\&\fBSSL_get_cipher_name()\fR obtains the
 name of the currently used cipher.
-\&\fISSL_get_cipher()\fR is identical to \fISSL_get_cipher_name()\fR.
-\&\fISSL_get_cipher_bits()\fR is a
+\&\fBSSL_get_cipher()\fR is identical to \fBSSL_get_cipher_name()\fR.
+\&\fBSSL_get_cipher_bits()\fR is a
 macro to obtain the number of secret/algorithm bits used and
-\&\fISSL_get_cipher_version()\fR returns the protocol name.
+\&\fBSSL_get_cipher_version()\fR returns the protocol name.
 .PP
-\&\fISSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing
+\&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing
 the description of the cipher (if any) that has been negotiated for future use
 on the connection established with the \fBssl\fR object, but is not yet in use.
 This may be the case during handshake processing, when control flow can be
 returned to the application via any of several callback methods.  The internal
 sequencing of handshake processing and callback invocation is not guaranteed
 to be stable from release to release, and at present only the callback set
-by \fISSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value.
+by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value.
 Other callbacks may be added to this list over time.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if
+\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if
 no session has been established.
 .PP
-\&\fISSL_get_pending_cipher()\fR returns the cipher to be used at the next change
+\&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change
 of cipher suite, or \s-1NULL\s0 if no such cipher is known.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -185,7 +189,7 @@ SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and
 SSL_get_cipher_name are implemented as macros.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CIPHER_get_name\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/SSL_get_default_timeout.3
index 490139ab856b5..0a0cc0938bd18 100644
--- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3
+++ b/secure/lib/libcrypto/man/SSL_get_default_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_DEFAULT_TIMEOUT 3"
-.TH SSL_GET_DEFAULT_TIMEOUT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_DEFAULT_TIMEOUT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,28 +149,28 @@ SSL_get_default_timeout \- get default session timeout value
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to
+\&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to
 \&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Whenever a new session is negotiated, it is assigned a timeout value,
 after which it will not be accepted for session reuse. If the timeout
 value was not explicitly set using
-\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default
+\&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default
 timeout for the protocol will be used.
 .PP
-\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds
+\&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds
 for all currently supported protocols.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 See description.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
-\&\fISSL_SESSION_get_time\fR\|(3),
-\&\fISSL_CTX_flush_sessions\fR\|(3),
-\&\fISSL_get_default_timeout\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fBSSL_SESSION_get_time\fR\|(3),
+\&\fBSSL_CTX_flush_sessions\fR\|(3),
+\&\fBSSL_get_default_timeout\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3
index 5a2d201580040..aa56b83544a4e 100644
--- a/secure/lib/libcrypto/man/SSL_get_error.3
+++ b/secure/lib/libcrypto/man/SSL_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_ERROR 3"
-.TH SSL_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,18 +149,18 @@ SSL_get_error \- obtain result code for TLS/SSL I/O operation
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
-statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR,
-\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, \fISSL_peek()\fR, \fISSL_write_ex()\fR or
-\&\fISSL_write()\fR on \fBssl\fR.  The value returned by that \s-1TLS/SSL I/O\s0 function must be
-passed to \fISSL_get_error()\fR in parameter \fBret\fR.
+\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
+statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR,
+\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_write_ex()\fR or
+\&\fBSSL_write()\fR on \fBssl\fR.  The value returned by that \s-1TLS/SSL I/O\s0 function must be
+passed to \fBSSL_get_error()\fR in parameter \fBret\fR.
 .PP
-In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the
-current thread's OpenSSL error queue.  Thus, \fISSL_get_error()\fR must be
+In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the
+current thread's OpenSSL error queue.  Thus, \fBSSL_get_error()\fR must be
 used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no
 other OpenSSL function calls should appear in between.  The current
 thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is
-attempted, or \fISSL_get_error()\fR will not work reliably.
+attempted, or \fBSSL_get_error()\fR will not work reliably.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The following return values can currently occur:
@@ -182,10 +186,10 @@ operation.
 If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same
 function can be called again.
 .Sp
-\&\fISSL_read()\fR and \fISSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is
+\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is
 still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even
 for a blocking \fB\s-1BIO\s0\fR.
-See \fISSL_read\fR\|(3) for more information.
+See \fBSSL_read\fR\|(3) for more information.
 .Sp
 \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write
 to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR.
@@ -197,85 +201,88 @@ There is no fixed upper limit for the number of iterations that
 may be necessary until progress becomes visible at application
 protocol level.
 .Sp
-It is safe to call \fISSL_read()\fR or \fISSL_read_ex()\fR when more data is available
-even when the call that set this error was an \fISSL_write()\fR or \fISSL_write_ex()\fR.
-However if the call was an \fISSL_write()\fR or \fISSL_write_ex()\fR, it should be called
+It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available
+even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR.
+However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called
 again to continue sending the application data.
 .Sp
-For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or
-\&\fIpoll()\fR on the underlying socket can be used to find out when the
+For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or
+\&\fBpoll()\fR on the underlying socket can be used to find out when the
 \&\s-1TLS/SSL I/O\s0 function should be retried.
 .Sp
 Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of
 \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR.
 In particular,
-\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, or \fISSL_peek()\fR may want to write data
-and \fISSL_write()\fR or \fISSL_write_ex()\fR may want to read data.
+\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data
+and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data.
 This is mainly because
 \&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by
-either the client or the server); \fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR,
-\&\fISSL_peek()\fR, \fISSL_write_ex()\fR, and \fISSL_write()\fR will handle any pending handshakes.
+either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR,
+\&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes.
 .IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4
 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT"
 The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be
 called again later. The underlying \s-1BIO\s0 was not connected yet to the peer
-and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be
+and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be
 called again when the connection is established. These messages can only
-appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively.
+appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively.
 In order to find out, when the connection has been successfully established,
-on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor
+on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor
 can be used.
 .IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4
 .IX Item "SSL_ERROR_WANT_X509_LOOKUP"
 The operation did not complete because an application callback set by
-\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
+\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again.
 The \s-1TLS/SSL I/O\s0 function should be called again later.
 Details depend on the application.
 .IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4
 .IX Item "SSL_ERROR_WANT_ASYNC"
 The operation did not complete because an asynchronous engine is still
 processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0
-using \fISSL_CTX_set_mode\fR\|(3) or \fISSL_set_mode\fR\|(3) and an asynchronous capable
+using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable
 engine is being used. An application can determine whether the engine has
-completed its processing using \fIselect()\fR or \fIpoll()\fR on the asynchronous wait file
+completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file
 descriptor. This file descriptor is available by calling
-\&\fISSL_get_all_async_fds\fR\|(3) or \fISSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0
+\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0
 function should be called again later. The function \fBmust\fR be called from the
 same thread that the original call was made from.
 .IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4
 .IX Item "SSL_ERROR_WANT_ASYNC_JOB"
 The asynchronous job could not be started because there were no async jobs
-available in the pool (see \fIASYNC_init_thread\fR\|(3)). This will only occur if the
-mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fISSL_CTX_set_mode\fR\|(3) or
-\&\fISSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool
-through a call to \fIASYNC_init_thread\fR\|(3). The application should retry the
+available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the
+mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or
+\&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool
+through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the
 operation after a currently executing asynchronous operation for the current
 thread has completed.
 .IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4
 .IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB"
 The operation did not complete because an application callback set by
-\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again.
+\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again.
 The \s-1TLS/SSL I/O\s0 function should be called again later.
 Details depend on the application.
 .IP "\s-1SSL_ERROR_SYSCALL\s0" 4
 .IX Item "SSL_ERROR_SYSCALL"
-Some non-recoverable I/O error occurred.
-The OpenSSL error queue may contain more information on the error.
-For socket I/O on Unix systems, consult \fBerrno\fR for details.
+Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
+contain more information on the error. For socket I/O on Unix systems, consult
+\&\fBerrno\fR for details. If this error occurs then no further I/O operations should
+be performed on the connection and \fBSSL_shutdown()\fR must not be called.
 .Sp
 This value can also be returned for other errors, check the error queue for
 details.
 .IP "\s-1SSL_ERROR_SSL\s0" 4
 .IX Item "SSL_ERROR_SSL"
-A failure in the \s-1SSL\s0 library occurred, usually a protocol error.  The
-OpenSSL error queue contains more information on the error.
+A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol
+error.  The OpenSSL error queue contains more information on the error. If this
+error occurs then no further I/O operations should be performed on the
+connection and \fBSSL_shutdown()\fR must not be called.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\s-1SSL_ERROR_WANT_ASYNC\s0 was added in OpenSSL 1.1.0.
-\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 was added in OpenSSL 1.1.1.
+The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0.
+The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_extms_support.3 b/secure/lib/libcrypto/man/SSL_get_extms_support.3
index c0e53e25db3bf..8911e370c159e 100644
--- a/secure/lib/libcrypto/man/SSL_get_extms_support.3
+++ b/secure/lib/libcrypto/man/SSL_get_extms_support.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_EXTMS_SUPPORT 3"
-.TH SSL_GET_EXTMS_SUPPORT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_EXTMS_SUPPORT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,19 +149,19 @@ SSL_get_extms_support \- extended master secret support
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_extms_support()\fR indicates whether the current session used extended
+\&\fBSSL_get_extms_support()\fR indicates whether the current session used extended
 master secret.
 .PP
 This function is implemented as a macro.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_get_extms_support()\fR returns 1 if the current session used extended
+\&\fBSSL_get_extms_support()\fR returns 1 if the current session used extended
 master secret, 0 if it did not and \-1 if a handshake is currently in
 progress i.e. it is not possible to determine if extended master secret
 was used.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libcrypto/man/SSL_get_fd.3
index 16e4c219006b6..d5fed0f01122d 100644
--- a/secure/lib/libcrypto/man/SSL_get_fd.3
+++ b/secure/lib/libcrypto/man/SSL_get_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_FD 3"
-.TH SSL_GET_FD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_FD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,10 +151,10 @@ SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL obj
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR.
-\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the
+\&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR.
+\&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the
 read or the write channel, which can be different. If the read and the
-write channel are different, \fISSL_get_fd()\fR will return the file descriptor
+write channel are different, \fBSSL_get_fd()\fR will return the file descriptor
 of the read channel.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -164,7 +168,7 @@ The operation failed, because the underlying \s-1BIO\s0 is not of the correct ty
 The file descriptor linked to \fBssl\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7)
+\&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
index eeab7f35c673e..d73ec897ea24c 100644
--- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
+++ b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_PEER_CERT_CHAIN 3"
-.TH SSL_GET_PEER_CERT_CHAIN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_PEER_CERT_CHAIN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,33 +150,33 @@ SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate cha
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates
+\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates
 forming the certificate chain sent by the peer. If called on the client side,
 the stack also contains the peer's certificate; if called on the server
 side, the peer's certificate must be obtained separately using
-\&\fISSL_get_peer_certificate\fR\|(3).
+\&\fBSSL_get_peer_certificate\fR\|(3).
 If the peer did not present a certificate, \s-1NULL\s0 is returned.
 .PP
-\&\s-1NB:\s0 \fISSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it
+\&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it
 only consists of certificates the peer has sent (in the order the peer
 has sent them) it is \fBnot\fR a verified chain.
 .PP
-\&\fISSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain
+\&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain
 of the peer including the peer's end entity certificate. It must be called
 after a session has been successfully established. If peer verification was
-not successful (as indicated by \fISSL_get_verify_result()\fR not returning
+not successful (as indicated by \fBSSL_get_verify_result()\fR not returning
 X509_V_OK) the chain may be incomplete or invalid.
 .SH "NOTES"
 .IX Header "NOTES"
 If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer
-is returned by these functions. Applications can call \fISSL_session_reused()\fR
+is returned by these functions. Applications can call \fBSSL_session_reused()\fR
 to determine whether a session is resumed.
 .PP
 The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object
 is not incremented and the returned stack may be invalidated by renegotiation.
 If applications wish to use any certificates in the returned chain
-indefinitely they must increase the reference counts using \fIX509_up_ref()\fR or
-obtain a copy of the whole chain with \fIX509_chain_up_ref()\fR.
+indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or
+obtain a copy of the whole chain with \fBX509_chain_up_ref()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The following return values can occur:
@@ -185,8 +189,8 @@ or the certificate chain is no longer available when a session is reused.
 The return value points to the certificate chain presented by the peer.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), \fIX509_up_ref\fR\|(3),
-\&\fIX509_chain_up_ref\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3),
+\&\fBX509_chain_up_ref\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
index 4a2576d4ef7d1..aa75adec57c2b 100644
--- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
+++ b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_PEER_CERTIFICATE 3"
-.TH SSL_GET_PEER_CERTIFICATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_PEER_CERTIFICATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,23 +149,23 @@ SSL_get_peer_certificate \- get the X509 certificate of the peer
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the
+\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the
 peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned.
 .SH "NOTES"
 .IX Header "NOTES"
 Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a
 certificate, if present. A client will only send a certificate when
 explicitly requested to do so by the server (see
-\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher
+\&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher
 is used, no certificates are sent.
 .PP
 That a certificate is returned does not indicate information about the
-verification state, use \fISSL_get_verify_result\fR\|(3)
+verification state, use \fBSSL_get_verify_result\fR\|(3)
 to check the verification state.
 .PP
 The reference count of the X509 object is incremented by one, so that it
 will not be destroyed when the session containing the peer certificate is
-freed. The X509 object must be explicitly freed using \fIX509_free()\fR.
+freed. The X509 object must be explicitly freed using \fBX509_free()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The following return values can occur:
@@ -173,8 +177,8 @@ No certificate was presented by the peer or no connection was established.
 The return value points to the certificate presented by the peer.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3),
-\&\fISSL_CTX_set_verify\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3),
+\&\fBSSL_CTX_set_verify\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 b/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
index 647da8388b2f8..2e11c5645cc34 100644
--- a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
+++ b/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_PEER_SIGNATURE_NID 3"
-.TH SSL_GET_PEER_SIGNATURE_NID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_PEER_SIGNATURE_NID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,17 +152,17 @@ SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_n
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used
+\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used
 by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro.
 .PP
-\&\fISSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature
+\&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature
 type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type
 is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing
 where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between
 \&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check
 the type of public key in the peer's certificate.
 .PP
-\&\fISSL_get_signature_nid()\fR and \fISSL_get_signature_type_nid()\fR return the equivalent
+\&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent
 information for the local end of the connection.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -168,7 +172,7 @@ uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1
 the functions were called too early, e.g. before the peer signed a message.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3),
+\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 b/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
index 0c05d2c7cb932..0d1fc6a478eb2 100644
--- a/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
+++ b/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_PEER_TMP_KEY 3"
-.TH SSL_GET_PEER_TMP_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_PEER_TMP_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,18 +151,18 @@ SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and
+\&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and
 used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents
 the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in
 \&\fB*key\fR. It is the caller's responsibility to free this key after use using
-\&\fIEVP_PKEY_free\fR\|(3).
+\&\fBEVP_PKEY_free\fR\|(3).
 .PP
-\&\fISSL_get_server_tmp_key()\fR is a backwards compatibility alias for
-\&\fISSL_get_peer_tmp_key()\fR.
+\&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for
+\&\fBSSL_get_peer_tmp_key()\fR.
 Under that name it worked just on the client side of the connection, its
 behaviour on the server end is release-dependent.
 .PP
-\&\fISSL_get_tmp_key()\fR returns the equivalent information for the local
+\&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local
 end of the connection.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -168,7 +172,7 @@ All these functions return 1 on success and 0 otherwise.
 This function is implemented as a macro.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fIEVP_PKEY_free\fR\|(3)
+\&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_psk_identity.3 b/secure/lib/libcrypto/man/SSL_get_psk_identity.3
index ac0d3e3839012..da16dcc6b2de9 100644
--- a/secure/lib/libcrypto/man/SSL_get_psk_identity.3
+++ b/secure/lib/libcrypto/man/SSL_get_psk_identity.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_PSK_IDENTITY 3"
-.TH SSL_GET_PSK_IDENTITY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_PSK_IDENTITY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,15 +150,15 @@ SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and h
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint
+\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint
 used during the connection setup related to \s-1SSL\s0 object
-\&\fBssl\fR. Similarly, \fISSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0
+\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0
 identity used during the connection setup.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If non\-\fB\s-1NULL\s0\fR, \fISSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity
-hint and \fISSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are
-\&\fB\s-1NULL\s0\fR\-terminated. \fISSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if
+If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity
+hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are
+\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if
 no \s-1PSK\s0 identity hint was used during the connection setup.
 .PP
 Note that the return value is valid only during the lifetime of the
diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libcrypto/man/SSL_get_rbio.3
index e30d0173321d6..de6daed4dfb88 100644
--- a/secure/lib/libcrypto/man/SSL_get_rbio.3
+++ b/secure/lib/libcrypto/man/SSL_get_rbio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_RBIO 3"
-.TH SSL_GET_RBIO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_RBIO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the
+\&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the
 read or the write channel, which can be different. The reference count
 of the \s-1BIO\s0 is not incremented.
 .SH "RETURN VALUES"
@@ -160,7 +164,7 @@ No \s-1BIO\s0 was connected to the \s-1SSL\s0 object
 The \s-1BIO\s0 linked to \fBssl\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7)
+\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libcrypto/man/SSL_get_session.3
index a78792cf21ae9..bf36ccd06ede4 100644
--- a/secure/lib/libcrypto/man/SSL_get_session.3
+++ b/secure/lib/libcrypto/man/SSL_get_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_SESSION 3"
-.TH SSL_GET_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,13 +151,13 @@ SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in
+\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in
 \&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so
 that the pointer can become invalid by other operations.
 .PP
-\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR.
+\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR.
 .PP
-\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference
+\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference
 count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -165,7 +169,7 @@ client at a time of its choosing, which may be some while after the initial
 connection is established (or never). Calling these functions on the client side
 in TLSv1.3 before the session has been established will still return an
 \&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See
-\&\fISSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an
+\&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an
 \&\s-1SSL_SESSION\s0 object can be used for resumption or not.
 .PP
 Additionally, in TLSv1.3, a server can send multiple messages that establish a
@@ -173,7 +177,7 @@ session for a single connection. In that case the above functions will only
 return information on the last session that was received.
 .PP
 The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is
-to use a new session callback as described in \fISSL_CTX_sess_set_new_cb\fR\|(3).
+to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3).
 The new session callback is only invoked when a session is actually established,
 so this avoids the problem described above where an application obtains an
 \&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also
@@ -182,24 +186,24 @@ server.
 .PP
 A session will be automatically removed from the session cache and marked as
 non-resumable if the connection is not closed down cleanly, e.g. if a fatal
-error occurs on the connection or \fISSL_shutdown\fR\|(3) is not called prior to
-\&\fISSL_free\fR\|(3).
+error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to
+\&\fBSSL_free\fR\|(3).
 .PP
 In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for
 resumption once.
 .PP
-\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the
+\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the
 reference counter is not incremented, the pointer is only valid while
-the connection is in use. If \fISSL_clear\fR\|(3) or
-\&\fISSL_free\fR\|(3) is called, the session may be removed completely
+the connection is in use. If \fBSSL_clear\fR\|(3) or
+\&\fBSSL_free\fR\|(3) is called, the session may be removed completely
 (if considered bad), and the pointer obtained will become invalid. Even
 if the session is valid, it can be removed at any time due to timeout
-during \fISSL_CTX_flush_sessions\fR\|(3).
+during \fBSSL_CTX_flush_sessions\fR\|(3).
 .PP
-If the data is to be kept, \fISSL_get1_session()\fR will increment the reference
+If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference
 count, so that the session will not be implicitly removed by other operations
 but stays in memory. In order to remove the session
-\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once
+\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once
 to decrement the reference count again.
 .PP
 \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache
@@ -218,9 +222,9 @@ There is no session available in \fBssl\fR.
 The return value points to the data of an \s-1SSL\s0 session.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_free\fR\|(3),
-\&\fISSL_clear\fR\|(3),
-\&\fISSL_SESSION_free\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_free\fR\|(3),
+\&\fBSSL_clear\fR\|(3),
+\&\fBSSL_SESSION_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 b/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
index a44b8c89a8a64..05c2baeff429f 100644
--- a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
+++ b/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_SHARED_SIGALGS 3"
-.TH SSL_GET_SHARED_SIGALGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_SHARED_SIGALGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,19 +155,19 @@ SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_shared_sigalgs()\fR returns information about the shared signature
+\&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature
 algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index
 of the shared signature algorithm to return starting from zero. The signature
 algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the
 sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values
 are written to \fB*rsig\fR and \fB*rhash\fR.
 .PP
-\&\fISSL_get_sigalgs()\fR is similar to \fISSL_get_shared_sigalgs()\fR except it returns
+\&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns
 information about all signature algorithms supported by \fBs\fR in the order
 they were sent by the peer.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_get_shared_sigalgs()\fR and \fISSL_get_sigalgs()\fR return the number of
+\&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of
 signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -189,12 +193,12 @@ Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature alg
 If these
 functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned.
 .PP
-The shared signature algorithms returned by \fISSL_get_shared_sigalgs()\fR are
+The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are
 ordered according to configuration and peer preferences.
 .PP
 The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al.
-The NIDs are OpenSSL equivalents. For example if the peer sent \fIsha256\fR\|(4) and
-\&\fIrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR
+The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and
+\&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR
 NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption.
 .PP
 If a signature algorithm is not recognised the corresponding NIDs
@@ -203,8 +207,8 @@ is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the
 signature algorithm does not use a hash (for example Ed25519).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CTX_set_cert_cb\fR\|(3),
-\&\fIssl\fR\|(7)
+\&\fBSSL_CTX_set_cert_cb\fR\|(3),
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/SSL_get_verify_result.3
index 076f71eb85239..d9b7e6128575b 100644
--- a/secure/lib/libcrypto/man/SSL_get_verify_result.3
+++ b/secure/lib/libcrypto/man/SSL_get_verify_result.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_VERIFY_RESULT 3"
-.TH SSL_GET_VERIFY_RESULT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_VERIFY_RESULT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,14 +149,14 @@ SSL_get_verify_result \- get result of peer certificate verification
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_get_verify_result()\fR returns the result of the verification of the
+\&\fBSSL_get_verify_result()\fR returns the result of the verification of the
 X509 certificate presented by the peer, if any.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_get_verify_result()\fR can only return one error code while the verification
+\&\fBSSL_get_verify_result()\fR can only return one error code while the verification
 of a certificate can fail because of many reasons at the same time. Only
 the last verification error that occurred during the processing is available
-from \fISSL_get_verify_result()\fR.
+from \fBSSL_get_verify_result()\fR.
 .PP
 The verification result is part of the established session and is restored
 when a session is reused.
@@ -160,8 +164,8 @@ when a session is reused.
 .IX Header "BUGS"
 If no peer certificate was presented, the returned result code is
 X509_V_OK. This is because no verification error occurred, it does however
-not indicate success. \fISSL_get_verify_result()\fR is only useful in connection
-with \fISSL_get_peer_certificate\fR\|(3).
+not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection
+with \fBSSL_get_peer_certificate\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 The following return values can currently occur:
@@ -170,12 +174,12 @@ The following return values can currently occur:
 The verification succeeded or no peer certificate was presented.
 .IP "Any other value" 4
 .IX Item "Any other value"
-Documented in \fIverify\fR\|(1).
+Documented in \fBverify\fR\|(1).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_set_verify_result\fR\|(3),
-\&\fISSL_get_peer_certificate\fR\|(3),
-\&\fIverify\fR\|(1)
+\&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3),
+\&\fBSSL_get_peer_certificate\fR\|(3),
+\&\fBverify\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libcrypto/man/SSL_get_version.3
index ca4a26ae7c6f8..09011339e7b6a 100644
--- a/secure/lib/libcrypto/man/SSL_get_version.3
+++ b/secure/lib/libcrypto/man/SSL_get_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_GET_VERSION 3"
-.TH SSL_GET_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_GET_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,19 +155,19 @@ SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protoco
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_client_version()\fR returns the numeric protocol version advertised by the
+\&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the
 client in the legacy_version field of the ClientHello when initiating the
 connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater
-than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fISSL_get_version()\fR
-returns the name of the protocol used for the connection. \fISSL_version()\fR returns
+than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR
+returns the name of the protocol used for the connection. \fBSSL_version()\fR returns
 the numeric protocol version used for the connection. They should only be called
 after the initial handshake has been completed. Prior to that the results
 returned from these functions may be unreliable.
 .PP
-\&\fISSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not.
+\&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_get_version()\fR returns one of the following strings:
+\&\fBSSL_get_version()\fR returns one of the following strings:
 .IP "SSLv3" 4
 .IX Item "SSLv3"
 The connection uses the SSLv3 protocol.
@@ -183,7 +187,7 @@ The connection uses the TLSv1.3 protocol.
 .IX Item "unknown"
 This indicates an unknown protocol version.
 .PP
-\&\fISSL_version()\fR and \fISSL_client_version()\fR return an integer which could include any
+\&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any
 of the following:
 .IP "\s-1SSL3_VERSION\s0" 4
 .IX Item "SSL3_VERSION"
@@ -200,13 +204,13 @@ The connection uses the TLSv1.2 protocol.
 .IP "\s-1TLS1_3_VERSION\s0" 4
 .IX Item "TLS1_3_VERSION"
 The connection uses the TLSv1.3 protocol (never returned for
-\&\fISSL_client_version()\fR).
+\&\fBSSL_client_version()\fR).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_is_dtls()\fR was added in OpenSSL 1.1.0.
+The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_in_init.3 b/secure/lib/libcrypto/man/SSL_in_init.3
index 2dc410d38a87b..98c72c8cfe8ae 100644
--- a/secure/lib/libcrypto/man/SSL_in_init.3
+++ b/secure/lib/libcrypto/man/SSL_in_init.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_IN_INIT 3"
-.TH SSL_IN_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_IN_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,27 +156,27 @@ SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_ac
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or
+\&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or
 awaiting handshake messages, or 0 otherwise.
 .PP
-\&\fISSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0
+\&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0
 otherwise.
 .PP
-\&\fISSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where
+\&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where
 fully protected application data can be transferred or 0 otherwise.
 .PP
 Note that in some circumstances (such as when early data is being transferred)
-\&\fISSL_in_init()\fR, \fISSL_in_before()\fR and \fISSL_is_init_finished()\fR can all return 0.
+\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR and \fBSSL_is_init_finished()\fR can all return 0.
 .PP
-\&\fISSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fISSL_in_init()\fR
+\&\fBSSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fBSSL_in_init()\fR
 would return 1, or 0 otherwise.
 .PP
-\&\fISSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fISSL_in_init()\fR
+\&\fBSSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fBSSL_in_init()\fR
 would return 1, or 0 otherwise.
 .PP
-\&\fISSL_in_connect_init()\fR and \fISSL_in_accept_init()\fR are implemented as macros.
+\&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros.
 .PP
-\&\fISSL_get_state()\fR returns a value indicating the current state of the handshake
+\&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake
 state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value
 indicates a discrete state machine state. Note that future versions of OpenSSL
 may define more states so applications should expect to receive unrecognised
@@ -205,14 +209,14 @@ Early data is being processed
 Awaiting the end of early data processing
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_in_init()\fR, \fISSL_in_before()\fR, \fISSL_is_init_finished()\fR, \fISSL_in_connect_init()\fR
-and \fISSL_in_accept_init()\fR return values as indicated above.
+\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR, \fBSSL_is_init_finished()\fR, \fBSSL_in_connect_init()\fR
+and \fBSSL_in_accept_init()\fR return values as indicated above.
 .PP
-\&\fISSL_get_state()\fR returns the current handshake state.
+\&\fBSSL_get_state()\fR returns the current handshake state.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_read_early_data\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_read_early_data\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_key_update.3 b/secure/lib/libcrypto/man/SSL_key_update.3
index 415beb9b38b05..72c751c0e1d53 100644
--- a/secure/lib/libcrypto/man/SSL_key_update.3
+++ b/secure/lib/libcrypto/man/SSL_key_update.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_KEY_UPDATE 3"
-.TH SSL_KEY_UPDATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_KEY_UPDATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -142,15 +146,15 @@ SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbrev
 \& #include <openssl/ssl.h>
 \&
 \& int SSL_key_update(SSL *s, int updatetype);
-\& int SSL_get_key_update_type(SSL *s);
+\& int SSL_get_key_update_type(const SSL *s);
 \&
 \& int SSL_renegotiate(SSL *s);
 \& int SSL_renegotiate_abbreviated(SSL *s);
-\& int SSL_renegotiate_pending(SSL *s);
+\& int SSL_renegotiate_pending(const SSL *s);
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection.
+\&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection.
 If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then
 the sending keys for this connection will be updated and the peer will be
 informed of the change. If the \fBupdatetype\fR parameter is set to
@@ -159,35 +163,35 @@ updated and the peer will be informed of the change along with a request for the
 peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is
 set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR.
 .PP
-\&\fISSL_key_update()\fR must only be called after the initial handshake has been
+\&\fBSSL_key_update()\fR must only be called after the initial handshake has been
 completed and TLSv1.3 has been negotiated. The key update will not take place
-until the next time an \s-1IO\s0 operation such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR
-takes place on the connection. Alternatively \fISSL_do_handshake()\fR can be called to
+until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR
+takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to
 force the update to take place immediately.
 .PP
-\&\fISSL_get_key_update_type()\fR can be used to determine whether a key update
+\&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update
 operation has been scheduled but not yet performed. The type of the pending key
 update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0
 otherwise.
 .PP
-\&\fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR should only be called for
+\&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for
 connections that have negotiated TLSv1.2 or less. Calling them on any other
 connection will result in an error.
 .PP
-When called from the client side, \fISSL_renegotiate()\fR schedules a completely new
+When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new
 handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation
-such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR takes place on the connection a check
+such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check
 will be performed to confirm that it is a suitable time to start a
 renegotiation. If so, then it will be initiated immediately. OpenSSL will not
 attempt to resume any session associated with the connection in the new
 handshake.
 .PP
-When called from the client side, \fISSL_renegotiate_abbreviated()\fR works in the
-same was as \fISSL_renegotiate()\fR except that OpenSSL will attempt to resume the
+When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the
+same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the
 session associated with the current connection in the new handshake.
 .PP
-When called from the server side, \fISSL_renegotiate()\fR and
-\&\fISSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request
+When called from the server side, \fBSSL_renegotiate()\fR and
+\&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request
 for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is
 performed then the same checks as on the client side are performed and then, if
 appropriate, the request is sent. The client may or may not respond with a new
@@ -201,30 +205,30 @@ a \s-1TLS\s0 connection the client will attempt to resume the current session in
 new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume
 the session in the new handshake.
 .PP
-The \fISSL_renegotiate_pending()\fR function returns 1 if a renegotiation or
+The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or
 renegotiation request has been scheduled but not yet acted on, or 0 otherwise.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_key_update()\fR, \fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR return 1
+\&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1
 on success or 0 on error.
 .PP
-\&\fISSL_get_key_update_type()\fR returns the update type of the pending key update
+\&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update
 operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none.
 .PP
-\&\fISSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request
+\&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request
 has been scheduled but not yet acted on, or 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3),
-\&\fISSL_write_ex\fR\|(3),
-\&\fISSL_do_handshake\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3),
+\&\fBSSL_write_ex\fR\|(3),
+\&\fBSSL_do_handshake\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fISSL_key_update()\fR and \fISSL_get_key_update_type()\fR functions were added in
+The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in
 OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libcrypto/man/SSL_library_init.3
index 2d64ec1ddccbb..d0937002ced4c 100644
--- a/secure/lib/libcrypto/man/SSL_library_init.3
+++ b/secure/lib/libcrypto/man/SSL_library_init.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_LIBRARY_INIT 3"
-.TH SSL_LIBRARY_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_LIBRARY_INIT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,30 +151,30 @@ SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by regi
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests.
+\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests.
 .PP
-\&\fIOpenSSL_add_ssl_algorithms()\fR is a synonym for \fISSL_library_init()\fR and is
+\&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is
 implemented as a macro.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_library_init()\fR must be called before any other action takes place.
-\&\fISSL_library_init()\fR is not reentrant.
+\&\fBSSL_library_init()\fR must be called before any other action takes place.
+\&\fBSSL_library_init()\fR is not reentrant.
 .SH "WARNING"
 .IX Header "WARNING"
-\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by
+\&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by
 \&\s-1SSL/TLS.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return
+\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return
 value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fIRAND_add\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBRAND_add\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fISSL_library_init()\fR and \fIOpenSSL_add_ssl_algorithms()\fR functions were
-deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_ssl()\fR.
+The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were
+deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
index 22dd86b018681..b1e1b5186c05a 100644
--- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
+++ b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_LOAD_CLIENT_CA_FILE 3"
-.TH SSL_LOAD_CLIENT_CA_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_LOAD_CLIENT_CA_FILE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,14 +149,14 @@ SSL_load_client_CA_file \- load certificate names from file
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns
+\&\fBSSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns
 a \s-1STACK_OF\s0(X509_NAME) with the subject names found.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and
+\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and
 extracts the X509_NAMES of the certificates found. While the name suggests
 the specific usage as support function for
-\&\fISSL_CTX_set_client_CA_list\fR\|(3),
+\&\fBSSL_CTX_set_client_CA_list\fR\|(3),
 it is not limited to \s-1CA\s0 certificates.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
@@ -181,8 +185,8 @@ The operation failed, check out the error stack for the reason.
 Pointer to the subject names of the successfully read certificates.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_CTX_set_client_CA_list\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_CTX_set_client_CA_list\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libcrypto/man/SSL_new.3
index c326a43deea90..92f380559549f 100644
--- a/secure/lib/libcrypto/man/SSL_new.3
+++ b/secure/lib/libcrypto/man/SSL_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_NEW 3"
-.TH SSL_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the
+\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the
 data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings
 of the underlying context \fBctx\fR: connection method,
 options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is
@@ -156,10 +160,10 @@ the reference count. Freeing it (using SSL_free) decrements it. When the
 reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR
 structure are freed.
 .PP
-\&\fISSL_up_ref()\fR increments the reference count for an
+\&\fBSSL_up_ref()\fR increments the reference count for an
 existing \fB\s-1SSL\s0\fR structure.
 .PP
-\&\fISSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All
+\&\fBSSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All
 settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e.
 existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an
 initial accept (server) or connect (client) state.
@@ -174,13 +178,13 @@ find out the reason.
 .IX Item "Pointer to an SSL structure"
 The return value points to an allocated \s-1SSL\s0 structure.
 .Sp
-\&\fISSL_up_ref()\fR returns 1 for success and 0 for failure.
+\&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3),
-\&\fISSL_CTX_set_options\fR\|(3),
-\&\fISSL_get_SSL_CTX\fR\|(3),
-\&\fIssl\fR\|(7)
+\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3),
+\&\fBSSL_CTX_set_options\fR\|(3),
+\&\fBSSL_get_SSL_CTX\fR\|(3),
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libcrypto/man/SSL_pending.3
index 619057c01b05f..10984ac7a6e53 100644
--- a/secure/lib/libcrypto/man/SSL_pending.3
+++ b/secure/lib/libcrypto/man/SSL_pending.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_PENDING 3"
-.TH SSL_PENDING 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_PENDING 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,43 +152,43 @@ SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL obje
 .IX Header "DESCRIPTION"
 Data is received in whole blocks known as records from the peer. A whole record
 is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is
-read by the application via a call to \fISSL_read_ex\fR\|(3) or \fISSL_read\fR\|(3).
+read by the application via a call to \fBSSL_read_ex\fR\|(3) or \fBSSL_read\fR\|(3).
 .PP
-\&\fISSL_pending()\fR returns the number of bytes which have been processed, buffered
+\&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered
 and are available inside \fBssl\fR for immediate read.
 .PP
 If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see
-\&\fISSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current
+\&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current
 record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to
-\&\s-1DTLS\s0 and pipelining (see \fISSL_CTX_set_split_send_fragment\fR\|(3)). These
+\&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These
 additional bytes will be buffered by OpenSSL but will remain unprocessed until
-they are needed. As these bytes are still in an unprocessed state \fISSL_pending()\fR
+they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR
 will ignore them. Therefore it is possible for no more bytes to be readable from
-the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fISSL_pending()\fR
+the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR
 to return 0, even though readable application data bytes are available (because
 the data is in unprocessed buffered records).
 .PP
-\&\fISSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or
-unprocessed) and 0 otherwise. Note that it is possible for \fISSL_has_pending()\fR to
-return 1, and then a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR to return no
+\&\fBSSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or
+unprocessed) and 0 otherwise. Note that it is possible for \fBSSL_has_pending()\fR to
+return 1, and then a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR to return no
 data because the unprocessed buffered data when processed yielded no application
 data (for example this can happen during renegotiation). It is also possible in
-this scenario for \fISSL_has_pending()\fR to continue to return 1 even after an
-\&\fISSL_read_ex()\fR or \fISSL_read()\fR call because the buffered and unprocessed data is
+this scenario for \fBSSL_has_pending()\fR to continue to return 1 even after an
+\&\fBSSL_read_ex()\fR or \fBSSL_read()\fR call because the buffered and unprocessed data is
 not yet processable (e.g. because OpenSSL has only received a partial record so
 far).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_pending()\fR returns the number of buffered and processed application data
-bytes that are pending and are available for immediate read. \fISSL_has_pending()\fR
+\&\fBSSL_pending()\fR returns the number of buffered and processed application data
+bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR
 returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_CTX_set_read_ahead\fR\|(3),
-\&\fISSL_CTX_set_split_send_fragment\fR\|(3), \fIssl\fR\|(7)
+\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3),
+\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fISSL_has_pending()\fR function was added in OpenSSL 1.1.0.
+The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libcrypto/man/SSL_read.3
index 6d024c6fab9fd..2a93f4be70f89 100644
--- a/secure/lib/libcrypto/man/SSL_read.3
+++ b/secure/lib/libcrypto/man/SSL_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_READ 3"
-.TH SSL_READ 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_READ 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,28 +153,28 @@ SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL conn
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_read_ex()\fR and \fISSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR
-into the buffer \fBbuf\fR. On success \fISSL_read_ex()\fR will store the number of bytes
+\&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR
+into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes
 actually read in \fB*readbytes\fR.
 .PP
-\&\fISSL_peek_ex()\fR and \fISSL_peek()\fR are identical to \fISSL_read_ex()\fR and \fISSL_read()\fR
+\&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR
 respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during
-the read, so that a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR will yield
+the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield
 at least the same bytes.
 .SH "NOTES"
 .IX Header "NOTES"
-In the paragraphs below a \*(L"read function\*(R" is defined as one of \fISSL_read_ex()\fR,
-\&\fISSL_read()\fR, \fISSL_peek_ex()\fR or \fISSL_peek()\fR.
+In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR,
+\&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR.
 .PP
 If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already
-explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the
+explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the
 peer requests a re-negotiation, it will be performed transparently during
 the read function operation. The behaviour of the read functions depends on the
 underlying \s-1BIO.\s0
 .PP
 For the transparent negotiation to succeed, the \fBssl\fR must have been
 initialized to client or server mode. This is being done by calling
-\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR before the first
+\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first
 invocation of a read function.
 .PP
 The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in
@@ -192,9 +196,9 @@ If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application
 record has been processed, the read function can return and set the error to
 \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR.
 In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR.
-If read ahead was set using \fISSL_CTX_set_read_ahead\fR\|(3), there might also still
+If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still
 be unprocessed data available in the \fB\s-1SSL\s0\fR.
-This behaviour can be controlled using the \fISSL_CTX_set_mode\fR\|(3) call.
+This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call.
 .PP
 If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the
 read operation has been finished or an error occurred, except when a
@@ -206,7 +210,7 @@ available the call will hang.
 If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when
 the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the
 operation.
-In this case a call to \fISSL_get_error\fR\|(3) with the
+In this case a call to \fBSSL_get_error\fR\|(3) with the
 return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
 \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR.
 As at any time it's possible that non-application data needs to be sent,
@@ -214,27 +218,27 @@ a read function can also cause write operations.
 The calling process then must repeat the call after taking appropriate action
 to satisfy the needs of the read function.
 The action depends on the underlying \s-1BIO.\s0
-When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be
+When using a non-blocking socket, nothing is to be done, but \fBselect()\fR can be
 used to check for the required condition.
 When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or
 retrieved out of the \s-1BIO\s0 before being able to continue.
 .PP
-\&\fISSL_pending\fR\|(3) can be used to find out whether there
+\&\fBSSL_pending\fR\|(3) can be used to find out whether there
 are buffered bytes available for immediate retrieval.
 In this case the read function can be called without blocking or actually
 receiving new data from the underlying socket.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_read_ex()\fR and \fISSL_peek_ex()\fR will return 1 for success or 0 for failure.
+\&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure.
 Success means that 1 or more application data bytes have been read from the \s-1SSL\s0
 connection.
 Failure means that no bytes could be read from the \s-1SSL\s0 connection.
 Failures can be retryable (e.g. we are waiting for more bytes to
 be delivered by the network) or non-retryable (e.g. a fatal network error).
-In the event of a failure call \fISSL_get_error\fR\|(3) to find out the reason which
+In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which
 indicates whether the call is retryable or not.
 .PP
-For \fISSL_read()\fR and \fISSL_peek()\fR the following return values can occur:
+For \fBSSL_read()\fR and \fBSSL_peek()\fR the following return values can occur:
 .IP "> 0" 4
 .IX Item "> 0"
 The read operation was successful.
@@ -244,23 +248,23 @@ connection.
 .IX Item "<= 0"
 The read operation was not successful, because either the connection was closed,
 an error occurred or action must be taken by the calling process.
-Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason.
+Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason.
 .Sp
 Old documentation indicated a difference between 0 and \-1, and that \-1 was
 retryable.
-You should instead call \fISSL_get_error()\fR to find out if it's retryable.
+You should instead call \fBSSL_get_error()\fR to find out if it's retryable.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_read_ex()\fR and \fISSL_peek_ex()\fR were added in OpenSSL 1.1.1.
+The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_write_ex\fR\|(3),
-\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3),
-\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3)
-\&\fISSL_set_connect_state\fR\|(3),
-\&\fISSL_pending\fR\|(3),
-\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3),
-\&\fIssl\fR\|(7), \fIbio\fR\|(7)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3),
+\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3),
+\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3)
+\&\fBSSL_set_connect_state\fR\|(3),
+\&\fBSSL_pending\fR\|(3),
+\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3),
+\&\fBssl\fR\|(7), \fBbio\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_read_early_data.3 b/secure/lib/libcrypto/man/SSL_read_early_data.3
index 042583e3dc232..c98a4f5ad91fe 100644
--- a/secure/lib/libcrypto/man/SSL_read_early_data.3
+++ b/secure/lib/libcrypto/man/SSL_read_early_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_READ_EARLY_DATA 3"
-.TH SSL_READ_EARLY_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_READ_EARLY_DATA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -194,123 +198,123 @@ unauthenticated at this point and care should be taken when using this
 capability.
 .PP
 A server or client can determine whether the full handshake has been completed
-or not by calling \fISSL_is_init_finished\fR\|(3).
+or not by calling \fBSSL_is_init_finished\fR\|(3).
 .PP
-On the client side, the function \fISSL_SESSION_get_max_early_data()\fR can be used to
+On the client side, the function \fBSSL_SESSION_get_max_early_data()\fR can be used to
 determine if a session established with a server can be used to send early data.
 If the session cannot be used then this function will return 0. Otherwise it
 will return the maximum number of early data bytes that can be sent.
 .PP
-The function \fISSL_SESSION_set_max_early_data()\fR sets the maximum number of early
+The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early
 data bytes that can be sent for a session. This would typically be used when
-creating a \s-1PSK\s0 session file (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). If
+creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If
 using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by
 the server.
 .PP
-A client uses the function \fISSL_write_early_data()\fR to send early data. This
-function is similar to the \fISSL_write_ex\fR\|(3) function, but with the following
-differences. See \fISSL_write_ex\fR\|(3) for information on how to write bytes to
-the underlying connection, and how to handle any errors that may arise. This 
-page describes the differences between \fISSL_write_early_data()\fR and
-\&\fISSL_write_ex\fR\|(3).
+A client uses the function \fBSSL_write_early_data()\fR to send early data. This
+function is similar to the \fBSSL_write_ex\fR\|(3) function, but with the following
+differences. See \fBSSL_write_ex\fR\|(3) for information on how to write bytes to
+the underlying connection, and how to handle any errors that may arise. This
+page describes the differences between \fBSSL_write_early_data()\fR and
+\&\fBSSL_write_ex\fR\|(3).
 .PP
-When called by a client, \fISSL_write_early_data()\fR must be the first \s-1IO\s0 function
+When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function
 called on a new connection, i.e. it must occur before any calls to
-\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_connect\fR\|(3), \fISSL_do_handshake\fR\|(3)
+\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3)
 or other similar functions. It may be called multiple times to stream data to
 the server, but the total number of bytes written must not exceed the value
-returned from \fISSL_SESSION_get_max_early_data()\fR. Once the initial
-\&\fISSL_write_early_data()\fR call has completed successfully the client may interleave
-calls to \fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) with calls to
-\&\fISSL_write_early_data()\fR as required.
+returned from \fBSSL_SESSION_get_max_early_data()\fR. Once the initial
+\&\fBSSL_write_early_data()\fR call has completed successfully the client may interleave
+calls to \fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) with calls to
+\&\fBSSL_write_early_data()\fR as required.
 .PP
-If \fISSL_write_early_data()\fR fails you should call \fISSL_get_error\fR\|(3) to determine
-the correct course of action, as for \fISSL_write_ex\fR\|(3).
+If \fBSSL_write_early_data()\fR fails you should call \fBSSL_get_error\fR\|(3) to determine
+the correct course of action, as for \fBSSL_write_ex\fR\|(3).
 .PP
 When the client no longer wishes to send any more early data then it should
-complete the handshake by calling a function such as \fISSL_connect\fR\|(3) or
-\&\fISSL_do_handshake\fR\|(3). Alternatively you can call a standard write function
-such as \fISSL_write_ex\fR\|(3), which will transparently complete the connection and
+complete the handshake by calling a function such as \fBSSL_connect\fR\|(3) or
+\&\fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard write function
+such as \fBSSL_write_ex\fR\|(3), which will transparently complete the connection and
 write the requested data.
 .PP
 A server may choose to ignore early data that has been sent to it. Once the
 connection has been completed you can determine whether the server accepted or
-rejected the early data by calling \fISSL_get_early_data_status()\fR. This will return
+rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return
 \&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it
 was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function
 may be called by either the client or the server.
 .PP
-A server uses the \fISSL_read_early_data()\fR function to receive early data on a
+A server uses the \fBSSL_read_early_data()\fR function to receive early data on a
 connection for which early data has been enabled using
-\&\fISSL_CTX_set_max_early_data()\fR or \fISSL_set_max_early_data()\fR. As for
-\&\fISSL_write_early_data()\fR, this must be the first \s-1IO\s0 function
+\&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for
+\&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function
 called on a connection, i.e. it must occur before any calls to
-\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_accept\fR\|(3), \fISSL_do_handshake\fR\|(3),
+\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3),
 or other similar functions.
 .PP
-\&\fISSL_read_early_data()\fR is similar to \fISSL_read_ex\fR\|(3) with the following
-differences. Refer to \fISSL_read_ex\fR\|(3) for full details.
+\&\fBSSL_read_early_data()\fR is similar to \fBSSL_read_ex\fR\|(3) with the following
+differences. Refer to \fBSSL_read_ex\fR\|(3) for full details.
 .PP
-\&\fISSL_read_early_data()\fR may return 3 possible values:
+\&\fBSSL_read_early_data()\fR may return 3 possible values:
 .IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4
 .IX Item "SSL_READ_EARLY_DATA_ERROR"
 This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the
-same way as a 0 return value from \fISSL_read_ex\fR\|(3).
+same way as a 0 return value from \fBSSL_read_ex\fR\|(3).
 .IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4
 .IX Item "SSL_READ_EARLY_DATA_SUCCESS"
 This indicates that early data was successfully read. This should be treated in
-the same way as a 1 return value from \fISSL_read_ex\fR\|(3). You should continue to
-call \fISSL_read_early_data()\fR to read more data.
+the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to
+call \fBSSL_read_early_data()\fR to read more data.
 .IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4
 .IX Item "SSL_READ_EARLY_DATA_FINISH"
 This indicates that no more early data can be read. It may be returned on the
-first call to \fISSL_read_early_data()\fR if the client has not sent any early data,
+first call to \fBSSL_read_early_data()\fR if the client has not sent any early data,
 or if the early data was rejected.
 .PP
-Once the initial \fISSL_read_early_data()\fR call has completed successfully (i.e. it
+Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it
 has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the
 server may choose to write data immediately to the unauthenticated client using
-\&\fISSL_write_early_data()\fR. If \fISSL_read_early_data()\fR returned
+\&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned
 \&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only
 supports TLSv1.2) the handshake may have already been completed and calls
-to \fISSL_write_early_data()\fR are not allowed. Call \fISSL_is_init_finished\fR\|(3) to
+to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to
 determine whether the handshake has completed or not. If the handshake is still
-in progress then the server may interleave calls to \fISSL_write_early_data()\fR with
-calls to \fISSL_read_early_data()\fR as required.
+in progress then the server may interleave calls to \fBSSL_write_early_data()\fR with
+calls to \fBSSL_read_early_data()\fR as required.
 .PP
-Servers must not call \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or
-\&\fISSL_write\fR\|(3)  until \fISSL_read_early_data()\fR has returned with
+Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or
+\&\fBSSL_write\fR\|(3)  until \fBSSL_read_early_data()\fR has returned with
 \&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client
 still needs to be completed. Complete the connection by calling a function such
-as \fISSL_accept\fR\|(3) or \fISSL_do_handshake\fR\|(3). Alternatively you can call a
-standard read function such as \fISSL_read_ex\fR\|(3), which will transparently
+as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a
+standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently
 complete the connection and read the requested data. Note that it is an error to
-attempt to complete the connection before \fISSL_read_early_data()\fR has returned
+attempt to complete the connection before \fBSSL_read_early_data()\fR has returned
 \&\s-1SSL_READ_EARLY_DATA_FINISH.\s0
 .PP
-Only servers may call \fISSL_read_early_data()\fR.
+Only servers may call \fBSSL_read_early_data()\fR.
 .PP
-Calls to \fISSL_read_early_data()\fR may, in certain circumstances, complete the
+Calls to \fBSSL_read_early_data()\fR may, in certain circumstances, complete the
 connection immediately without further need to call a function such as
-\&\fISSL_accept\fR\|(3). This can happen if the client is using a protocol version less
+\&\fBSSL_accept\fR\|(3). This can happen if the client is using a protocol version less
 than TLSv1.3. Applications can test for this by calling
-\&\fISSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call
-\&\fISSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no
+\&\fBSSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call
+\&\fBSSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no
 further action taken.
 .PP
 When a session is created between a server and a client the server will specify
 the maximum amount of any early data that it will accept on any future
 connection attempt. By default the server does not accept early data; a
 server may indicate support for early data by calling
-\&\fISSL_CTX_set_max_early_data()\fR or
-\&\fISSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0
+\&\fBSSL_CTX_set_max_early_data()\fR or
+\&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0
 object respectively. The \fBmax_early_data\fR parameter specifies the maximum
 amount of early data in bytes that is permitted to be sent on a single
-connection. Similarly the \fISSL_CTX_get_max_early_data()\fR and
-\&\fISSL_get_max_early_data()\fR functions can be used to obtain the current maximum
+connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and
+\&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum
 early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a
-server application will either use both of \fISSL_read_early_data()\fR and
-\&\fISSL_CTX_set_max_early_data()\fR (or \fISSL_set_max_early_data()\fR), or neither of them,
+server application will either use both of \fBSSL_read_early_data()\fR and
+\&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them,
 since there is no practical benefit from using only one of them. If the maximum
 early data setting for a server is non-zero then replay protection is
 automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below).
@@ -319,9 +323,9 @@ If the server rejects the early data sent by a client then it will skip over
 the data that is sent. The maximum amount of received early data that is skipped
 is controlled by the recv_max_early_data setting. If a client sends more than
 this then the connection will abort. This value can be set by calling
-\&\fISSL_CTX_set_recv_max_early_data()\fR or \fISSL_set_recv_max_early_data()\fR. The current
+\&\fBSSL_CTX_set_recv_max_early_data()\fR or \fBSSL_set_recv_max_early_data()\fR. The current
 value for this setting can be obtained by calling
-\&\fISSL_CTX_get_recv_max_early_data()\fR or \fISSL_get_recv_max_early_data()\fR. The default
+\&\fBSSL_CTX_get_recv_max_early_data()\fR or \fBSSL_get_recv_max_early_data()\fR. The default
 value for this setting is 16,384 bytes.
 .PP
 The recv_max_early_data value also has an impact on early data that is accepted.
@@ -339,7 +343,7 @@ the current configured max_early_data value.
 Some server applications may wish to have more control over whether early data
 is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0
 below) or to decline early_data when the server is heavily loaded. The functions
-\&\fISSL_CTX_set_allow_early_data_cb()\fR and \fISSL_set_allow_early_data_cb()\fR set a
+\&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a
 callback which is called at a point in the handshake immediately before a
 decision is made to accept or reject early data. The callback is provided with a
 pointer to the user data argument that was provided when the callback was first
@@ -363,8 +367,8 @@ yet received an \s-1ACK\s0 for from the peer. The buffered data will only be
 transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if
 the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the
 first \s-1TCP\s0 packet along with any data from the first call to
-\&\fISSL_write_early_data()\fR. If the amount of data written will exceed the size of a
-single \s-1TCP\s0 packet, or if there are more calls to \fISSL_write_early_data()\fR then
+\&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a
+single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then
 that additional data will be sent in subsequent \s-1TCP\s0 packets which will be
 buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet
 containing the ClientHello. This means the early data is not actually
@@ -380,7 +384,7 @@ In rare circumstances, it may be possible for a client to have a session that
 reports a max early data value greater than 0, but where the server does not
 support this. For example, this can occur if a server has had its configuration
 changed to accept a lower max early data value such as by calling
-\&\fISSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to
+\&\fBSSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to
 support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such
 a server will cause the connection to abort. Clients that encounter an aborted
 connection while sending early data may want to retry the connection without
@@ -401,9 +405,9 @@ was submitted will be ignored). Note that single use tickets are enforced even
 if a client does not send any early data.
 .PP
 The replay protection mechanism relies on the internal OpenSSL server session
-cache (see \fISSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is
+cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is
 being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been
-selected (see \fISSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache
+selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache
 whenever a session ticket is issued. When a client attempts to resume the
 session, OpenSSL will check for its presence in the internal cache. If it exists
 then the resumption is allowed and the session is removed from the cache. If it
@@ -411,64 +415,64 @@ does not exist then the resumption is not allowed and a full handshake will
 occur.
 .PP
 Note that some applications may maintain an external cache of sessions (see
-\&\fISSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's
+\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's
 responsibility to ensure that any sessions in the external cache are also
 populated in the internal cache and that once removed from the internal cache
 they are similarly removed from the external cache. Failing to do this could
 result in an application becoming vulnerable to replay attacks. Note that
 OpenSSL will lock the internal cache while a session is removed but that lock is
-not held when the remove session callback (see \fISSL_CTX_sess_set_remove_cb\fR\|(3))
+not held when the remove session callback (see \fBSSL_CTX_sess_set_remove_cb\fR\|(3))
 is called. This could result in a small amount of time where the session has
 been removed from the internal cache but is still available in the external
 cache. Applications should be designed with this in mind in order to minimise
 the possibility of replay attacks.
 .PP
 The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs)
-(e.g. see \fISSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution
+(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution
 should be applied when combining external PSKs with early data.
 .PP
 Some applications may mitigate the replay risks in other ways. For those
 applications it is possible to turn off the built-in replay protection feature
-using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fISSL_CTX_set_options\fR\|(3) for
+using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for
 details. Applications can also set a callback to make decisions about accepting
-early data or not. See \fISSL_CTX_set_allow_early_data_cb()\fR above for details.
+early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a
-failure call \fISSL_get_error\fR\|(3) to determine the correct course of action.
+\&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a
+failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action.
 .PP
-\&\fISSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure,
+\&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure,
 \&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and
 \&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the
-event of a failure call \fISSL_get_error\fR\|(3) to determine the correct course of
+event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of
 action.
 .PP
-\&\fISSL_get_max_early_data()\fR, \fISSL_CTX_get_max_early_data()\fR and
-\&\fISSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes
+\&\fBSSL_get_max_early_data()\fR, \fBSSL_CTX_get_max_early_data()\fR and
+\&\fBSSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes
 that may be sent.
 .PP
-\&\fISSL_set_max_early_data()\fR, \fISSL_CTX_set_max_early_data()\fR and
-\&\fISSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure.
+\&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and
+\&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure.
 .PP
-\&\fISSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was
+\&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was
 accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by
 the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3),
-\&\fISSL_write_ex\fR\|(3),
-\&\fISSL_read_ex\fR\|(3),
-\&\fISSL_connect\fR\|(3),
-\&\fISSL_accept\fR\|(3),
-\&\fISSL_do_handshake\fR\|(3),
-\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3),
-\&\fIssl\fR\|(7)
+\&\fBSSL_get_error\fR\|(3),
+\&\fBSSL_write_ex\fR\|(3),
+\&\fBSSL_read_ex\fR\|(3),
+\&\fBSSL_connect\fR\|(3),
+\&\fBSSL_accept\fR\|(3),
+\&\fBSSL_do_handshake\fR\|(3),
+\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3),
+\&\fBssl\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
 All of the functions described above were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libcrypto/man/SSL_rstate_string.3
index 11c4f8543d041..daec70ee8fdc1 100644
--- a/secure/lib/libcrypto/man/SSL_rstate_string.3
+++ b/secure/lib/libcrypto/man/SSL_rstate_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_RSTATE_STRING 3"
-.TH SSL_RSTATE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_RSTATE_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,10 +150,10 @@ SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state
+\&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state
 of the \s-1SSL\s0 object \fBssl\fR.
 .PP
-\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of
+\&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of
 the \s-1SSL\s0 object \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -160,7 +164,7 @@ SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read do
 This function should only seldom be needed in applications.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following
+\&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following
 values:
 .ie n .IP """\s-1RH""/\s0""read header""" 4
 .el .IP "``\s-1RH''/\s0``read header''" 4
@@ -180,7 +184,7 @@ The record has been completely processed.
 The read state is unknown. This should never happen.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7)
+\&\fBssl\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libcrypto/man/SSL_session_reused.3
index a7e58b3e2a345..9303ef8e56648 100644
--- a/secure/lib/libcrypto/man/SSL_session_reused.3
+++ b/secure/lib/libcrypto/man/SSL_session_reused.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SESSION_REUSED 3"
-.TH SSL_SESSION_REUSED 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SESSION_REUSED 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -162,8 +166,8 @@ A new session was negotiated.
 A session was reused.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_set1_host.3 b/secure/lib/libcrypto/man/SSL_set1_host.3
index 6889f0e918e21..a91b66018624f 100644
--- a/secure/lib/libcrypto/man/SSL_set1_host.3
+++ b/secure/lib/libcrypto/man/SSL_set1_host.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SET1_HOST 3"
-.TH SSL_SET1_HOST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SET1_HOST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,37 +154,37 @@ SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server
 .IX Header "DESCRIPTION"
 These functions configure server hostname checks in the \s-1SSL\s0 client.
 .PP
-\&\fISSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing
+\&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing
 any previously specified host name or names.  If \fBname\fR is \s-1NULL,\s0
 or the empty string the list of hostnames is cleared, and name
 checks are not performed on the peer certificate.  When a non-empty
 \&\fBname\fR is specified, certificate verification automatically checks
-the peer hostname via \fIX509_check_host\fR\|(3) with \fBflags\fR as specified
-via \fISSL_set_hostflags()\fR.  Clients that enable \s-1DANE TLSA\s0 authentication
-via \fISSL_dane_enable\fR\|(3) should leave it to that function to set
+the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified
+via \fBSSL_set_hostflags()\fR.  Clients that enable \s-1DANE TLSA\s0 authentication
+via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set
 the primary reference identifier of the peer, and should not call
-\&\fISSL_set1_host()\fR.
+\&\fBSSL_set1_host()\fR.
 .PP
-\&\fISSL_add1_host()\fR adds \fBname\fR as an additional reference identifier
+\&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier
 that can match the peer's certificate.  Any previous names set via
-\&\fISSL_set1_host()\fR or \fISSL_add1_host()\fR are retained, no change is made
+\&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made
 if \fBname\fR is \s-1NULL\s0 or empty.  When multiple names are configured,
 the peer is considered verified when any name matches.  This function
 is required for \s-1DANE TLSA\s0 in the presence of service name indirection
 via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or
 \&\s-1RFC7673.\s0
 .PP
-\&\fISSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to
-\&\fIX509_check_host\fR\|(3) when name checks are applicable, by default
-the \fBflags\fR value is 0.  See \fIX509_check_host\fR\|(3) for the list
+\&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to
+\&\fBX509_check_host\fR\|(3) when name checks are applicable, by default
+the \fBflags\fR value is 0.  See \fBX509_check_host\fR\|(3) for the list
 of available flags and their meaning.
 .PP
-\&\fISSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName
+\&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName
 from the peer certificate that matched one of the reference
 identifiers.  When wildcard matching is not disabled, the name
 matched in the peer certificate may be a wildcard name.  When one
-of the reference identifiers configured via \fISSL_set1_host()\fR or
-\&\fISSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix
+of the reference identifiers configured via \fBSSL_set1_host()\fR or
+\&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix
 rather than a fixed name, the matched peer name may be a sub-domain
 of the reference identifier.  The returned string is allocated by
 the library and is no longer valid once the associated \fBssl\fR handle
@@ -188,19 +192,19 @@ is cleared or freed, or a renegotiation takes place.  Applications
 must not free the return value.
 .PP
 \&\s-1SSL\s0 clients are advised to use these functions in preference to
-explicitly calling \fIX509_check_host\fR\|(3).  Hostname checks may be out
-of scope with the \s-1RFC7671 \fIDANE\-EE\s0\fR\|(3) certificate usage, and the
+explicitly calling \fBX509_check_host\fR\|(3).  Hostname checks may be out
+of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the
 internal check will be suppressed as appropriate when \s-1DANE\s0 is
 enabled.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_set1_host()\fR and \fISSL_add1_host()\fR return 1 for success and 0 for
+\&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for
 failure.
 .PP
-\&\fISSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not
-applicable (as with \s-1RFC7671 \fIDANE\-EE\s0\fR\|(3)), or no trusted peername was
+\&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not
+applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was
 matched.  Otherwise, it returns the matched peername.  To determine
-whether verification succeeded call \fISSL_get_verify_result\fR\|(3).
+whether verification succeeded call \fBSSL_get_verify_result\fR\|(3).
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R".
@@ -229,12 +233,12 @@ the lifetime of the \s-1SSL\s0 connection.
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_check_host\fR\|(3),
-\&\fISSL_get_verify_result\fR\|(3).
-\&\fISSL_dane_enable\fR\|(3).
+\&\fBX509_check_host\fR\|(3),
+\&\fBSSL_get_verify_result\fR\|(3).
+\&\fBSSL_dane_enable\fR\|(3).
 .SH "HISTORY"
 .IX Header "HISTORY"
-These functions were first added to OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libcrypto/man/SSL_set_bio.3
index 3804259974a25..55832fae88329 100644
--- a/secure/lib/libcrypto/man/SSL_set_bio.3
+++ b/secure/lib/libcrypto/man/SSL_set_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SET_BIO 3"
-.TH SSL_SET_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SET_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,23 +151,23 @@ SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR
+\&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR
 object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is
 non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This
 function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically
-freed using \fIBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this
+freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this
 function, any existing \fBrbio\fR that was previously set will also be freed via a
-call to \fIBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to
+call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to
 the same value as previously).
 .PP
-\&\fISSL_set0_wbio()\fR works in the same as \fISSL_set0_rbio()\fR except that it connects
+\&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects
 the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the
-rbio and wbio are the same then \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR each take
+rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take
 ownership of one reference. Therefore it may be necessary to increment the
-number of references available using \fIBIO_up_ref\fR\|(3) before calling the set0
+number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0
 functions.
 .PP
-\&\fISSL_set_bio()\fR is similar to \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR except
+\&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except
 that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and
 transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to
 the following set of rules:
@@ -201,18 +205,18 @@ is consumed
 for the \fBwbio\fR.
 .PP
 Because of this complexity, this function should be avoided;
-use \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR instead.
+use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_set_bio()\fR, \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR cannot fail.
+\&\fBSSL_set_bio()\fR, \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR cannot fail.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_rbio\fR\|(3),
-\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3),
-\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7)
+\&\fBSSL_get_rbio\fR\|(3),
+\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3),
+\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR were added in OpenSSL 1.1.0.
+\&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/SSL_set_connect_state.3
index fcf2e6222505c..2878dbbaaa037 100644
--- a/secure/lib/libcrypto/man/SSL_set_connect_state.3
+++ b/secure/lib/libcrypto/man/SSL_set_connect_state.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SET_CONNECT_STATE 3"
-.TH SSL_SET_CONNECT_STATE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SET_CONNECT_STATE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,50 +153,50 @@ SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for ma
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode.
+\&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode.
 .PP
-\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode.
+\&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode.
 .PP
-\&\fISSL_is_server()\fR checks if \fBssl\fR is working in server mode.
+\&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode.
 .SH "NOTES"
 .IX Header "NOTES"
-When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3),
+When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3),
 it was either assigned a dedicated client method, a dedicated server
 method, or a generic method, that can be used for both client and
 server connections. (The method might have been changed with
-\&\fISSL_CTX_set_ssl_version\fR\|(3) or
-\&\fISSL_set_ssl_method\fR\|(3).)
+\&\fBSSL_CTX_set_ssl_version\fR\|(3) or
+\&\fBSSL_set_ssl_method\fR\|(3).)
 .PP
 When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must
 call the connect (client) or accept (server) routines. Even though it may
 be clear from the method chosen, whether client or server mode was
 requested, the handshake routines must be explicitly set.
 .PP
-When using the \fISSL_connect\fR\|(3) or
-\&\fISSL_accept\fR\|(3) routines, the correct handshake
+When using the \fBSSL_connect\fR\|(3) or
+\&\fBSSL_accept\fR\|(3) routines, the correct handshake
 routines are automatically set. When performing a transparent negotiation
-using \fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), or \fISSL_read\fR\|(3),
+using \fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), or \fBSSL_read\fR\|(3),
 the handshake routines must be explicitly set in advance using either
-\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR.
+\&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR.
 .PP
-If \fISSL_is_server()\fR is called before \fISSL_set_connect_state()\fR or
-\&\fISSL_set_accept_state()\fR is called (either automatically or explicitly),
+If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or
+\&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly),
 the result depends on what method was used when \s-1SSL_CTX\s0 was created with
-\&\fISSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was
-passed to \fISSL_CTX_new\fR\|(3), \fISSL_is_server()\fR returns 1; otherwise, it returns 0.
+\&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was
+passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic
+\&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic
 information.
 .PP
-\&\fISSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode.
+\&\fBSSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3),
-\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3),
-\&\fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3),
-\&\fISSL_do_handshake\fR\|(3),
-\&\fISSL_CTX_set_ssl_version\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3),
+\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3),
+\&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3),
+\&\fBSSL_do_handshake\fR\|(3),
+\&\fBSSL_CTX_set_ssl_version\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libcrypto/man/SSL_set_fd.3
index 00729d4d7c602..20ca2da2050c5 100644
--- a/secure/lib/libcrypto/man/SSL_set_fd.3
+++ b/secure/lib/libcrypto/man/SSL_set_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SET_FD 3"
-.TH SSL_SET_FD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SET_FD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descr
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility
+\&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility
 for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
 socket file descriptor of a network connection.
 .PP
@@ -156,10 +160,10 @@ interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1S
 inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will
 also have non-blocking behaviour.
 .PP
-If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called
+If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called
 (for both the reading and writing side, if different).
 .PP
-\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only
+\&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only
 for the read channel or the write channel, which can be set independently.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -171,9 +175,9 @@ The operation failed. Check the error stack to find out why.
 The operation succeeded.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3),
-\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3),
-\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7)
+\&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3),
+\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3),
+\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libcrypto/man/SSL_set_session.3
index efb1e3880f43c..4c5b9be7c1eba 100644
--- a/secure/lib/libcrypto/man/SSL_set_session.3
+++ b/secure/lib/libcrypto/man/SSL_set_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SET_SESSION 3"
-.TH SSL_SET_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SET_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,19 +149,19 @@ SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection
-is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients.
+\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection
+is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients.
 When the session is set, the reference count of \fBsession\fR is incremented
 by 1. If the session is not reused, the reference count is decremented
-again during \fISSL_connect()\fR. Whether the session was reused can be queried
-with the \fISSL_session_reused\fR\|(3) call.
+again during \fBSSL_connect()\fR. Whether the session was reused can be queried
+with the \fBSSL_session_reused\fR\|(3) call.
 .PP
 If there is already a session set inside \fBssl\fR (because it was set with
-\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for
-a connection), \fISSL_SESSION_free()\fR will be called for that session. If that old
+\&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for
+a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old
 session is still \fBopen\fR, it is considered bad and will be removed from the
-session cache (if used). A session is considered open, if \fISSL_shutdown\fR\|(3) was
-not called for the connection (or at least \fISSL_set_shutdown\fR\|(3) was used to
+session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was
+not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to
 set the \s-1SSL_SENT_SHUTDOWN\s0 state).
 .SH "NOTES"
 .IX Header "NOTES"
@@ -176,10 +180,10 @@ The operation failed; check the error stack to find out the reason.
 The operation succeeded.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3),
-\&\fISSL_get_session\fR\|(3),
-\&\fISSL_session_reused\fR\|(3),
-\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3),
+\&\fBSSL_get_session\fR\|(3),
+\&\fBSSL_session_reused\fR\|(3),
+\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/SSL_set_shutdown.3
index c255dd93b81be..307dc948d1e74 100644
--- a/secure/lib/libcrypto/man/SSL_set_shutdown.3
+++ b/secure/lib/libcrypto/man/SSL_set_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SET_SHUTDOWN 3"
-.TH SSL_SET_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SET_SHUTDOWN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,9 +151,9 @@ SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connec
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR.
+\&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR.
 .PP
-\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR.
+\&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The shutdown state of an ssl connection is a bitmask of:
@@ -168,28 +172,28 @@ or a fatal error.
 .PP
 The shutdown state of the connection is used to determine the state of
 the ssl session. If the session is still open, when
-\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called,
+\&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called,
 it is considered bad and removed according to \s-1RFC2246.\s0
 The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0
 (according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify
 alert but to not wait for the peer's answer, when the underlying connection
 is closed).
-\&\fISSL_set_shutdown()\fR can be used to set this state without sending a
-close alert to the peer (see \fISSL_shutdown\fR\|(3)).
+\&\fBSSL_set_shutdown()\fR can be used to set this state without sending a
+close alert to the peer (see \fBSSL_shutdown\fR\|(3)).
 .PP
 If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set,
 for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call
-\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself.
+\&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_set_shutdown()\fR does not return diagnostic information.
+\&\fBSSL_set_shutdown()\fR does not return diagnostic information.
 .PP
-\&\fISSL_get_shutdown()\fR returns the current setting.
+\&\fBSSL_get_shutdown()\fR returns the current setting.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3),
-\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
-\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3),
+\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3),
+\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/SSL_set_verify_result.3
index 2538fa8f60001..76804899ba3f9 100644
--- a/secure/lib/libcrypto/man/SSL_set_verify_result.3
+++ b/secure/lib/libcrypto/man/SSL_set_verify_result.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SET_VERIFY_RESULT 3"
-.TH SSL_SET_VERIFY_RESULT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SET_VERIFY_RESULT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,25 +149,25 @@ SSL_set_verify_result \- override result of peer certificate verification
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the
+\&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the
 result of the verification of the X509 certificate presented by the peer,
 if any.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes
+\&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes
 the verification result of the \fBssl\fR object. It does not become part of the
 established session, so if the session is to be reused later, the original
 value will reappear.
 .PP
-The valid codes for \fBverify_result\fR are documented in \fIverify\fR\|(1).
+The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_set_verify_result()\fR does not provide a return value.
+\&\fBSSL_set_verify_result()\fR does not provide a return value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3),
-\&\fISSL_get_peer_certificate\fR\|(3),
-\&\fIverify\fR\|(1)
+\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3),
+\&\fBSSL_get_peer_certificate\fR\|(3),
+\&\fBverify\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libcrypto/man/SSL_shutdown.3
index 47c7477c7cbc7..6160b111ebb91 100644
--- a/secure/lib/libcrypto/man/SSL_shutdown.3
+++ b/secure/lib/libcrypto/man/SSL_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_SHUTDOWN 3"
-.TH SSL_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_SHUTDOWN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,15 +149,19 @@ SSL_shutdown \- shut down a TLS/SSL connection
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the
+\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the
 close_notify shutdown alert to the peer.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer.
+\&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer.
 Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and
 a currently open session is considered closed and good and will be kept in the
 session cache for further reuse.
 .PP
+Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has
+occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0
+or \s-1SSL_ERROR_SSL.\s0
+.PP
 The shutdown procedure consists of two steps: sending of the close_notify
 shutdown alert, and reception of the peer's close_notify shutdown alert.
 The order of those two steps depends on the application.
@@ -176,19 +184,19 @@ When the underlying connection shall be used for more communications, the
 complete shutdown procedure must be performed, so that the peers stay
 synchronized.
 .PP
-\&\fISSL_shutdown()\fR only closes the write direction.
-It is not possible to call \fISSL_write()\fR after calling \fISSL_shutdown()\fR.
+\&\fBSSL_shutdown()\fR only closes the write direction.
+It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR.
 The read direction is closed by the peer.
 .SS "First to close the connection"
 .IX Subsection "First to close the connection"
 When the application is the first party to send the close_notify
-alert, \fISSL_shutdown()\fR will only send the alert and then set the
+alert, \fBSSL_shutdown()\fR will only send the alert and then set the
 \&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will
 be kept in the cache).
-If successful, \fISSL_shutdown()\fR will return 0.
+If successful, \fBSSL_shutdown()\fR will return 0.
 .PP
 If a unidirectional shutdown is enough (the underlying connection shall be
-closed anyway), this first successful call to \fISSL_shutdown()\fR is sufficient.
+closed anyway), this first successful call to \fBSSL_shutdown()\fR is sufficient.
 .PP
 In order to complete the bidirectional shutdown handshake, the peer needs
 to send back a close_notify alert.
@@ -198,48 +206,48 @@ it.
 The peer is still allowed to send data after receiving the close_notify
 event.
 When it is done sending data, it will send the close_notify alert.
-\&\fISSL_read()\fR should be called until all data is received.
-\&\fISSL_read()\fR will indicate the end of the peer data by returning <= 0
-and \fISSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0
+\&\fBSSL_read()\fR should be called until all data is received.
+\&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0
+and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0
 .SS "Peer closes the connection"
 .IX Subsection "Peer closes the connection"
 If the peer already sent the close_notify alert \fBand\fR it was
 already processed implicitly inside another function
-(\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set.
-\&\fISSL_read()\fR will return <= 0 in that case, and \fISSL_get_error()\fR will return
+(\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set.
+\&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return
 \&\s-1SSL_ERROR_ZERO_RETURN.\s0
-\&\fISSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0
+\&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0
 flag.
-If successful, \fISSL_shutdown()\fR will return 1.
+If successful, \fBSSL_shutdown()\fR will return 1.
 .PP
 Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the
-\&\fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call.
+\&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call.
 .SH "NOTES"
 .IX Header "NOTES"
-The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0
-If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
+The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the
 handshake step has been finished or an error occurred.
 .PP
-If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return
-when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR
-to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
-return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR
+to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the
+return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
 \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR.
+taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR.
 The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
-nothing is to be done, but \fIselect()\fR can be used to check for the required
+nothing is to be done, but \fBselect()\fR can be used to check for the required
 condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
 into or retrieved out of the \s-1BIO\s0 before being able to continue.
 .PP
-After \fISSL_shutdown()\fR returned 0, it is possible to call \fISSL_shutdown()\fR again
+After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again
 to wait for the peer's close_notify alert.
-\&\fISSL_shutdown()\fR will return 1 in that case.
-However, it is recommended to wait for it using \fISSL_read()\fR instead.
+\&\fBSSL_shutdown()\fR will return 1 in that case.
+However, it is recommended to wait for it using \fBSSL_read()\fR instead.
 .PP
-\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
+\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
 state but not actually send the close_notify alert messages,
-see \fISSL_CTX_set_quiet_shutdown\fR\|(3).
-When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed
+see \fBSSL_CTX_set_quiet_shutdown\fR\|(3).
+When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed
 and return 1.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -247,8 +255,8 @@ The following return values can occur:
 .IP "0" 4
 The shutdown is not yet finished: the close_notify was sent but the peer
 did not send it back yet.
-Call \fISSL_read()\fR to do a bidirectional shutdown.
-The output of \fISSL_get_error\fR\|(3) may be misleading, as an
+Call \fBSSL_read()\fR to do a bidirectional shutdown.
+The output of \fBSSL_get_error\fR\|(3) may be misleading, as an
 erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred.
 .IP "1" 4
 .IX Item "1"
@@ -257,18 +265,18 @@ and the peer's close_notify alert was received.
 .IP "<0" 4
 .IX Item "<0"
 The shutdown was not successful.
-Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason.
+Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason.
 It can occur if an action is needed to continue the operation for non-blocking
 BIOs.
 .Sp
-It can also occur when not all data was read using \fISSL_read()\fR.
+It can also occur when not all data was read using \fBSSL_read()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
-\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3),
-\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
-\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3),
-\&\fIssl\fR\|(7), \fIbio\fR\|(7)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3),
+\&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3),
+\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3),
+\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3),
+\&\fBssl\fR\|(7), \fBbio\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libcrypto/man/SSL_state_string.3
index 4381287e781bc..741bf0279df34 100644
--- a/secure/lib/libcrypto/man/SSL_state_string.3
+++ b/secure/lib/libcrypto/man/SSL_state_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_STATE_STRING 3"
-.TH SSL_STATE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_STATE_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,10 +150,10 @@ SSL_state_string, SSL_state_string_long \- get textual description of state of a
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state
+\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state
 of the \s-1SSL\s0 object \fBssl\fR.
 .PP
-\&\fISSL_state_string_long()\fR returns a string indicating the current state of
+\&\fBSSL_state_string_long()\fR returns a string indicating the current state of
 the \s-1SSL\s0 object \fBssl\fR.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -164,13 +168,13 @@ so that SSL_state_string[_long]() may be called.
 .PP
 For both blocking or non-blocking sockets, the details state information
 can be used within the info_callback function set with the
-\&\fISSL_set_info_callback()\fR call.
+\&\fBSSL_set_info_callback()\fR call.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 Detailed description of possible states to be included later.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libcrypto/man/SSL_want.3
index 5a2e2ad29eaa3..2ad45536bf2d2 100644
--- a/secure/lib/libcrypto/man/SSL_want.3
+++ b/secure/lib/libcrypto/man/SSL_want.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_WANT 3"
-.TH SSL_WANT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_WANT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,25 +156,25 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR.
+\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR.
 .PP
 The other SSL_want_*() calls are shortcuts for the possible states returned
-by \fISSL_want()\fR.
+by \fBSSL_want()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its
-return values are similar to that of \fISSL_get_error\fR\|(3).
-Unlike \fISSL_get_error\fR\|(3), which also evaluates the
+\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its
+return values are similar to that of \fBSSL_get_error\fR\|(3).
+Unlike \fBSSL_get_error\fR\|(3), which also evaluates the
 error queue, the results are obtained by examining an internal state flag
 only. The information must therefore only be used for normal operation under
 non-blocking I/O. Error conditions are not handled and must be treated
-using \fISSL_get_error\fR\|(3).
+using \fBSSL_get_error\fR\|(3).
 .PP
-The result returned by \fISSL_want()\fR should always be consistent with
-the result of \fISSL_get_error\fR\|(3).
+The result returned by \fBSSL_want()\fR should always be consistent with
+the result of \fBSSL_get_error\fR\|(3).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The following return values can currently occur for \fISSL_want()\fR:
+The following return values can currently occur for \fBSSL_want()\fR:
 .IP "\s-1SSL_NOTHING\s0" 4
 .IX Item "SSL_NOTHING"
 There is no data to be written or to be read.
@@ -178,46 +182,47 @@ There is no data to be written or to be read.
 .IX Item "SSL_WRITING"
 There are data in the \s-1SSL\s0 buffer that must be written to the underlying
 \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation.
-A call to \fISSL_get_error\fR\|(3) should return
+A call to \fBSSL_get_error\fR\|(3) should return
 \&\s-1SSL_ERROR_WANT_WRITE.\s0
 .IP "\s-1SSL_READING\s0" 4
 .IX Item "SSL_READING"
 More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to
 complete the actual SSL_*() operation.
-A call to \fISSL_get_error\fR\|(3) should return
+A call to \fBSSL_get_error\fR\|(3) should return
 \&\s-1SSL_ERROR_WANT_READ.\s0
 .IP "\s-1SSL_X509_LOOKUP\s0" 4
 .IX Item "SSL_X509_LOOKUP"
 The operation did not complete because an application callback set by
-\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
-A call to \fISSL_get_error\fR\|(3) should return
+\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again.
+A call to \fBSSL_get_error\fR\|(3) should return
 \&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0
 .IP "\s-1SSL_ASYNC_PAUSED\s0" 4
 .IX Item "SSL_ASYNC_PAUSED"
 An asynchronous operation partially completed and was then paused. See
-\&\fISSL_get_all_async_fds\fR\|(3). A call to \fISSL_get_error\fR\|(3) should return
+\&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return
 \&\s-1SSL_ERROR_WANT_ASYNC.\s0
 .IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4
 .IX Item "SSL_ASYNC_NO_JOBS"
 The asynchronous job could not be started because there were no async jobs
-available in the pool (see \fIASYNC_init_thread\fR\|(3)). A call to \fISSL_get_error\fR\|(3)
+available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3)
 should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0
 .IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4
 .IX Item "SSL_CLIENT_HELLO_CB"
 The operation did not complete because an application callback set by
-\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again.
-A call to \fISSL_get_error\fR\|(3) should return
+\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again.
+A call to \fBSSL_get_error\fR\|(3) should return
 \&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0
 .PP
-\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR,
-\&\fISSL_want_async()\fR, \fISSL_want_async_job()\fR, and \fISSL_want_client_hello_cb()\fR return
+\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR,
+\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return
 1, when the corresponding condition is true or 0 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_get_error\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_want_client_hello_cb()\fR and \s-1SSL_CLIENT_HELLO_CB\s0 were added in OpenSSL 1.1.1.
+The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value
+were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libcrypto/man/SSL_write.3
index 95123e41c5ac1..c68793c7bcd55 100644
--- a/secure/lib/libcrypto/man/SSL_write.3
+++ b/secure/lib/libcrypto/man/SSL_write.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_WRITE 3"
-.TH SSL_WRITE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_WRITE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,23 +150,23 @@ SSL_write_ex, SSL_write \- write bytes to a TLS/SSL connection
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fISSL_write_ex()\fR and \fISSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into
-the specified \fBssl\fR connection. On success \fISSL_write_ex()\fR will store the number
+\&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into
+the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number
 of bytes written in \fB*written\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 In the paragraphs below a \*(L"write function\*(R" is defined as one of either
-\&\fISSL_write_ex()\fR, or \fISSL_write()\fR.
+\&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR.
 .PP
 If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already
-explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the peer
+explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer
 requests a re-negotiation, it will be performed transparently during
 the write function operation. The behaviour of the write functions depends on the
 underlying \s-1BIO.\s0
 .PP
 For the transparent negotiation to succeed, the \fBssl\fR must have been
 initialized to client or server mode. This is being done by calling
-\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR
+\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR
 before the first call to a write function.
 .PP
 If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once
@@ -170,19 +174,19 @@ the write operation has been finished or an error occurred.
 .PP
 If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return
 when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue
-the operation. In this case a call to \fISSL_get_error\fR\|(3) with the
+the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the
 return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR
 or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a
 call to a write function can also cause read operations! The calling process
 then must repeat the call after taking appropriate action to satisfy the needs
 of the write function. The action depends on the underlying \s-1BIO.\s0 When using a
-non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check
+non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check
 for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data
 must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.
 .PP
 The write functions will only return with success when the complete contents of
 \&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed
-with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fISSL_CTX_set_mode\fR\|(3). When
+with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When
 this flag is set the write functions will also return with success when a
 partial write has been successfully completed. In this case the write function
 operation is considered completed. The bytes are sent and a new write call with
@@ -190,19 +194,19 @@ a new buffer (with the already sent bytes removed) must be started. A partial
 write is performed with the size of a message block, which is 16kB.
 .SH "WARNING"
 .IX Header "WARNING"
-When a write function call has to be repeated because \fISSL_get_error\fR\|(3)
+When a write function call has to be repeated because \fBSSL_get_error\fR\|(3)
 returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated
 with the same arguments.
 The data that was passed might have been partially processed.
-When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fISSL_CTX_set_mode\fR\|(3)
+When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3)
 the pointer can be different, but the data and length should still be the same.
 .PP
-You should not call \fISSL_write()\fR with num=0, it will return an error.
-\&\fISSL_write_ex()\fR can be called with num=0, but will not send application data to
+You should not call \fBSSL_write()\fR with num=0, it will return an error.
+\&\fBSSL_write_ex()\fR can be called with num=0, but will not send application data to
 the peer.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fISSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that
+\&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that
 all requested application data bytes have been written to the \s-1SSL\s0 connection or,
 if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has
 been written to the \s-1SSL\s0 connection. Failure means that not all the requested
@@ -210,10 +214,10 @@ bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in u
 no bytes could be written to the \s-1SSL\s0 connection (if
 \&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the
 network write buffer has temporarily filled up) or non-retryable (e.g. a fatal
-network error). In the event of a failure call \fISSL_get_error\fR\|(3) to find out
+network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out
 the reason which indicates whether the call is retryable or not.
 .PP
-For \fISSL_write()\fR the following return values can occur:
+For \fBSSL_write()\fR the following return values can occur:
 .IP "> 0" 4
 .IX Item "> 0"
 The write operation was successful, the return value is the number of
@@ -222,21 +226,21 @@ bytes actually written to the \s-1TLS/SSL\s0 connection.
 .IX Item "<= 0"
 The write operation was not successful, because either the connection was
 closed, an error occurred or action must be taken by the calling process.
-Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason.
+Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason.
 .Sp
 Old documentation indicated a difference between 0 and \-1, and that \-1 was
 retryable.
-You should instead call \fISSL_get_error()\fR to find out if it's retryable.
+You should instead call \fBSSL_get_error()\fR to find out if it's retryable.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fISSL_write_ex()\fR was added in OpenSSL 1.1.1.
+The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_error\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3)
-\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3),
-\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3)
-\&\fISSL_set_connect_state\fR\|(3),
-\&\fIssl\fR\|(7), \fIbio\fR\|(7)
+\&\fBSSL_get_error\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3)
+\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3),
+\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3)
+\&\fBSSL_set_connect_state\fR\|(3),
+\&\fBssl\fR\|(7), \fBbio\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/UI_STRING.3 b/secure/lib/libcrypto/man/UI_STRING.3
index cd82ae8c70994..35564dbd626b1 100644
--- a/secure/lib/libcrypto/man/UI_STRING.3
+++ b/secure/lib/libcrypto/man/UI_STRING.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "UI_STRING 3"
-.TH UI_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH UI_STRING 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,99 +171,99 @@ UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_outp
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever
-one of the functions \fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR,
-\&\fIUI_add_verify_string()\fR, \fIUI_dup_verify_string()\fR,
-\&\fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR, \fIUI_add_info_string()\fR,
-\&\fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR or \fIUI_dup_error_string()\fR
+one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR,
+\&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR,
+\&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR,
+\&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR
 is called.
 For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more.
 For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these
 \&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them.
 .PP
-\&\fIUI_get_string_type()\fR is used to retrieve the type of the given
+\&\fBUI_get_string_type()\fR is used to retrieve the type of the given
 \&\fB\s-1UI_STRING\s0\fR.
 .PP
-\&\fIUI_get_input_flags()\fR is used to retrieve the flags associated with the
+\&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the
 given \fB\s-1UI_STRING\s0\fR.
 .PP
-\&\fIUI_get0_output_string()\fR is used to retrieve the actual string to
+\&\fBUI_get0_output_string()\fR is used to retrieve the actual string to
 output (prompt, info, error, ...).
 .PP
-\&\fIUI_get0_action_string()\fR is used to retrieve the action description
+\&\fBUI_get0_action_string()\fR is used to retrieve the action description
 associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR.
 For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned.
-See \fIUI_add_input_boolean\fR\|(3).
+See \fBUI_add_input_boolean\fR\|(3).
 .PP
-\&\fIUI_get0_result_string()\fR and \fIUI_get_result_string_length()\fR are used to
+\&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to
 retrieve the result of a prompt and its length.
 This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings.
-For all other \fB\s-1UI_STRING\s0\fR types, \fIUI_get0_result_string()\fR returns \s-1NULL\s0
-and \fIUI_get_result_string_length()\fR returns \-1.
+For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0
+and \fBUI_get_result_string_length()\fR returns \-1.
 .PP
-\&\fIUI_get0_test_string()\fR is used to retrieve the string to compare the
+\&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the
 prompt result with.
 This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings.
 For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned.
 .PP
-\&\fIUI_get_result_minsize()\fR and \fIUI_get_result_maxsize()\fR are used to
+\&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to
 retrieve the minimum and maximum required size of the result.
 This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings.
 For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned.
 .PP
-\&\fIUI_set_result_ex()\fR is used to set the result value of a prompt and its length.
+\&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length.
 For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the
-result retrievable with \fIUI_get0_result_string()\fR by copying the
+result retrievable with \fBUI_get0_result_string()\fR by copying the
 contents of \fBresult\fR if its length fits the minimum and maximum size
 requirements.
 For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of
-the result retrievable with \fIUI_get0_result_string()\fR to the first
-\&\fBok_char\fR given with \fIUI_add_input_boolean()\fR or \fIUI_dup_input_boolean()\fR
+the result retrievable with \fBUI_get0_result_string()\fR to the first
+\&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR
 if the \fBresult\fR matched any of them, or the first of the
 \&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's
 set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR.
-See \fIUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and
+See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and
 \&\fBcancel_chars\fR.
 .PP
-\&\fIUI_set_result()\fR does the same thing as \fIUI_set_result_ex()\fR, but calculates
+\&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates
 its length internally.
 It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore
 only useful with normal C strings.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIUI_get_string_type()\fR returns the \s-1UI\s0 string type.
+\&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type.
 .PP
-\&\fIUI_get_input_flags()\fR returns the \s-1UI\s0 string flags.
+\&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags.
 .PP
-\&\fIUI_get0_output_string()\fR returns the \s-1UI\s0 string output string.
+\&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string.
 .PP
-\&\fIUI_get0_action_string()\fR returns the \s-1UI\s0 string action description
+\&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description
 string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type.
 .PP
-\&\fIUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for
+\&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for
 \&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other
 type.
 .PP
-\&\fIUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's
+\&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's
 content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings,
 \&\-1 for any other type.
 .PP
-\&\fIUI_get0_test_string()\fR returns the \s-1UI\s0 string action description
+\&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description
 string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type.
 .PP
-\&\fIUI_get_result_minsize()\fR returns the minimum allowed result size for
+\&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for
 the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings,
 \&\-1 for any other type.
 .PP
-\&\fIUI_get_result_maxsize()\fR returns the minimum allowed result size for
+\&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for
 the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings,
 \&\-1 for any other type.
 .PP
-\&\fIUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any
+\&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any
 type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on
 error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIUI\s0\fR\|(3)
+\&\s-1\fBUI\s0\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 b/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
index cb29dea294c85..c53a049692241 100644
--- a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
+++ b/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "UI_UTIL_READ_PW 3"
-.TH UI_UTIL_READ_PW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH UI_UTIL_READ_PW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,45 +153,45 @@ UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a
+\&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a
 prompt, and stores it in \fBbuf\fR.
 The maximum allowed size is given with \fBlength\fR, including the
 terminating \s-1NUL\s0 byte.
 If \fBverify\fR is non-zero, the password will be verified as well.
 .PP
-\&\fIUI_UTIL_read_pw()\fR does the same as \fIUI_UTIL_read_pw_string()\fR, the
+\&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the
 difference is that you can give it an external buffer \fBbuff\fR for the
 verification passphrase.
 .PP
-\&\fIUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary
+\&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary
 \&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR.
 \&\fBrwflag\fR is used to specify if this method will be used for
 passphrase entry without (0) or with (1) verification.
 When not used any more, the returned method should be freed with
-\&\fIUI_destroy_method()\fR.
+\&\fBUI_destroy_method()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR use default
+\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default
 \&\fB\s-1UI_METHOD\s0\fR.
-See \fIUI_get_default_method\fR\|(3) and friends for more information.
+See \fBUI_get_default_method\fR\|(3) and friends for more information.
 .PP
 The result from the \fB\s-1UI_METHOD\s0\fR created by
-\&\fIUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the
+\&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the
 encoding that the given password callback generates.
 The default password prompting functions (apart from
-\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR, there is
-\&\fIPEM_def_callback()\fR, \fIEVP_read_pw_string()\fR and \fIEVP_read_pw_string_min()\fR)
+\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is
+\&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR)
 all use the default \fB\s-1UI_METHOD\s0\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR return 0 on success or a negative
+\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative
 value on error.
 .PP
-\&\fIUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0
+\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0
 if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIUI_get_default_method\fR\|(3)
+\&\fBUI_get_default_method\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/UI_create_method.3 b/secure/lib/libcrypto/man/UI_create_method.3
index 00214960f1c97..0851488d9a1e2 100644
--- a/secure/lib/libcrypto/man/UI_create_method.3
+++ b/secure/lib/libcrypto/man/UI_create_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "UI_CREATE_METHOD 3"
-.TH UI_CREATE_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH UI_CREATE_METHOD 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -221,14 +225,14 @@ This depends on the needs of the method.
 For example, a typical tty reader wouldn't write the prompts in the
 write, but would rather do so in the reader, because of the sequential
 nature of prompting on a tty.
-This is how the \fIUI_OpenSSL()\fR method does it.
+This is how the \fBUI_OpenSSL()\fR method does it.
 .PP
 In contrast, a method that builds up a dialog box would add all prompt
 text in the writer, have all input read in the flusher and store the
 results in some temporary buffer, and finally have the reader just
 fetch those results.
 .PP
-The central function that uses these method functions is \fIUI_process()\fR,
+The central function that uses these method functions is \fBUI_process()\fR,
 and it does it in five steps:
 .IP "1." 4
 Open the session using the opener function if that one's defined.
@@ -247,65 +251,64 @@ If an error occurs, jump to 5.
 .IP "5." 4
 Close the session using the closer function if that one's defined.
 .PP
-\&\fIUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR.
+\&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR.
 .PP
-\&\fIUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR.
+\&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR.
 .PP
-\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR,
-\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR and
-\&\fIUI_method_set_closer()\fR set the five main method function to the given
+\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR,
+\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and
+\&\fBUI_method_set_closer()\fR set the five main method function to the given
 function pointer.
 .PP
-\&\fIUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor.
-See \fIUI_dup_user_data\fR\|(3).
+\&\fBUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor.
+See \fBUI_dup_user_data\fR\|(3).
 .PP
-\&\fIUI_method_set_prompt_constructor()\fR sets the prompt constructor.
-See \fIUI_construct_prompt\fR\|(3).
+\&\fBUI_method_set_prompt_constructor()\fR sets the prompt constructor.
+See \fBUI_construct_prompt\fR\|(3).
 .PP
-\&\fIUI_method_set_ex_data()\fR sets application specific data with a given
+\&\fBUI_method_set_ex_data()\fR sets application specific data with a given
 \&\s-1EX_DATA\s0 index.
-See \fICRYPTO_get_ex_new_index\fR\|(3) for general information on how to
+See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to
 get that index.
 .PP
-\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR,
-\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR,
-\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR,
-\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR
+\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR,
+\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR,
+\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR,
+\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR
 return the different method functions.
 .PP
-\&\fIUI_method_get_ex_data()\fR returns the application data previously stored
-with \fIUI_method_set_ex_data()\fR.
+\&\fBUI_method_get_ex_data()\fR returns the application data previously stored
+with \fBUI_method_set_ex_data()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on
+\&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on
 error.
 .PP
-\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR,
-\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR,
-\&\fIUI_method_set_closer()\fR, \fIUI_method_set_data_duplicator()\fR and
-\&\fIUI_method_set_prompt_constructor()\fR
+\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR,
+\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR,
+\&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and
+\&\fBUI_method_set_prompt_constructor()\fR
 return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0
 .PP
-\&\fIUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because
-\&\fICRYPTO_set_ex_data()\fR does so).
+\&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because
+\&\fBCRYPTO_set_ex_data()\fR does so).
 .PP
-\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR,
-\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR,
-\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR,
-\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR
+\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR,
+\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR,
+\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR,
+\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR
 return the requested function pointer if it's set in the method,
 otherwise \s-1NULL.\s0
 .PP
-\&\fIUI_method_get_ex_data()\fR returns a pointer to the application specific
+\&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific
 data associated with the method.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\s-1\fIUI\s0\fR\|(3), \fICRYPTO_get_ex_data\fR\|(3), \s-1\fIUI_STRING\s0\fR\|(3)
+\&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIUI_method_set_data_duplicator()\fR, \fIUI_method_get_data_duplicator()\fR and
-\&\fIUI_method_get_data_destructor()\fR
-were added in OpenSSL 1.1.1.
+The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR
+and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/UI_new.3 b/secure/lib/libcrypto/man/UI_new.3
index e78220d10932e..20945445cfe4f 100644
--- a/secure/lib/libcrypto/man/UI_new.3
+++ b/secure/lib/libcrypto/man/UI_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "UI_NEW 3"
-.TH UI_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH UI_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -194,7 +198,7 @@ UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI
 .IX Header "DESCRIPTION"
 \&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to
 prompt the user for text-based information.  Through user-written methods
-(see \fIUI_create_method\fR\|(3)), prompting can be done in any way
+(see \fBUI_create_method\fR\|(3)), prompting can be done in any way
 imaginable, be it plain text prompting, through dialog boxes or from a
 cell phone.
 .PP
@@ -203,77 +207,77 @@ contains all the information needed to prompt correctly as well as a
 reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that
 carry out the actual prompting.
 .PP
-The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR,
+The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR,
 then add information to it with the UI_add or UI_dup functions.  Also,
 user-defined random data can be passed down to the underlying method
-through calls to \fIUI_add_user_data()\fR or \fIUI_dup_user_data()\fR.  The default
+through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR.  The default
 \&\s-1UI\s0 method doesn't care about these data, but other methods might.  Finally,
-use \fIUI_process()\fR to actually perform the prompting and \fIUI_get0_result()\fR
-and \fIUI_get_result_length()\fR to find the result to the prompt and its length.
+use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR
+and \fBUI_get_result_length()\fR to find the result to the prompt and its length.
 .PP
 A \s-1UI\s0 can contain more than one prompt, which are performed in the given
 sequence.  Each prompt gets an index number which is returned by the
 UI_add and UI_dup functions, and has to be used to get the corresponding
-result with \fIUI_get0_result()\fR and \fIUI_get_result_length()\fR.
+result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR.
 .PP
-\&\fIUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing
+\&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing
 a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime.
 .PP
 The functions are as follows:
 .PP
-\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method.  When done with
-this \s-1UI,\s0 it should be freed using \fIUI_free()\fR.
+\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method.  When done with
+this \s-1UI,\s0 it should be freed using \fBUI_free()\fR.
 .PP
-\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method.  When done with
-this \s-1UI,\s0 it should be freed using \fIUI_free()\fR.
+\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method.  When done with
+this \s-1UI,\s0 it should be freed using \fBUI_free()\fR.
 .PP
-\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the
+\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the
 default one, since the default can be changed.  See further on).  This
 method is the most machine/OS dependent part of OpenSSL and normally
 generates the most problems when porting.
 .PP
-\&\fIUI_null()\fR returns a \s-1UI\s0 method that does nothing.  Its use is to avoid
+\&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing.  Its use is to avoid
 getting internal defaults for passed \s-1UI_METHOD\s0 pointers.
 .PP
-\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory
+\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory
 that's connected to it, like duplicated input strings, results and others.
 If \fBui\fR is \s-1NULL\s0 nothing is done.
 .PP
-\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0
+\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0
 as well as flags and a result buffer and the desired minimum and maximum
 sizes of the result, not counting the final \s-1NUL\s0 character.  The given
 information is used to prompt for information, for example a password,
 and to verify a password (i.e. having the user enter it twice and check
-that the same string was entered twice).  \fIUI_add_verify_string()\fR takes
+that the same string was entered twice).  \fBUI_add_verify_string()\fR takes
 and extra argument that should be a pointer to the result buffer of the
 input string that it's supposed to verify, or verification will fail.
 .PP
-\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered
+\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered
 in a boolean way, with a single character for yes and a different character
 for no.  A set of characters that can be used to cancel the prompt is given
 as well.  The prompt itself is divided in two, one part being the
 descriptive text (given through the \fIprompt\fR argument) and one describing
 the possible answers (given through the \fIaction_desc\fR argument).
 .PP
-\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at
+\&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at
 the same time as the prompt for extra information or to show an error string.
 The difference between the two is only conceptual.  With the builtin method,
 there's no technical difference between them.  Other methods may make a
 difference between them, however.
 .PP
 The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for
-\&\fIUI_add_input_string()\fR and will have the users response be echoed (when
+\&\fBUI_add_input_string()\fR and will have the users response be echoed (when
 prompting for a password, this flag should obviously not be used, and
 \&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some
 sort will be used (completely depending on the application and the \s-1UI\s0
 method).
 .PP
-\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR,
-\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same
+\&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR,
+\&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same
 as their UI_add counterparts, except that they make their own copies
 of all strings.
 .PP
-\&\fIUI_construct_prompt()\fR is a helper function that can be used to create
+\&\fBUI_construct_prompt()\fR is a helper function that can be used to create
 a prompt from two pieces of information: an description and a name.
 The default constructor (if there is none provided by the method used)
 creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L".  With the
@@ -282,87 +286,86 @@ description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that beco
 string and may include encodings that will be processed by the other
 method functions.
 .PP
-\&\fIUI_add_user_data()\fR adds a user data pointer for the method to use at any
+\&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any
 time.  The builtin \s-1UI\s0 method doesn't care about this info.  Note that several
 calls to this function doesn't add data, it replaces the previous blob
 with the one given as argument.
 .PP
-\&\fIUI_dup_user_data()\fR duplicates the user data and works as an alternative
-to \fIUI_add_user_data()\fR when the user data needs to be preserved for a longer
+\&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative
+to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer
 duration, perhaps even the lifetime of the application.  The \s-1UI\s0 object takes
 ownership of this duplicate and will free it whenever it gets replaced or
-the \s-1UI\s0 is destroyed.  \fIUI_dup_user_data()\fR returns 0 on success, or \-1 on memory
+the \s-1UI\s0 is destroyed.  \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory
 allocation failure or if the method doesn't have a duplicator function.
 .PP
-\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the
-\&\s-1UI\s0 with \fIUI_add_user_data()\fR or UI_dup_user_data.
+\&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the
+\&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data.
 .PP
-\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with
+\&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with
 the information indexed by \fIi\fR.
 .PP
-\&\fIUI_get_result_length()\fR returns the length of the result buffer associated with
+\&\fBUI_get_result_length()\fR returns the length of the result buffer associated with
 the information indexed by \fIi\fR.
 .PP
-\&\fIUI_process()\fR goes through the information given so far, does all the printing
+\&\fBUI_process()\fR goes through the information given so far, does all the printing
 and prompting and returns the final status, which is \-2 on out-of-band events
 (Interrupt, Cancel, ...), \-1 on error and 0 on success.
 .PP
-\&\fIUI_ctrl()\fR adds extra control for the application author.  For now, it
-understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fIUI_process()\fR
+\&\fBUI_ctrl()\fR adds extra control for the application author.  For now, it
+understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR
 print the OpenSSL error stack as part of processing the \s-1UI,\s0 and
 \&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can
 be used again or not.
 .PP
-\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given.
+\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given.
 This function is not thread-safe and should not be called at the same time
 as other OpenSSL functions.
 .PP
-\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method.
+\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method.
 .PP
-\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0
+\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0
 .PP
-\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0
+\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0
 .SH "NOTES"
 .IX Header "NOTES"
-The resulting strings that the built in method \fIUI_OpenSSL()\fR generate
+The resulting strings that the built in method \fBUI_OpenSSL()\fR generate
 are assumed to be encoded according to the current locale or (for
 Windows) code page.
 For applications having different demands, these strings need to be
 converted appropriately by the caller.
 For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set,
-the built-in method \fIUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings
+the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings
 instead.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIUI_new()\fR and \fIUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error
+\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error
 occurred.
 .PP
-\&\fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR, \fIUI_add_verify_string()\fR,
-\&\fIUI_dup_verify_string()\fR, \fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR,
-\&\fIUI_add_info_string()\fR, \fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR
-and \fIUI_dup_error_string()\fR return a positive number on success or a value which
+\&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR,
+\&\fBUI_dup_verify_string()\fR, \fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR,
+\&\fBUI_add_info_string()\fR, \fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR
+and \fBUI_dup_error_string()\fR return a positive number on success or a value which
 is less than or equal to 0 otherwise.
 .PP
-\&\fIUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred.
+\&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIUI_dup_user_data()\fR returns 0 on success or \-1 on error.
+\&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error.
 .PP
-\&\fIUI_get0_result()\fR returns a string or \s-1NULL\s0 on error.
+\&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error.
 .PP
-\&\fIUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it
+\&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it
 returns \-1 on error.
 .PP
-\&\fIUI_process()\fR returns 0 on success or a negative value on error.
+\&\fBUI_process()\fR returns 0 on success or a negative value on error.
 .PP
-\&\fIUI_ctrl()\fR returns a mask on success or \-1 on error.
+\&\fBUI_ctrl()\fR returns a mask on success or \-1 on error.
 .PP
-\&\fIUI_get_default_method()\fR, \fIUI_get_method()\fR, \fIUI_Openssl()\fR, \fIUI_null()\fR and
-\&\fIUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0
+\&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and
+\&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0
 respectively.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIUI_dup_user_data()\fR
-was added in OpenSSL 1.1.1.
+The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509V3_get_d2i.3 b/secure/lib/libcrypto/man/X509V3_get_d2i.3
index 8df3bb68d5846..0fb9781c14e41 100644
--- a/secure/lib/libcrypto/man/X509V3_get_d2i.3
+++ b/secure/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509V3_GET_D2I 3"
-.TH X509V3_GET_D2I 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509V3_GET_D2I 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,7 +171,7 @@ X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X5
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions
+\&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions
 \&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one
 occurrence of an extension is permissible otherwise the first extension after
 index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension.
@@ -177,31 +181,31 @@ extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NU
 not critical and 1 if critical. A pointer to an extension specific structure
 or \fB\s-1NULL\s0\fR is returned.
 .PP
-\&\fIX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new
+\&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new
 \&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according
 to \fBflags\fR.
 .PP
-\&\fIX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension
+\&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension
 \&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR
 if the extension could not be decoded (invalid syntax or not supported).
 .PP
-\&\fIX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR
+\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR
 with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR.
 .PP
-\&\fIX509_get_ext_d2i()\fR and \fIX509_add1_ext_i2d()\fR operate on the extensions of
-certificate \fBx\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and
-\&\fIX509V3_add_i2d()\fR.
+\&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of
+certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and
+\&\fBX509V3_add_i2d()\fR.
 .PP
-\&\fIX509_CRL_get_ext_d2i()\fR and \fIX509_CRL_add1_ext_i2d()\fR operate on the extensions
-of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and
-\&\fIX509V3_add_i2d()\fR.
+\&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions
+of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and
+\&\fBX509V3_add_i2d()\fR.
 .PP
-\&\fIX509_REVOKED_get_ext_d2i()\fR and \fIX509_REVOKED_add1_ext_i2d()\fR operate on the
+\&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the
 extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions),
-they are otherwise identical to \fIX509V3_get_d2i()\fR and \fIX509V3_add_i2d()\fR.
+they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR.
 .PP
-\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and
-\&\fIX509_REVOKED_get0_extensions()\fR return a stack of all the extensions
+\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and
+\&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions
 of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -232,7 +236,7 @@ exist.
 If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not
 be added to the error queue.
 .PP
-The function \fIX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not
+The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not
 found, occurs multiple times or cannot be decoded. It is possible to
 determine the precise reason by checking the value of \fB*crit\fR.
 .SH "SUPPORTED EXTENSIONS"
@@ -329,38 +333,38 @@ The following extensions are used by certificate transparency, \s-1RFC6962\s0
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509V3_EXT_d2i()\fR and *\fIX509V3_get_d2i()\fR return a pointer to an extension
+\&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension
 specific structure of \fB\s-1NULL\s0\fR if an error occurs.
 .PP
-\&\fIX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure
+\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure
 or \fB\s-1NULL\s0\fR if an error occurs.
 .PP
-\&\fIX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it
+\&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it
 fails due to a non-fatal error (extension not found, already exists,
 cannot be encoded) or \-1 due to a fatal error such as a memory allocation
 failure.
 .PP
-\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and
-\&\fIX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return
+\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and
+\&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return
 \&\s-1NULL\s0 if no extensions are present.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_ALGOR_dup.3 b/secure/lib/libcrypto/man/X509_ALGOR_dup.3
index fdfb0d4004d45..a822b8361376b 100644
--- a/secure/lib/libcrypto/man/X509_ALGOR_dup.3
+++ b/secure/lib/libcrypto/man/X509_ALGOR_dup.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_ALGOR_DUP 3"
-.TH X509_ALGOR_DUP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_ALGOR_DUP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,34 +154,34 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_ALGOR_dup()\fR returns a copy of \fBalg\fR.
+\&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR.
 .PP
-\&\fIX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the
+\&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the
 associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is
 \&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have
-the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fIASN1_TYPE_set()\fR.
+the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR.
 All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after
 this call.
 .PP
-\&\fIX509_ALGOR_get0()\fR is the inverse of \fIX509_ALGOR_set0()\fR: it returns the
+\&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the
 algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR
 and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR.
 .PP
-\&\fIX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate
+\&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate
 values for the message digest \fBmd\fR.
 .PP
-\&\fIX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical
+\&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical
 encodings and non-zero otherwise.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error
+\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error
 occurred.
 .PP
-\&\fIX509_ALGOR_set0()\fR returns 1 on success or 0 on error.
+\&\fBX509_ALGOR_set0()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIX509_ALGOR_get0()\fR and \fIX509_ALGOR_set_md()\fR return no values.
+\&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values.
 .PP
-\&\fIX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and
+\&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and
 non-zero otherwise.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
index 98fee4b9d7856..a432f0c6e1e9f 100644
--- a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
+++ b/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_CRL_GET0_BY_SERIAL 3"
-.TH X509_CRL_GET0_BY_SERIAL 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_CRL_GET0_BY_SERIAL 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,75 +163,75 @@ X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOK
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for
+\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for
 serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal
 pointer of the matching entry, as a result \fB*ret\fR must not be freed up
 after the call.
 .PP
-\&\fIX509_CRL_get0_by_cert()\fR is similar to \fIX509_get0_by_serial()\fR except it
+\&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it
 looks for a revoked entry using the serial number of certificate \fBx\fR.
 .PP
-\&\fIX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all
+\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all
 revoked entries for \fBcrl\fR.
 .PP
-\&\fIX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the
+\&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the
 serial number of \fBr\fR.
 .PP
-\&\fIX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the
+\&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the
 revocation date of \fBr\fR.
 .PP
-\&\fIX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR.
+\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR.
 The supplied \fBserial\fR pointer is not used internally so it should be
 freed up after use.
 .PP
-\&\fIX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to
+\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to
 \&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be
 freed up after use.
 .PP
-\&\fIX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The
+\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The
 pointer \fBrev\fR is used internally so it must not be freed up after the call:
 it is freed when the parent \s-1CRL\s0 is freed.
 .PP
-\&\fIX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial
+\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial
 number order.
 .SH "NOTES"
 .IX Header "NOTES"
 Applications can determine the number of revoked entries returned by
-\&\fIX509_CRL_get_revoked()\fR using \fIsk_X509_REVOKED_num()\fR and examine each one
-in turn using \fIsk_X509_REVOKED_value()\fR.
+\&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one
+in turn using \fBsk_X509_REVOKED_value()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_CRL_get0_by_serial()\fR and \fIX509_CRL_get0_by_cert()\fR return 0 for failure,
+\&\fBX509_CRL_get0_by_serial()\fR and \fBX509_CRL_get0_by_cert()\fR return 0 for failure,
 1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8),
 in which case 2 is returned.
 .PP
-\&\fIX509_REVOKED_set_serialNumber()\fR, \fIX509_REVOKED_set_revocationDate()\fR,
-\&\fIX509_CRL_add0_revoked()\fR and \fIX509_CRL_sort()\fR return 1 for success and 0 for
+\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR,
+\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for
 failure.
 .PP
-\&\fIX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer.
+\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer.
 .PP
-\&\fIX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value.
+\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value.
 .PP
-\&\fIX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries.
+\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
index 5bcdbbfbf3969..828e58c2ff28f 100644
--- a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
+++ b/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_EXTENSION_SET_OBJECT 3"
-.TH X509_EXTENSION_SET_OBJECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_EXTENSION_SET_OBJECT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,59 +160,59 @@ X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The
+\&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The
 \&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use.
 .PP
-\&\fIX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If
+\&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If
 \&\fBcrit\fR is zero the extension in non-critical otherwise it is critical.
 .PP
-\&\fIX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The
+\&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The
 \&\fBdata\fR pointer is duplicated internally.
 .PP
-\&\fIX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR,
+\&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR,
 criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and
 written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR
 should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must
 \&\fBnot\fR be an uninitialised pointer.
 .PP
-\&\fIX509_EXTENSION_create_by_OBJ()\fR is identical to \fIX509_EXTENSION_create_by_NID()\fR
+\&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR
 except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0
 .PP
-\&\fIX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an
+\&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an
 \&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must
 not be freed up.
 .PP
-\&\fIX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it
+\&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it
 returns \fB1\fR for critical and \fB0\fR for non-critical.
 .PP
-\&\fIX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned
+\&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned
 pointer is an internal value which must not be freed up.
 .SH "NOTES"
 .IX Header "NOTES"
 These functions manipulate the contents of an extension directly. Most
 applications will want to parse or encode and add an extension: they should
 use the extension encode and decode functions instead such as
-\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR.
+\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR.
 .PP
 The \fBdata\fR associated with an extension is the extension encoding in an
 \&\fB\s-1ASN1_OCTET_STRING\s0\fR structure.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_EXTENSION_set_object()\fR \fIX509_EXTENSION_set_critical()\fR and
-\&\fIX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure.
+\&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and
+\&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure.
 .PP
-\&\fIX509_EXTENSION_create_by_NID()\fR and \fIX509_EXTENSION_create_by_OBJ()\fR return
+\&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return
 an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs.
 .PP
-\&\fIX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer.
+\&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer.
 .PP
-\&\fIX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for
+\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for
 critical.
 .PP
-\&\fIX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer.
+\&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509V3_get_d2i\fR\|(3)
+\&\fBX509V3_get_d2i\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
index da5c068bd033f..3100c782e1a8a 100644
--- a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
+++ b/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_LOOKUP_HASH_DIR 3"
-.TH X509_LOOKUP_HASH_DIR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_LOOKUP_HASH_DIR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,8 +159,8 @@ lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library.
 .PP
 Users of the library typically do not need to create instances of these
 methods manually, they would be created automatically by
-\&\fIX509_STORE_load_locations\fR\|(3) or
-\&\fISSL_CTX_load_verify_locations\fR\|(3)
+\&\fBX509_STORE_load_locations\fR\|(3) or
+\&\fBSSL_CTX_load_verify_locations\fR\|(3)
 functions.
 .PP
 Internally loading of certificates and CRLs is implemented via functions
@@ -176,7 +180,7 @@ or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\
 .PP
 Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions
 to load default certificate store file (see
-\&\fIX509_STORE_set_default_paths\fR\|(3).
+\&\fBX509_STORE_set_default_paths\fR\|(3).
 .PP
 Functions return number of objects loaded from file or 0 in case of
 error.
@@ -208,10 +212,10 @@ the directory.
 The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format,
 with a file name of the form \fIhash\fR.\fIN\fR for a certificate, or
 \&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0
-The \fIhash\fR is the value returned by the \fIX509_NAME_hash\fR\|(3) function applied
+The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied
 to the subject name for certificates or issuer name for CRLs.
-The hash can also be obtained via the \fB\-hash\fR option of the \fIx509\fR\|(1) or
-\&\fIcrl\fR\|(1) commands.
+The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or
+\&\fBcrl\fR\|(1) commands.
 .PP
 The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is
 incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR
@@ -234,22 +238,22 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL
 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL
 0.9.8 to 1.0.0.
 .PP
-OpenSSL includes a \fIrehash\fR\|(1) utility which creates symlinks with correct
+OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct
 hashed names for all files with .pem suffix in a given directory.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_LOOKUP_hash_dir()\fR and \fIX509_LOOKUP_file()\fR always return a valid
+\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid
 \&\fBX509_LOOKUP_METHOD\fR structure.
 .PP
-\&\fIX509_load_cert_file()\fR, \fIX509_load_crl_file()\fR and \fIX509_load_cert_crl_file()\fR return
+\&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return
 the number of loaded objects or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIPEM_read_PrivateKey\fR\|(3),
-\&\fIX509_STORE_load_locations\fR\|(3),
-\&\fIX509_store_add_lookup\fR\|(3),
-\&\fISSL_CTX_load_verify_locations\fR\|(3),
-\&\fIX509_LOOKUP_meth_new\fR\|(3),
+\&\fBPEM_read_PrivateKey\fR\|(3),
+\&\fBX509_STORE_load_locations\fR\|(3),
+\&\fBX509_store_add_lookup\fR\|(3),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3),
+\&\fBX509_LOOKUP_meth_new\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 b/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
index d77b70f06c08a..5c38bb6fa7f35 100644
--- a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
+++ b/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_LOOKUP_METH_NEW 3"
-.TH X509_LOOKUP_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_LOOKUP_METH_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -225,57 +229,57 @@ implementation of various X509 and X509_CRL lookup capabilities. One instance
 of an X509_LOOKUP_METHOD can be associated to many instantiations of an
 \&\fBX509_LOOKUP\fR structure.
 .PP
-\&\fIX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should
+\&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should
 be given a human-readable string containing a brief description of the lookup
 method.
 .PP
-\&\fIX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure.
+\&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure.
 .PP
-\&\fIX509_LOOKUP_get_new_item()\fR and \fIX509_LOOKUP_set_new_item()\fR get and set the
+\&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the
 function that is called when an \fBX509_LOOKUP\fR object is created with
-\&\fIX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP
+\&\fBX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP
 specific data, the supplied new_item function should allocate this data and
-invoke \fIX509_LOOKUP_set_method_data()\fR.
+invoke \fBX509_LOOKUP_set_method_data()\fR.
 .PP
-\&\fIX509_LOOKUP_get_free()\fR and \fIX509_LOOKUP_set_free()\fR get and set the function
+\&\fBX509_LOOKUP_get_free()\fR and \fBX509_LOOKUP_set_free()\fR get and set the function
 that is used to free any method data that was allocated and set from within
 new_item function.
 .PP
-\&\fIX509_LOOKUP_meth_get_init()\fR and \fIX509_LOOKUP_meth_set_init()\fR get and set the
+\&\fBX509_LOOKUP_meth_get_init()\fR and \fBX509_LOOKUP_meth_set_init()\fR get and set the
 function that is used to initialize the method data that was set with
-\&\fIX509_LOOKUP_set_method_data()\fR as part of the new_item routine.
+\&\fBX509_LOOKUP_set_method_data()\fR as part of the new_item routine.
 .PP
-\&\fIX509_LOOKUP_meth_get_shutdown()\fR and \fIX509_LOOKUP_meth_set_shutdown()\fR get and set
+\&\fBX509_LOOKUP_meth_get_shutdown()\fR and \fBX509_LOOKUP_meth_set_shutdown()\fR get and set
 the function that is used to shut down the method data whose state was
 previously initialized in the init function.
 .PP
-\&\fIX509_LOOKUP_meth_get_ctrl()\fR and \fIX509_LOOKUP_meth_set_ctrl()\fR get and set a
+\&\fBX509_LOOKUP_meth_get_ctrl()\fR and \fBX509_LOOKUP_meth_set_ctrl()\fR get and set a
 function to be used to handle arbitrary control commands issued by
-\&\fIX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP
+\&\fBX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP
 \&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is
 an arbitrary integer that defines some operation. \fBargc\fR is a pointer
 to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set,
 points to a location where any return data should be written to. How
 \&\fBargc\fR and \fBargl\fR are used depends entirely on the control function.
 .PP
-\&\fIX509_LOOKUP_set_get_by_subject()\fR, \fIX509_LOOKUP_set_get_by_issuer_serial()\fR,
-\&\fIX509_LOOKUP_set_get_by_fingerprint()\fR, \fIX509_LOOKUP_set_get_by_alias()\fR set
+\&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR,
+\&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set
 the functions used to retrieve an X509 or X509_CRL object by the object's
 subject, issuer, fingerprint, and alias respectively. These functions are given
 the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters
 related to the lookup, and an X509_OBJECT that will receive the requested
 object.
 .PP
-Implementations should use either \fIX509_OBJECT_set1_X509()\fR or
-\&\fIX509_OBJECT_set1_X509_CRL()\fR to set the result. Any method data that was
+Implementations should use either \fBX509_OBJECT_set1_X509()\fR or
+\&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Any method data that was
 created as a result of the new_item function set by
-\&\fIX509_LOOKUP_meth_set_new_item()\fR can be accessed with
-\&\fIX509_LOOKUP_get_method_data()\fR. The \fBX509_STORE\fR object that owns the
-X509_LOOKUP may be accessed with \fIX509_LOOKUP_get_store()\fR. Successful lookups
+\&\fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with
+\&\fBX509_LOOKUP_get_method_data()\fR. The \fBX509_STORE\fR object that owns the
+X509_LOOKUP may be accessed with \fBX509_LOOKUP_get_store()\fR. Successful lookups
 should return 1, and unsuccessful lookups should return 0.
 .PP
-\&\fIX509_LOOKUP_get_get_by_subject()\fR, \fIX509_LOOKUP_get_get_by_issuer_serial()\fR,
-\&\fIX509_LOOKUP_get_get_by_fingerprint()\fR, \fIX509_LOOKUP_get_get_by_alias()\fR retrieve
+\&\fBX509_LOOKUP_get_get_by_subject()\fR, \fBX509_LOOKUP_get_get_by_issuer_serial()\fR,
+\&\fBX509_LOOKUP_get_get_by_fingerprint()\fR, \fBX509_LOOKUP_get_get_by_alias()\fR retrieve
 the function set by the corresponding setter.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -285,7 +289,7 @@ The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function
 pointers.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_STORE_new\fR\|(3), \fISSL_CTX_set_cert_store\fR\|(3)
+\&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The functions described here were added in OpenSSL 1.1.0i.
diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
index 5256605e6dfb1..e29a93c6e4213 100644
--- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_ENTRY_GET_OBJECT 3"
-.TH X509_NAME_ENTRY_GET_OBJECT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_NAME_ENTRY_GET_OBJECT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,31 +164,28 @@ X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in
+\&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in
 and \fB\s-1ASN1_OBJECT\s0\fR structure.
 .PP
-\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in
+\&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in
 and \fB\s-1ASN1_STRING\s0\fR structure.
 .PP
-\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR.
+\&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR.
 .PP
-\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type
+\&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type
 \&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR.
 .PP
-\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR
-and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an
+\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR
+and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an
 \&\fBX509_NAME_ENTRY\fR structure.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be
+\&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be
 used to examine an \fBX509_NAME_ENTRY\fR function as returned by
-\&\fIX509_NAME_get_entry()\fR for example.
+\&\fBX509_NAME_get_entry()\fR for example.
 .PP
-\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR,
-and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an
-.PP
-\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR,
-\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR
+\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR,
+\&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR
 are seldom used in practice because \fBX509_NAME_ENTRY\fR structures
 are almost always part of \fBX509_NAME\fR structures and the
 corresponding \fBX509_NAME\fR functions are typically used to
@@ -192,27 +193,27 @@ create and add new entries in a single operation.
 .PP
 The arguments of these functions support similar options to the similarly
 named ones of the corresponding \fBX509_NAME\fR functions such as
-\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to
-\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be
+\&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to
+\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be
 set first so the relevant field information can be looked up internally.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is
+\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is
 set or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set
+\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set
 or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIX509_NAME_ENTRY_set_object()\fR and \fIX509_NAME_ENTRY_set_data()\fR return 1 on success
+\&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success
 or 0 on error.
 .PP
-\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR and
-\&\fIX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or
+\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and
+\&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or
 \&\s-1NULL\s0 if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3),
-\&\fIOBJ_nid2obj\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3),
+\&\fBOBJ_nid2obj\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index 9490048c4edf2..49ead0319777a 100644
--- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3"
-.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,8 +160,8 @@ X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_N
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and
-\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined
+\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and
+\&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined
 by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively.
 The field value to be added is in \fBbytes\fR of length \fBlen\fR. If
 \&\fBlen\fR is \-1 then the field length is calculated internally using
@@ -168,12 +172,12 @@ definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a
 standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is
 added to a position determined by \fBloc\fR and \fBset\fR.
 .PP
-\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR
+\&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR
 to \fBname\fR. The new entry is added to a position determined by \fBloc\fR
 and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after
 the call.
 .PP
-\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position
+\&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position
 \&\fBloc\fR. The deleted entry is returned and must be freed up.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -181,12 +185,12 @@ The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF
 is strongly recommended for the \fBtype\fR parameter. This allows the
 internal code to correctly determine the type of the field and to
 apply length checks according to the relevant standards. This is
-done using \fIASN1_STRING_set_by_NID()\fR.
+done using \fBASN1_STRING_set_by_NID()\fR.
 .PP
 If instead an \s-1ASN1\s0 type is used no checks are performed and the
 supplied data in \fBbytes\fR is used directly.
 .PP
-In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents
+In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents
 the field name using OBJ_txt2obj(field, 0).
 .PP
 The \fBloc\fR and \fBset\fR parameters determine where a new entry should
@@ -228,11 +232,11 @@ Create an \fBX509_NAME\fR structure:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR,
-\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for
+\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR,
+\&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for
 success of 0 if an error occurred.
 .PP
-\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR
+\&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR
 structure of \fB\s-1NULL\s0\fR if an error occurred.
 .SH "BUGS"
 .IX Header "BUGS"
@@ -242,7 +246,7 @@ not understand multicharacter types, performs no length checks and
 can result in invalid field types its use is strongly discouraged.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_NAME_get0_der.3 b/secure/lib/libcrypto/man/X509_NAME_get0_der.3
index 286feb1b3bb1c..40bb2dbc9eb2b 100644
--- a/secure/lib/libcrypto/man/X509_NAME_get0_der.3
+++ b/secure/lib/libcrypto/man/X509_NAME_get0_der.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_GET0_DER 3"
-.TH X509_NAME_GET0_DER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_NAME_GET0_DER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,17 +150,17 @@ X509_NAME_get0_der \- get X509_NAME DER encoding
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The function \fIX509_NAME_get0_der()\fR returns an internal pointer to the
+The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the
 encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of
 \&\fB*pderlen\fR bytes. It is useful for applications that wish to examine
 the encoding of an \fBX509_NAME\fR structure without copying it.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-The function \fIX509_NAME_get0_der()\fR returns 1 for success and 0 if an error
+The function \fBX509_NAME_get0_der()\fR returns 1 for success and 0 if an error
 occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3)
+\&\fBd2i_X509\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index 5d68312a47e95..cb319bb4eb587 100644
--- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_GET_INDEX_BY_NID 3"
-.TH X509_NAME_GET_INDEX_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_NAME_GET_INDEX_BY_NID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,19 +161,19 @@ These functions allow an \fBX509_NAME\fR structure to be examined. The
 \&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject
 and issuer names.
 .PP
-\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve
+\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve
 the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR
 should initially be set to \-1. If there are no more entries \-1 is returned.
 If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned.
 .PP
-\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR.
+\&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR.
 .PP
-\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR
+\&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR
 corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from
 0 to (X509_NAME_entry_count(name) \- 1). The value returned is an
 internal pointer which must not be freed.
 .PP
-\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve
+\&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve
 the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or
 \&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes
 will be written and the text written to \fBbuf\fR will be null
@@ -178,7 +182,7 @@ excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount
 of space needed in \fBbuf\fR (excluding the final null) is returned.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR should be
+\&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be
 considered deprecated because they
 have various limitations which make them
 of minimal use in practice. They can only find the first matching
@@ -186,16 +190,16 @@ entry and will copy the contents of the field verbatim: this can
 be highly confusing if the target is a multicharacter string type
 like a BMPString or a UTF8String.
 .PP
-For a more general solution \fIX509_NAME_get_index_by_NID()\fR or
-\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by
-\&\fIX509_NAME_get_entry()\fR on any matching indices and then the
+For a more general solution \fBX509_NAME_get_index_by_NID()\fR or
+\&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by
+\&\fBX509_NAME_get_entry()\fR on any matching indices and then the
 various \fBX509_NAME_ENTRY\fR utility functions on the result.
 .PP
 The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in
 the source code header files <openssl/obj_mac.h> and/or
 <openssl/objects.h>.
 .PP
-Applications which could pass invalid NIDs to \fIX509_NAME_get_index_by_NID()\fR
+Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR
 should check for the return value of \-2. Alternatively the \s-1NID\s0 validity
 can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0
 .SH "EXAMPLES"
@@ -228,18 +232,18 @@ Process all commonName entries:
 .Ve
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR
+\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR
 return the index of the next matching entry or \-1 if not found.
-\&\fIX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied
+\&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied
 \&\s-1NID\s0 is invalid.
 .PP
-\&\fIX509_NAME_entry_count()\fR returns the total number of entries.
+\&\fBX509_NAME_entry_count()\fR returns the total number of entries.
 .PP
-\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the
+\&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the
 requested entry or \fB\s-1NULL\s0\fR if the index is invalid.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
index c8843387f9a63..ba54b24484b83 100644
--- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3
+++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_PRINT_EX 3"
-.TH X509_NAME_PRINT_EX 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_NAME_PRINT_EX 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,25 +152,25 @@ X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \-
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each
+\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each
 line (for multiline formats) is indented by \fBindent\fR spaces. The output format
 can be extensively customised by use of the \fBflags\fR parameter.
 .PP
-\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is
+\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is
 written to \s-1FILE\s0 pointer \fBfp\fR.
 .PP
-\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR.
+\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR.
 If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and
 \&\fBsize\fR is ignored.
 Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0',
 and \fBbuf\fR is returned.
 .PP
-\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR
+\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR
 characters. Multiple lines are used if the output (including indent) exceeds
 80 characters.
 .SH "NOTES"
 .IX Header "NOTES"
-The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR
+The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR
 produce a non standard output form, they don't handle multi character fields and
 have various quirks and inconsistencies.
 Their use is strongly discouraged in new applications and they could
@@ -174,11 +178,11 @@ be deprecated in a future release.
 .PP
 Although there are a large number of possible flags for most purposes
 \&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice.
-As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page
+As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page
 for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example
 \&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used.
 .PP
-The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below.
+The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below.
 .PP
 Several options can be ored together.
 .PP
@@ -210,7 +214,7 @@ printed instead of the values.
 If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this
 is only of use for multiline format.
 .PP
-Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to
+Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to
 control how each field value is displayed.
 .PP
 In addition a number options can be set for commonly used formats.
@@ -225,19 +229,19 @@ is equivalent to:
 \&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as:
  \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR
 .PP
-\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally.
+\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error.
+\&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error.
 .PP
-\&\fIX509_NAME_print()\fR returns 1 on success or 0 on error.
+\&\fBX509_NAME_print()\fR returns 1 on success or 0 on error.
 .PP
-\&\fIX509_NAME_print_ex()\fR and \fIX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error
-if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fIX509_NAME_print()\fR. Otherwise,
+\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error
+if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise,
 it returns \-1 on error or other values on success.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIASN1_STRING_print_ex\fR\|(3)
+\&\fBASN1_STRING_print_ex\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_PUBKEY_new.3 b/secure/lib/libcrypto/man/X509_PUBKEY_new.3
index bb6ce8ffda80a..979ef15391fa7 100644
--- a/secure/lib/libcrypto/man/X509_PUBKEY_new.3
+++ b/secure/lib/libcrypto/man/X509_PUBKEY_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_PUBKEY_NEW 3"
-.TH X509_PUBKEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_PUBKEY_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -169,31 +173,31 @@ X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKE
 The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR
 structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests.
 .PP
-\&\fIX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure.
+\&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure.
 .PP
-\&\fIX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0
+\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0
 nothing is done.
 .PP
-\&\fIX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained
+\&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained
 in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing
 public key structure will be freed.
 .PP
-\&\fIX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned
+\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned
 value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use.
 .PP
-\&\fIX509_PUBKEY_get()\fR is similar to \fIX509_PUBKEY_get0()\fR except the reference
+\&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference
 count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using
-\&\fIEVP_PKEY_free()\fR after use.
+\&\fBEVP_PKEY_free()\fR after use.
 .PP
-\&\fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure
+\&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure
 using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of
-other \s-1ASN.1\s0 functions such as \fId2i_X509()\fR.
+other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR.
 .PP
-\&\fId2i_PUBKEY_bio()\fR, \fId2i_PUBKEY_fp()\fR, \fIi2d_PUBKEY_bio()\fR and \fIi2d_PUBKEY_fp()\fR are
-similar to \fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR except they decode or encode using a
+\&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are
+similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a
 \&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer.
 .PP
-\&\fIX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The
+\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The
 \&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the
 algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR.
 The encoding of the public key itself is set to the \fBpenclen\fR
@@ -201,7 +205,7 @@ bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied
 parameters is passed to \fBpub\fR so they must not be freed after the
 call.
 .PP
-\&\fIX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR,
+\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR,
 \&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of
 \&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated
 AlgorithmIdentifier for the public key. If the value of any of these
@@ -214,26 +218,26 @@ The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys
 in a standard format.
 .PP
 In many cases applications will not call the \fBX509_PUBKEY\fR functions
-directly: they will instead call wrapper functions such as \fIX509_get0_pubkey()\fR.
+directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If the allocation fails, \fIX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
-code that can be obtained by \fIERR_get_error\fR\|(3).
+If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fBERR_get_error\fR\|(3).
 .PP
 Otherwise it returns a pointer to the newly allocated structure.
 .PP
-\&\fIX509_PUBKEY_free()\fR does not return a value.
+\&\fBX509_PUBKEY_free()\fR does not return a value.
 .PP
-\&\fIX509_PUBKEY_get0()\fR and \fIX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR
+\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR
 structure or \fB\s-1NULL\s0\fR if an error occurs.
 .PP
-\&\fIX509_PUBKEY_set()\fR, \fIX509_PUBKEY_set0_param()\fR and \fIX509_PUBKEY_get0_param()\fR
+\&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR
 return 1 for success and 0 if an error occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_SIG_get0.3 b/secure/lib/libcrypto/man/X509_SIG_get0.3
index 55653d6adca45..c7603dbe3f694 100644
--- a/secure/lib/libcrypto/man/X509_SIG_get0.3
+++ b/secure/lib/libcrypto/man/X509_SIG_get0.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_SIG_GET0 3"
-.TH X509_SIG_GET0 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_SIG_GET0 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,16 +152,16 @@ X509_SIG_get0, X509_SIG_getm \- DigestInfo functions
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest
-value in \fBsig\fR. \fIX509_SIG_getm()\fR is identical to \fIX509_SIG_get0()\fR
+\&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest
+value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR
 except the pointers returned are not constant and can be modified:
 for example to initialise them.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_SIG_get0()\fR and \fIX509_SIG_getm()\fR return no values.
+\&\fBX509_SIG_get0()\fR and \fBX509_SIG_getm()\fR return no values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3)
+\&\fBd2i_X509\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
index 92a269a4431a4..124c8b6265f53 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_STORE_CTX_GET_ERROR 3"
-.TH X509_STORE_CTX_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_STORE_CTX_GET_ERROR 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,29 +159,29 @@ X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_dep
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-These functions are typically called after \fIX509_verify_cert()\fR has indicated
+These functions are typically called after \fBX509_verify_cert()\fR has indicated
 an error or in a verification callback to determine the nature of an error.
 .PP
-\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see
+\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see
 the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes.
 .PP
-\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example
+\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example
 it might be used in a verification callback to set an error based on additional
 checks.
 .PP
-\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a
+\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a
 non-negative integer representing where in the certificate chain the error
 occurred. If it is zero it occurred in the end entity certificate, one if
 it is the certificate which signed the end entity certificate and so on.
 .PP
-\&\fIX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR.
-This can be used in combination with \fIX509_STORE_CTX_set_error()\fR to set the
+\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR.
+This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the
 depth at which an error condition was detected.
 .PP
-\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which
+\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which
 caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant.
 .PP
-\&\fIX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which
+\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which
 caused the error.
 This value is not intended to remain valid for very long, and remains owned by
 the caller.
@@ -185,15 +189,15 @@ It may be examined by a verification callback invoked to handle each error
 encountered during chain verification and is no longer required after such a
 callback.
 If a callback wishes the save the certificate for use after it returns, it
-needs to increment its reference count via \fIX509_up_ref\fR\|(3).
+needs to increment its reference count via \fBX509_up_ref\fR\|(3).
 Once such a \fIsaved\fR certificate is no longer needed it can be freed with
-\&\fIX509_free\fR\|(3).
+\&\fBX509_free\fR\|(3).
 .PP
-\&\fIX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the
+\&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the
 certificate being verified by the \fBctx\fR.
 .PP
-\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous
-call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR
+\&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous
+call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR
 is \fBnot\fR successful the returned chain may be incomplete or invalid. The
 returned chain persists after the \fBctx\fR structure is freed, when it is
 no longer needed it should be free up using:
@@ -202,18 +206,18 @@ no longer needed it should be free up using:
 \& sk_X509_pop_free(chain, X509_free);
 .Ve
 .PP
-\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for
+\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for
 verification error \fBn\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code.
+\&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code.
 .PP
-\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth.
+\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth.
 .PP
-\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the
+\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the
 error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error.
 .PP
-\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for
+\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for
 verification error \fBn\fR.
 .SH "ERROR CODES"
 .IX Header "ERROR CODES"
@@ -390,18 +394,18 @@ The above functions should be used instead of directly referencing the fields
 in the \fBX509_VERIFY_CTX\fR structure.
 .PP
 In versions of OpenSSL before 1.0 the current certificate returned by
-\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should
+\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should
 check the return value before printing out any debugging information relating
 to the current certificate.
 .PP
-If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the
+If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the
 numerical value of the unknown code is returned in a static buffer. This is not
 thread safe but will never happen unless an invalid code is passed.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_verify_cert\fR\|(3),
-\&\fIX509_up_ref\fR\|(3),
-\&\fIX509_free\fR\|(3).
+\&\fBX509_verify_cert\fR\|(3),
+\&\fBX509_up_ref\fR\|(3),
+\&\fBX509_free\fR\|(3).
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
index bd3af993d9d70..df10d6b3c78e5 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_STORE_CTX_NEW 3"
-.TH X509_STORE_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_STORE_CTX_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -170,68 +174,68 @@ X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use
-by \fIX509_verify_cert()\fR.
+by \fBX509_verify_cert()\fR.
 .PP
-\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.
+\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.
 .PP
-\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.
-The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR.
+\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.
+The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR.
 .PP
-\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR
+\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR
 is no longer valid.
 If \fBctx\fR is \s-1NULL\s0 nothing is done.
 .PP
-\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
-It must be called before each call to \fIX509_verify_cert()\fR, i.e. a \fBctx\fR is only
-good for one call to \fIX509_verify_cert()\fR; if you want to verify a second
-certificate with the same \fBctx\fR then you must call \fIX509_STORE_CTX_cleanup()\fR
-and then \fIX509_STORE_CTX_init()\fR again before the second call to
-\&\fIX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end
+\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
+It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only
+good for one call to \fBX509_verify_cert()\fR; if you want to verify a second
+certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR
+and then \fBX509_STORE_CTX_init()\fR again before the second call to
+\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end
 entity certificate to be verified is set to \fBx509\fR and a set of additional
 certificates (which will be untrusted but may be used to build the chain) in
 \&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be
 \&\fB\s-1NULL\s0\fR.
 .PP
-\&\fIX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of
+\&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of
 \&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates
 instead of using an \fBX509_STORE\fR.
 .PP
-\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to
+\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to
 \&\fBx\fR.
 .PP
-\&\fIX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used
+\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used
 by \fBctx\fR to be \fBchain\fR.
 Ownership of the chain is transferred to \fBctx\fR and should not be
 free'd by the caller.
-\&\fIX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the
+\&\fBX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the
 \&\fBctx\fR that contains the validated chain.
 .PP
-\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate
+\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate
 verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is
 enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be
 used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol,
 for example in a PKCS#7 structure.
 .PP
-\&\fIX509_STORE_CTX_get0_param()\fR retrieves an internal pointer
+\&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer
 to the verification parameters associated with \fBctx\fR.
 .PP
-\&\fIX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the
+\&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the
 stack of untrusted certificates associated with \fBctx\fR.
 .PP
-\&\fIX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack
+\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack
 of untrusted certificates associated with \fBctx\fR to \fBsk\fR.
 .PP
-\&\fIX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer
+\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer
 to \fBparam\fR. After this call \fBparam\fR should not be used.
 .PP
-\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification
-method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to
+\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification
+method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to
 find an appropriate set of parameters from \fBname\fR.
 .PP
-\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates
-that were used in building the chain following a call to \fIX509_verify_cert()\fR.
+\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates
+that were used in building the chain following a call to \fBX509_verify_cert()\fR.
 .PP
-\&\fIX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default
+\&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default
 verify function. This function is responsible for verifying chain signatures and
 expiration times.
 .PP
@@ -255,32 +259,32 @@ be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies
 should be made or reference counts increased instead.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an
+\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an
 error occurred.
 .PP
-\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
+\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
 .PP
-\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR
+\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR
 structure or \fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR,
-\&\fIX509_STORE_CTX_set0_trusted_stack()\fR,
-\&\fIX509_STORE_CTX_set_cert()\fR,
-\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return
+\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR,
+\&\fBX509_STORE_CTX_set0_trusted_stack()\fR,
+\&\fBX509_STORE_CTX_set_cert()\fR,
+\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return
 values.
 .PP
-\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
+\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
 .PP
-\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates
+\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates
 used.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_verify_cert\fR\|(3)
-\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3)
+\&\fBX509_verify_cert\fR\|(3)
+\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0
-\&\fIX509_STORE_CTX_get_num_untrusted()\fR was first added to OpenSSL 1.1.0
+The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0.
+The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
index c0c55442e705a..57959c847d394 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_STORE_CTX_SET_VERIFY_CB 3"
-.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,7 +165,7 @@ X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_l
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to
+\&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to
 \&\fBverify_cb\fR overwriting any existing callback.
 .PP
 The verification callback can be used to customise the operation of certificate
@@ -180,20 +184,20 @@ policy checking is complete.
 The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that
 is performing the verification operation. A callback can examine this
 structure and receive additional information about the error, for example
-by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can
+by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can
 be passed to the callback via the \fBex_data\fR mechanism.
 .PP
-\&\fIX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback
+\&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback
 for the specific \fBctx\fR.
 .PP
-\&\fIX509_STORE_CTX_get_get_issuer()\fR,
-\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR,
-\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR,
-\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR,
-\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR
-and \fIX509_STORE_CTX_get_cleanup()\fR return the function pointers cached
+\&\fBX509_STORE_CTX_get_get_issuer()\fR,
+\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR,
+\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR,
+\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR,
+\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR
+and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached
 from the corresponding \fBX509_STORE\fR, please see
-\&\fIX509_STORE_set_verify\fR\|(3) for more information.
+\&\fBX509_STORE_set_verify\fR\|(3) for more information.
 .SH "WARNING"
 .IX Header "WARNING"
 In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in
@@ -210,7 +214,7 @@ only way to set a custom verification callback is by inheriting it from the
 associated \fBX509_STORE\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value.
+\&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 Default callback operation:
@@ -308,17 +312,18 @@ a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_STORE_CTX_get_error\fR\|(3)
-\&\fIX509_STORE_set_verify_cb_func\fR\|(3)
-\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3)
+\&\fBX509_STORE_CTX_get_error\fR\|(3)
+\&\fBX509_STORE_set_verify_cb_func\fR\|(3)
+\&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_STORE_CTX_get_get_issuer()\fR,
-\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR,
-\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR,
-\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR,
-\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR
-and \fIX509_STORE_CTX_get_cleanup()\fR were added in OpenSSL 1.1.0.
+The
+\&\fBX509_STORE_CTX_get_get_issuer()\fR,
+\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR,
+\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR,
+\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR,
+\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR
+and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/X509_STORE_add_cert.3
index 5cd2b930e9972..736470a544b55 100644
--- a/secure/lib/libcrypto/man/X509_STORE_add_cert.3
+++ b/secure/lib/libcrypto/man/X509_STORE_add_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_STORE_ADD_CERT 3"
-.TH X509_STORE_ADD_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_STORE_ADD_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,15 +165,15 @@ It admits multiple lookup mechanisms and efficient scaling performance
 with large numbers of certificates, and a great deal of flexibility in
 how validation and policy checks are performed.
 .PP
-\&\fIX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains
+\&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains
 no information about trusted certificates or where such certificates
 are located on disk, and is generally not usable.  Normally, trusted
 certificates will be added to the \fBX509_STORE\fR to prepare it for use,
-via mechanisms such as \fIX509_STORE_add_lookup()\fR and \fIX509_LOOKUP_file()\fR, or
-\&\fIPEM_read_bio_X509_AUX()\fR and \fIX509_STORE_add_cert()\fR.  CRLs can also be added,
+via mechanisms such as \fBX509_STORE_add_lookup()\fR and \fBX509_LOOKUP_file()\fR, or
+\&\fBPEM_read_bio_X509_AUX()\fR and \fBX509_STORE_add_cert()\fR.  CRLs can also be added,
 and many behaviors configured as desired.
 .PP
-Once the \fBX509_STORE\fR is suitably configured, \fIX509_STORE_CTX_new()\fR is
+Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is
 used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building
 and verification operation.  That process includes providing the end-entity
 certificate to be verified and an additional set of untrusted certificates
@@ -178,42 +182,42 @@ certificates included in the \fBX509_STORE\fR are certificates that represent
 trusted entities such as root certificate authorities (CAs).
 OpenSSL represents these trusted certificates internally as \fBX509\fR objects
 with an associated \fBX509_CERT_AUX\fR, as are produced by
-\&\fIPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX.
+\&\fBPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX.
 The public interfaces that operate on such trusted certificates still
 operate on pointers to \fBX509\fR objects, though.
 .PP
-\&\fIX509_STORE_add_cert()\fR and \fIX509_STORE_add_crl()\fR add the respective object
+\&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object
 to the \fBX509_STORE\fR's local storage.  Untrusted objects should not be
 added in this way.
 .PP
-\&\fIX509_STORE_set_depth()\fR, \fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR,
-\&\fIX509_STORE_set_trust()\fR, and \fIX509_STORE_set1_param()\fR set the default values
+\&\fBX509_STORE_set_depth()\fR, \fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR,
+\&\fBX509_STORE_set_trust()\fR, and \fBX509_STORE_set1_param()\fR set the default values
 for the corresponding values used in certificate chain validation.  Their
 behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual
-pages, e.g., \fIX509_VERIFY_PARAM_set_depth\fR\|(3).
+pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3).
 .PP
-\&\fIX509_STORE_load_locations()\fR loads trusted certificate(s) into an
+\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an
 \&\fBX509_STORE\fR from a given file and/or directory path.  It is permitted
 to specify just a file, just a directory, or both paths.  The certificates
 in the directory must be in hashed form, as documented in
-\&\fIX509_LOOKUP_hash_dir\fR\|(3).
+\&\fBX509_LOOKUP_hash_dir\fR\|(3).
 .PP
-\&\fIX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not
+\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not
 set what default paths should be used for loading certificates.  Instead,
 it loads certificates into the \fBX509_STORE\fR from the hardcoded default
 paths.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_STORE_add_cert()\fR, \fIX509_STORE_add_crl()\fR, \fIX509_STORE_set_depth()\fR,
-\&\fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR,
-\&\fIX509_STORE_set_trust()\fR, \fIX509_STORE_load_locations()\fR, and
-\&\fIX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure.
+\&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR,
+\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR,
+\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and
+\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_LOOKUP_hash_dir\fR\|(3).
-\&\fIX509_VERIFY_PARAM_set_depth\fR\|(3).
-\&\fIX509_STORE_new\fR\|(3),
-\&\fIX509_STORE_get0_param\fR\|(3)
+\&\fBX509_LOOKUP_hash_dir\fR\|(3).
+\&\fBX509_VERIFY_PARAM_set_depth\fR\|(3).
+\&\fBX509_STORE_new\fR\|(3),
+\&\fBX509_STORE_get0_param\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_STORE_get0_param.3 b/secure/lib/libcrypto/man/X509_STORE_get0_param.3
index 5a148e0b9e617..5b87c3d8dae44 100644
--- a/secure/lib/libcrypto/man/X509_STORE_get0_param.3
+++ b/secure/lib/libcrypto/man/X509_STORE_get0_param.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_STORE_GET0_PARAM 3"
-.TH X509_STORE_GET0_PARAM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_STORE_GET0_PARAM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,27 +151,27 @@ X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_ST
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_STORE_set1_param()\fR sets the verification parameters
+\&\fBX509_STORE_set1_param()\fR sets the verification parameters
 to \fBpm\fR for \fBctx\fR.
 .PP
-\&\fIX509_STORE_get0_param()\fR retrieves an internal pointer to the verification
+\&\fBX509_STORE_get0_param()\fR retrieves an internal pointer to the verification
 parameters for \fBctx\fR. The returned pointer must not be freed by the
 calling application
 .PP
-\&\fIX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's
+\&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's
 X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The
 returned pointer must not be freed by the calling application.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_STORE_get0_param()\fR returns a pointer to an
+\&\fBX509_STORE_get0_param()\fR returns a pointer to an
 \&\fBX509_VERIFY_PARAM\fR structure.
 .PP
-\&\fIX509_STORE_set1_param()\fR returns 1 for success and 0 for failure.
+\&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure.
 .PP
-\&\fIX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR.
+\&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_STORE_new\fR\|(3)
+\&\fBX509_STORE_new\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 \&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in
diff --git a/secure/lib/libcrypto/man/X509_STORE_new.3 b/secure/lib/libcrypto/man/X509_STORE_new.3
index e993112cb71f5..89c156baa5ded 100644
--- a/secure/lib/libcrypto/man/X509_STORE_new.3
+++ b/secure/lib/libcrypto/man/X509_STORE_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_STORE_NEW 3"
-.TH X509_STORE_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_STORE_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,31 +153,31 @@ X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIX509_STORE_new()\fR function returns a new X509_STORE.
+The \fBX509_STORE_new()\fR function returns a new X509_STORE.
 .PP
-\&\fIX509_STORE_up_ref()\fR increments the reference count associated with the
+\&\fBX509_STORE_up_ref()\fR increments the reference count associated with the
 X509_STORE object.
 .PP
-\&\fIX509_STORE_lock()\fR locks the store from modification by other threads,
-\&\fIX509_STORE_unlock()\fR locks it.
+\&\fBX509_STORE_lock()\fR locks the store from modification by other threads,
+\&\fBX509_STORE_unlock()\fR locks it.
 .PP
-\&\fIX509_STORE_free()\fR frees up a single X509_STORE object.
+\&\fBX509_STORE_free()\fR frees up a single X509_STORE object.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails.
+\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails.
 .PP
-\&\fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR return
+\&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return
 1 for success and 0 for failure.
 .PP
-\&\fIX509_STORE_free()\fR does not return values.
+\&\fBX509_STORE_free()\fR does not return values.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_STORE_set_verify_cb_func\fR\|(3)
-\&\fIX509_STORE_get0_param\fR\|(3)
+\&\fBX509_STORE_set_verify_cb_func\fR\|(3)
+\&\fBX509_STORE_get0_param\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR
-functions were added in OpenSSL 1.1.0
+The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR
+functions were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
index 53a2cbb5ffdf3..b633bcb00183a 100644
--- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3"
-.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -215,13 +219,13 @@ X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanu
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to
+\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to
 \&\fBverify_cb\fR overwriting the previous callback.
 The callback assigned with this function becomes a default for the one
 that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR,
-please see \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further information.
+please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information.
 .PP
-\&\fIX509_STORE_set_verify()\fR sets the final chain verification function for
+\&\fBX509_STORE_set_verify()\fR sets the final chain verification function for
 \&\fBctx\fR to \fBverify\fR.
 Its purpose is to go through the chain of certificates and check that
 all signatures are valid and that the current time is within the
@@ -231,21 +235,21 @@ on success.
 \&\fIIf no chain verification function is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_get_issuer()\fR sets the function to get the issuer
+\&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer
 certificate that verifies the given certificate \fBx\fR.
 When found, the issuer certificate must be assigned to \fB*issuer\fR.
 This function must return 0 on failure and 1 on success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_check_issued()\fR sets the function to check that a given
+\&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given
 certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR.
 This function must return 0 on failure (among others if \fBx\fR hasn't
 been issued with \fBissuer\fR) and 1 on success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_check_revocation()\fR sets the revocation checking
+\&\fBX509_STORE_set_check_revocation()\fR sets the revocation checking
 function.
 Its purpose is to look through the final chain and check the
 revocation status for each certificate.
@@ -253,32 +257,32 @@ It must return 0 on failure and 1 on success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_get_crl()\fR sets the function to get the crl for a given
+\&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given
 certificate \fBx\fR.
 When found, the crl must be assigned to \fB*crl\fR.
 This function must return 0 on failure and 1 on success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_check_crl()\fR sets the function to check the validity of
+\&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of
 the given \fBcrl\fR.
 This function must return 0 on failure and 1 on success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_cert_crl()\fR sets the function to check the revocation
+\&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation
 status of the given certificate \fBx\fR against the given \fBcrl\fR.
 This function must return 0 on failure and 1 on success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_check_policy()\fR sets the function to check the policies
+\&\fBX509_STORE_set_check_policy()\fR sets the function to check the policies
 of all the certificates in the final chain..
 This function must return 0 on failure and 1 on success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_lookup_certs()\fR and \fIX509_STORE_set_lookup_crls()\fR set the
+\&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the
 functions to look up all the certs or all the CRLs that match the
 given name \fBnm\fR.
 These functions return \s-1NULL\s0 on failure and a pointer to a stack of
@@ -287,36 +291,36 @@ success.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_set_cleanup()\fR sets the final cleanup function, which is
+\&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is
 called when the context (\fBX509_STORE_CTX\fR) is being torn down.
 This function doesn't return any value.
 \&\fIIf no function to get the issuer is provided, the internal default
 function will be used instead.\fR
 .PP
-\&\fIX509_STORE_get_verify_cb()\fR, \fIX509_STORE_CTX_get_verify()\fR,
-\&\fIX509_STORE_get_get_issuer()\fR, \fIX509_STORE_get_check_issued()\fR,
-\&\fIX509_STORE_get_check_revocation()\fR, \fIX509_STORE_get_get_crl()\fR,
-\&\fIX509_STORE_get_check_crl()\fR, \fIX509_STORE_set_verify()\fR,
-\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_cert_crl()\fR,
-\&\fIX509_STORE_get_check_policy()\fR, \fIX509_STORE_get_lookup_certs()\fR,
-\&\fIX509_STORE_get_lookup_crls()\fR and \fIX509_STORE_get_cleanup()\fR all return
-the function pointer assigned with \fIX509_STORE_set_check_issued()\fR,
-\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_set_get_crl()\fR,
-\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_set_cert_crl()\fR,
-\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_set_lookup_certs()\fR,
-\&\fIX509_STORE_set_lookup_crls()\fR and \fIX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if
+\&\fBX509_STORE_get_verify_cb()\fR, \fBX509_STORE_CTX_get_verify()\fR,
+\&\fBX509_STORE_get_get_issuer()\fR, \fBX509_STORE_get_check_issued()\fR,
+\&\fBX509_STORE_get_check_revocation()\fR, \fBX509_STORE_get_get_crl()\fR,
+\&\fBX509_STORE_get_check_crl()\fR, \fBX509_STORE_set_verify()\fR,
+\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_cert_crl()\fR,
+\&\fBX509_STORE_get_check_policy()\fR, \fBX509_STORE_get_lookup_certs()\fR,
+\&\fBX509_STORE_get_lookup_crls()\fR and \fBX509_STORE_get_cleanup()\fR all return
+the function pointer assigned with \fBX509_STORE_set_check_issued()\fR,
+\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR,
+\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR,
+\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR,
+\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if
 no assignment has been made.
 .PP
-\&\fIX509_STORE_set_verify_cb_func()\fR, \fIX509_STORE_set_verify_func()\fR and
-\&\fIX509_STORE_set_lookup_crls_cb()\fR are aliases for
-\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_set_verify()\fR and
+\&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and
+\&\fBX509_STORE_set_lookup_crls_cb()\fR are aliases for
+\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and
 X509_STORE_set_lookup_crls, available as macros for backward
 compatibility.
 .SH "NOTES"
 .IX Header "NOTES"
 All the callbacks from a \fBX509_STORE\fR are inherited by the
 corresponding \fBX509_STORE_CTX\fR structure when it is initialized.
-See \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further details.
+See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details.
 .SH "BUGS"
 .IX Header "BUGS"
 The macro version of this function was the only one available before
@@ -329,26 +333,27 @@ The X509_STORE_get_*() functions return a pointer of the appropriate
 function type.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3), \fIX509_STORE_CTX_get0_chain\fR\|(3),
-\&\fIX509_STORE_CTX_verify_cb\fR\|(3), \fIX509_STORE_CTX_verify_fn\fR\|(3),
-\&\fICMS_verify\fR\|(3)
+\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3),
+\&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3),
+\&\fBCMS_verify\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_STORE_set_verify_cb()\fR was added to OpenSSL 1.0.0.
+The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0.
 .PP
-\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_get_verify_cb()\fR,
-\&\fIX509_STORE_set_verify()\fR, \fIX509_STORE_CTX_get_verify()\fR,
-\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_get_issuer()\fR,
-\&\fIX509_STORE_set_check_issued()\fR, \fIX509_STORE_get_check_issued()\fR,
-\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_get_check_revocation()\fR,
-\&\fIX509_STORE_set_get_crl()\fR, \fIX509_STORE_get_get_crl()\fR,
-\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_get_check_crl()\fR,
-\&\fIX509_STORE_set_cert_crl()\fR, \fIX509_STORE_get_cert_crl()\fR,
-\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_get_check_policy()\fR,
-\&\fIX509_STORE_set_lookup_certs()\fR, \fIX509_STORE_get_lookup_certs()\fR,
-\&\fIX509_STORE_set_lookup_crls()\fR, \fIX509_STORE_get_lookup_crls()\fR,
-\&\fIX509_STORE_set_cleanup()\fR and \fIX509_STORE_get_cleanup()\fR were added in
-OpenSSL 1.1.0.
+The functions
+\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_get_verify_cb()\fR,
+\&\fBX509_STORE_set_verify()\fR, \fBX509_STORE_CTX_get_verify()\fR,
+\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_get_issuer()\fR,
+\&\fBX509_STORE_set_check_issued()\fR, \fBX509_STORE_get_check_issued()\fR,
+\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_get_check_revocation()\fR,
+\&\fBX509_STORE_set_get_crl()\fR, \fBX509_STORE_get_get_crl()\fR,
+\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_get_check_crl()\fR,
+\&\fBX509_STORE_set_cert_crl()\fR, \fBX509_STORE_get_cert_crl()\fR,
+\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_get_check_policy()\fR,
+\&\fBX509_STORE_set_lookup_certs()\fR, \fBX509_STORE_get_lookup_certs()\fR,
+\&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR,
+\&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR
+were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index acc934e9c5203..88aa0a8a4987b 100644
--- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_VERIFY_PARAM_SET_FLAGS 3"
-.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -188,38 +192,38 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
 These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with
 a certificate verification operation.
 .PP
-The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring
+The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring
 it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete
 description of values the \fBflags\fR parameter can take.
 .PP
-\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR.
+\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR.
 .PP
-\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR
+\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR
 which specifies how verification flags are copied from one structure to
-another. \fIX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags.
+another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags.
 See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits.
 .PP
-\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR.
+\&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR.
 .PP
-\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR
+\&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR
 to \fBpurpose\fR. This determines the acceptable purpose of the certificate
 chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server.
 .PP
-\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to
+\&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to
 \&\fBtrust\fR.
 .PP
-\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to
+\&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to
 \&\fBt\fR. Normally the current time is used.
 .PP
-\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled
+\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled
 by default) and adds \fBpolicy\fR to the acceptable policy set.
 .PP
-\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled
+\&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled
 by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing
 policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear
 an existing policy set.
 .PP
-\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR.
+\&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR.
 That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a
 chain.
 A maximal depth chain contains 2 more certificates than the limit, since
@@ -230,7 +234,7 @@ directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be o
 intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity
 certificate.
 .PP
-\&\fIX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to
+\&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to
 \&\fBauth_level\fR.
 The authentication security level determines the acceptable signature and public
 key strength when verifying certificate chains.
@@ -239,7 +243,7 @@ must meet the specified security level.
 The signature algorithm security level is not enforced for the chain's \fItrust
 anchor\fR certificate, which is either directly trusted or validated by means other
 than its signature.
-See \fISSL_CTX_set_security_level\fR\|(3) for the definitions of the available
+See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available
 levels.
 The default security level is \-1, or \*(L"not set\*(R".
 At security level 0 or lower all algorithms are acceptable.
@@ -247,7 +251,7 @@ Security level 1 requires at least 80\-bit\-equivalent security and is broadly
 interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys
 shorter than 1024 bits.
 .PP
-\&\fIX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to
+\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to
 \&\fBname\fR clearing any previously specified host name or names.  If
 \&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and
 name checks are not performed on the peer certificate.  If \fBname\fR
@@ -255,12 +259,12 @@ is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR
 must be set to the length of \fBname\fR.
 .PP
 When a hostname is specified,
-certificate verification automatically invokes \fIX509_check_host\fR\|(3)
+certificate verification automatically invokes \fBX509_check_host\fR\|(3)
 with flags equal to the \fBflags\fR argument given to
-\&\fIX509_VERIFY_PARAM_set_hostflags()\fR (default zero).  Applications
+\&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero).  Applications
 are strongly advised to use this interface in preference to explicitly
-calling \fIX509_check_host\fR\|(3), hostname checks may be out of scope
-with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will
+calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope
+with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will
 be suppressed as appropriate when \s-1DANE\s0 verification is enabled.
 .PP
 When the subject CommonName will not be ignored, whether as a result of the
@@ -273,20 +277,20 @@ When the subject CommonName will be ignored, whether as a result of the
 \&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject
 alternative names are present in the certificate, \s-1DNS\s0 name constraints in
 issuer certificates will not be applied to the subject \s-1DN.\s0
-As described in \fIX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR
+As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR
 flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag.
 .PP
-\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a
-call to \fIX509_VERIFY_PARAM_set_hostflags()\fR.
+\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a
+call to \fBX509_VERIFY_PARAM_set_hostflags()\fR.
 .PP
-\&\fIX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference
+\&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference
 identifier that can match the peer's certificate.  Any previous names
-set via \fIX509_VERIFY_PARAM_set1_host()\fR or \fIX509_VERIFY_PARAM_add1_host()\fR
+set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR
 are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty.  When
 multiple names are configured, the peer is considered verified when
 any name matches.
 .PP
-\&\fIX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject
+\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject
 CommonName from the peer certificate that matched one of the reference
 identifiers.  When wildcard matching is not disabled, or when a
 reference identifier specifies a parent domain (starts with \*(L".\*(R")
@@ -296,45 +300,45 @@ string is allocated by the library and is no longer valid once the
 associated \fBparam\fR argument is freed.  Applications must not free
 the return value.
 .PP
-\&\fIX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to
+\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to
 \&\fBemail\fR.  If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise
 \&\fBemaillen\fR must be set to the length of \fBemail\fR.  When an email address
 is specified, certificate verification automatically invokes
-\&\fIX509_check_email\fR\|(3).
+\&\fBX509_check_email\fR\|(3).
 .PP
-\&\fIX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR.
+\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR.
 The \fBip\fR argument is in binary format, in network byte-order and
 \&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6.  When an \s-1IP\s0
 address is specified, certificate verification automatically invokes
-\&\fIX509_check_ip\fR\|(3).
+\&\fBX509_check_ip\fR\|(3).
 .PP
-\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to
+\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to
 \&\fBipasc\fR.  The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string:
 dotted decimal quad for IPv4 and colon-separated hexadecimal for
 IPv6.  The condensed \*(L"::\*(R" notation is supported for IPv6 addresses.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR,
-\&\fIX509_VERIFY_PARAM_set_inh_flags()\fR,
-\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR,
-\&\fIX509_VERIFY_PARAM_add0_policy()\fR \fIX509_VERIFY_PARAM_set1_policies()\fR,
-\&\fIX509_VERIFY_PARAM_set1_host()\fR, \fIX509_VERIFY_PARAM_add1_host()\fR,
-\&\fIX509_VERIFY_PARAM_set1_email()\fR, \fIX509_VERIFY_PARAM_set1_ip()\fR and
-\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for
+\&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR,
+\&\fBX509_VERIFY_PARAM_set_inh_flags()\fR,
+\&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR,
+\&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR,
+\&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_add1_host()\fR,
+\&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and
+\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for
 failure.
 .PP
-\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags.
+\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags.
 .PP
-\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags.
+\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags.
 .PP
-\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags.
+\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags.
 .PP
-\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return
+\&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return
 values.
 .PP
-\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth.
+\&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth.
 .PP
-\&\fIX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security
+\&\fBX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security
 level.
 .SH "VERIFICATION FLAGS"
 .IX Header "VERIFICATION FLAGS"
@@ -389,12 +393,12 @@ signature is that disabled or unsupported message digests on the root \s-1CA\s0
 are not treated as fatal errors.
 .PP
 When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain
-in \fIX509_verify_cert\fR\|(3) will search the trust store for issuer certificates
+in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates
 before searching the provided untrusted certificates.
 Local issuer certificates are often more likely to satisfy local security
 requirements and lead to a locally trusted root.
 This is especially important when some certificates in the trust store have
-explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fIx509\fR\|(1)).
+explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)).
 As of OpenSSL 1.1.0 this option is on by default.
 .PP
 The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative
@@ -421,7 +425,7 @@ verified chain passed to callbacks may be shorter than it otherwise would
 be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag.
 .PP
 The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period
-of certificates and CRLs against the current time. If \fIX509_VERIFY_PARAM_set_time()\fR
+of certificates and CRLs against the current time. If \fBX509_VERIFY_PARAM_set_time()\fR
 is used to specify a verification time, the check is not suppressed.
 .SH "INHERITANCE FLAGS"
 .IX Header "INHERITANCE FLAGS"
@@ -448,7 +452,7 @@ of ORed.
 .IX Header "NOTES"
 The above functions should be used to manipulate verification parameters
 instead of functions which work in specific structures such as
-\&\fIX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future
+\&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future
 release.
 .SH "BUGS"
 .IX Header "BUGS"
@@ -474,18 +478,18 @@ connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_verify_cert\fR\|(3),
-\&\fIX509_check_host\fR\|(3),
-\&\fIX509_check_email\fR\|(3),
-\&\fIX509_check_ip\fR\|(3),
-\&\fIx509\fR\|(1)
+\&\fBX509_verify_cert\fR\|(3),
+\&\fBX509_check_host\fR\|(3),
+\&\fBX509_check_email\fR\|(3),
+\&\fBX509_check_ip\fR\|(3),
+\&\fBx509\fR\|(1)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0
-The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in
-OpenSSL 1.1.0, and has no effect.
+The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0.
+The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0
+and has no effect.
 .PP
-\&\fIX509_VERIFY_PARAM_get_hostflags()\fR was added in OpenSSL 1.1.0i.
+The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2009\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_check_ca.3 b/secure/lib/libcrypto/man/X509_check_ca.3
index a948dd11c3a4d..dab4a8d3fcd74 100644
--- a/secure/lib/libcrypto/man/X509_check_ca.3
+++ b/secure/lib/libcrypto/man/X509_check_ca.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_CHECK_CA 3"
-.TH X509_CHECK_CA 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_CHECK_CA 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,9 +164,9 @@ Actually, any non-zero value means that this certificate could have been
 used to sign other certificates.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_verify_cert\fR\|(3),
-\&\fIX509_check_issued\fR\|(3),
-\&\fIX509_check_purpose\fR\|(3)
+\&\fBX509_verify_cert\fR\|(3),
+\&\fBX509_check_issued\fR\|(3),
+\&\fBX509_check_purpose\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_check_host.3 b/secure/lib/libcrypto/man/X509_check_host.3
index ffa53b5d28940..f882853034dbf 100644
--- a/secure/lib/libcrypto/man/X509_check_host.3
+++ b/secure/lib/libcrypto/man/X509_check_host.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_CHECK_HOST 3"
-.TH X509_CHECK_HOST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_CHECK_HOST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,7 +160,7 @@ certificate matches a given host name, email address, or \s-1IP\s0 address.
 The validity of the certificate and its trust level has to be checked by
 other means.
 .PP
-\&\fIX509_check_host()\fR checks if the certificate Subject Alternative
+\&\fBX509_check_host()\fR checks if the certificate Subject Alternative
 Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host
 name, which must be encoded in the preferred name syntax described
 in section 3.5 of \s-1RFC 1034.\s0  By default, wildcards are supported
@@ -177,23 +181,23 @@ valid for any sub-domain of \fBname\fR, (see also
 When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a
 pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate
 is stored at the address passed in \fBpeername\fR.  The application
-is responsible for freeing the peername via \fIOPENSSL_free()\fR when it
+is responsible for freeing the peername via \fBOPENSSL_free()\fR when it
 is no longer needed.
 .PP
-\&\fIX509_check_email()\fR checks if the certificate matches the specified
+\&\fBX509_check_email()\fR checks if the certificate matches the specified
 email \fBaddress\fR.  Only the mailbox syntax of \s-1RFC 822\s0 is supported,
 comments are not allowed, and no attempt is made to normalize quoted
 characters.  The \fBaddresslen\fR argument must be the number of
 characters in the address string or zero in which case the length
 is calculated with strlen(\fBaddress\fR).
 .PP
-\&\fIX509_check_ip()\fR checks if the certificate matches a specified IPv4 or
+\&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or
 IPv6 address.  The \fBaddress\fR array is in binary format, in network
 byte order.  The length is either 4 (IPv4) or 16 (IPv6).  Only
 explicitly marked addresses in the certificates are considered; \s-1IP\s0
 addresses stored in \s-1DNS\s0 names and Common Names are ignored.
 .PP
-\&\fIX509_check_ip_asc()\fR is similar, except that the NUL-terminated
+\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated
 string \fBaddress\fR is first converted to the internal representation.
 .PP
 The \fBflags\fR argument is usually 0.  It can be the bitwise \s-1OR\s0 of the
@@ -254,23 +258,23 @@ and \-1 for an internal error: typically a memory allocation failure
 or an \s-1ASN.1\s0 decoding error.
 .PP
 All functions can also return \-2 if the input is malformed. For example,
-\&\fIX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded
+\&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded
 NULs.
 .SH "NOTES"
 .IX Header "NOTES"
-Applications are encouraged to use \fIX509_VERIFY_PARAM_set1_host()\fR
-rather than explicitly calling \fIX509_check_host\fR\|(3). Host name
-checks may be out of scope with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage,
+Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR
+rather than explicitly calling \fBX509_check_host\fR\|(3). Host name
+checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage,
 and the internal checks will be suppressed as appropriate when
 \&\s-1DANE\s0 support is enabled.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_get_verify_result\fR\|(3),
-\&\fIX509_VERIFY_PARAM_set1_host\fR\|(3),
-\&\fIX509_VERIFY_PARAM_add1_host\fR\|(3),
-\&\fIX509_VERIFY_PARAM_set1_email\fR\|(3),
-\&\fIX509_VERIFY_PARAM_set1_ip\fR\|(3),
-\&\fIX509_VERIFY_PARAM_set1_ipasc\fR\|(3)
+\&\fBSSL_get_verify_result\fR\|(3),
+\&\fBX509_VERIFY_PARAM_set1_host\fR\|(3),
+\&\fBX509_VERIFY_PARAM_add1_host\fR\|(3),
+\&\fBX509_VERIFY_PARAM_set1_email\fR\|(3),
+\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3),
+\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.0.2.
diff --git a/secure/lib/libcrypto/man/X509_check_issued.3 b/secure/lib/libcrypto/man/X509_check_issued.3
index ac806364796eb..35dcdd81cc5b2 100644
--- a/secure/lib/libcrypto/man/X509_check_issued.3
+++ b/secure/lib/libcrypto/man/X509_check_issued.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_CHECK_ISSUED 3"
-.TH X509_CHECK_ISSUED 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_CHECK_ISSUED 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -158,9 +162,9 @@ Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by
 \&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_verify_cert\fR\|(3),
-\&\fIX509_check_ca\fR\|(3),
-\&\fIverify\fR\|(1)
+\&\fBX509_verify_cert\fR\|(3),
+\&\fBX509_check_ca\fR\|(3),
+\&\fBverify\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_check_private_key.3 b/secure/lib/libcrypto/man/X509_check_private_key.3
index ec825d44c822e..263631e5eefc7 100644
--- a/secure/lib/libcrypto/man/X509_check_private_key.3
+++ b/secure/lib/libcrypto/man/X509_check_private_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_CHECK_PRIVATE_KEY 3"
-.TH X509_CHECK_PRIVATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_CHECK_PRIVATE_KEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,18 +151,18 @@ X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_check_private_key()\fR function checks the consistency of private
+\&\fBX509_check_private_key()\fR function checks the consistency of private
 key \fBk\fR with the public key in \fBx\fR.
 .PP
-\&\fIX509_REQ_check_private_key()\fR is equivalent to \fIX509_check_private_key()\fR
+\&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR
 except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_check_private_key()\fR and \fIX509_REQ_check_private_key()\fR return 1 if
+\&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if
 the keys match each other, and 0 if not.
 .PP
 If the key is invalid or an error occurred, the reason code can be
-obtained using \fIERR_get_error\fR\|(3).
+obtained using \fBERR_get_error\fR\|(3).
 .SH "BUGS"
 .IX Header "BUGS"
 The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed
@@ -168,7 +172,7 @@ of a key pair. So if you pass a public key to these functions in \fBk\fR, it wil
 return success.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_cmp_time.3 b/secure/lib/libcrypto/man/X509_cmp_time.3
index 135fc12197425..4dfc906c84411 100644
--- a/secure/lib/libcrypto/man/X509_cmp_time.3
+++ b/secure/lib/libcrypto/man/X509_cmp_time.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_CMP_TIME 3"
-.TH X509_CMP_TIME 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_CMP_TIME 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,18 +151,18 @@ X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time
-in <cmp_time>. \fIX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in
+\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time
+in <cmp_time>. \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in
 \&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR
 must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its
 format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0
 .PP
-\&\fIX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time
+\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time
 \&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR.
 .PP
-\&\fIX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time
+\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time
 \&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second
-offsets up to the capacity of long, so the newer \fIX509_time_adj_ex()\fR
+offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR
 \&\s-1API\s0 should be preferred.
 .PP
 In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure
@@ -168,15 +172,15 @@ In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as
 time_t, is used.
 .SH "BUGS"
 .IX Header "BUGS"
-Unlike many standard comparison functions, \fIX509_cmp_time()\fR and
-\&\fIX509_cmp_current_time()\fR return 0 on error.
+Unlike many standard comparison functions, \fBX509_cmp_time()\fR and
+\&\fBX509_cmp_current_time()\fR return 0 on error.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_cmp_time()\fR and \fIX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR
+\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR
 is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1
 otherwise. These methods return 0 on error.
 .PP
-\&\fIX509_time_adj()\fR and \fIX509_time_adj_ex()\fR return a pointer to the updated
+\&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated
 \&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/X509_digest.3 b/secure/lib/libcrypto/man/X509_digest.3
index 800c99fa0c779..7d205fa6aaf51 100644
--- a/secure/lib/libcrypto/man/X509_digest.3
+++ b/secure/lib/libcrypto/man/X509_digest.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_DIGEST 3"
-.TH X509_DIGEST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_DIGEST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -164,13 +168,13 @@ X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_dig
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public
+\&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public
 key in the specified X509 \fBdata\fR object.
 All other functions described here return a digest of the \s-1DER\s0 representation
 of their entire \fBdata\fR objects.
 .PP
 The \fBtype\fR parameter specifies the digest to
-be used, such as \fIEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the
+be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the
 digest will be copied and is assumed to be large enough; the constant
 \&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points
 to a place where the digest size will be stored.
@@ -179,7 +183,7 @@ to a place where the digest size will be stored.
 All functions described here return 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIEVP_sha1\fR\|(3)
+\&\fBEVP_sha1\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_dup.3 b/secure/lib/libcrypto/man/X509_dup.3
index 93e18c98584d5..0ed400bac1cc1 100644
--- a/secure/lib/libcrypto/man/X509_dup.3
+++ b/secure/lib/libcrypto/man/X509_dup.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_DUP 3"
-.TH X509_DUP 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_DUP 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -164,30 +168,30 @@ such as its fields.  (On systems which cannot export variables from shared
 libraries, the global is instead a function which returns a pointer to a
 static variable.
 .PP
-The macro \s-1\fIDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files
+The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files
 to generate the function declarations.
 .PP
-The macro \s-1\fIIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file
+The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file
 to generate the function bodies.
 .PP
-\&\fITYPE_new()\fR allocates an empty object of the indicated type.
-The object returned must be released by calling \fITYPE_free()\fR.
+\&\fBTYPE_new()\fR allocates an empty object of the indicated type.
+The object returned must be released by calling \fBTYPE_free()\fR.
 .PP
-\&\fITYPE_dup()\fR copies an existing object.
+\&\fBTYPE_dup()\fR copies an existing object.
 .PP
-\&\fITYPE_free()\fR releases the object and all pointers and sub-objects
+\&\fBTYPE_free()\fR releases the object and all pointers and sub-objects
 within it.
 .PP
-\&\fITYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR.
+\&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR.
 Each line will be prefixed with \fBindent\fR spaces.
 The \fBpctx\fR specifies the printing context and is for internal
 use; use \s-1NULL\s0 to get the default behavior.  If a print function is
 user-defined, then pass in any \fBpctx\fR down to any nested calls.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fITYPE_new()\fR and \fITYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure.
+\&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure.
 .PP
-\&\fITYPE_print_ctx()\fR returns 1 on success or zero on failure.
+\&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_get0_notBefore.3 b/secure/lib/libcrypto/man/X509_get0_notBefore.3
index 12a6d59b947b5..72b45f89e025d 100644
--- a/secure/lib/libcrypto/man/X509_get0_notBefore.3
+++ b/secure/lib/libcrypto/man/X509_get0_notBefore.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET0_NOTBEFORE 3"
-.TH X509_GET0_NOTBEFORE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET0_NOTBEFORE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -158,64 +162,64 @@ X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR return the \fBnotBefore\fR
+\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR
 and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value
 returned is an internal pointer which must not be freed up after
 the call.
 .PP
-\&\fIX509_getm_notBefore()\fR and \fIX509_getm_notAfter()\fR are similar to
-\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR except they return
+\&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to
+\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return
 non-constant mutable references to the associated date field of
 the certificate.
 .PP
-\&\fIX509_set1_notBefore()\fR and \fIX509_set1_notAfter()\fR set the \fBnotBefore\fR
+\&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR
 and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed
 parameter \fBtm\fR is not transferred by these functions so it must
 be freed up after the call.
 .PP
-\&\fIX509_CRL_get0_lastUpdate()\fR and \fIX509_CRL_get0_nextUpdate()\fR return the
+\&\fBX509_CRL_get0_lastUpdate()\fR and \fBX509_CRL_get0_nextUpdate()\fR return the
 \&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value
 returned is an internal pointer which must not be freed up after
 the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then
 \&\fB\s-1NULL\s0\fR is returned.
 .PP
-\&\fIX509_CRL_set1_lastUpdate()\fR and \fIX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR
+\&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR
 and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter
 \&\fBtm\fR is not transferred by these functions so it must be freed up after the
 call.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get0_notBefore()\fR, \fIX509_get0_notAfter()\fR and \fIX509_CRL_get0_lastUpdate()\fR
+\&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR
 return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure.
 .PP
-\&\fIX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure
+\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure
 or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent.
 .PP
-\&\fIX509_set1_notBefore()\fR, \fIX509_set1_notAfter()\fR, \fIX509_CRL_set1_lastUpdate()\fR and
-\&\fIX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure.
+\&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and
+\&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions are available in all versions of OpenSSL.
 .PP
-\&\fIX509_get_notBefore()\fR and \fIX509_get_notAfter()\fR were deprecated in OpenSSL
+\&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL
 1.1.0
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/X509_get0_signature.3 b/secure/lib/libcrypto/man/X509_get0_signature.3
index e9a7f4837a309..a484c2a7f0aef 100644
--- a/secure/lib/libcrypto/man/X509_get0_signature.3
+++ b/secure/lib/libcrypto/man/X509_get0_signature.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET0_SIGNATURE 3"
-.TH X509_GET0_SIGNATURE 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET0_SIGNATURE 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,27 +171,27 @@ X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR
+\&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR
 to the signature algorithm of \fBx\fR. The values returned are internal
 pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call.
 .PP
-\&\fIX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed
+\&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed
 portion of \fBx\fR.
 .PP
-\&\fIX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature
+\&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature
 algorithm of \fBx\fR.
 .PP
-\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR
-\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR perform the
+\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR
+\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR perform the
 same function for certificate requests and CRLs.
 .PP
-\&\fIX509_get_signature_info()\fR retrieves information about the signature of
+\&\fBX509_get_signature_info()\fR retrieves information about the signature of
 certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR,
 the public key algorithm to \fB*pknid\fR, the effective security bits to
 \&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can
 be set to \fB\s-1NULL\s0\fR if the information is not required.
 .PP
-\&\fIX509_SIG_INFO_get()\fR and \fIX509_SIG_INFO_set()\fR get and set information
+\&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information
 about a signature in an \fBX509_SIG_INFO\fR structure. They are only
 used by implementations of algorithms which need to set custom
 signature information: most applications will never need to call
@@ -196,51 +200,53 @@ them.
 .IX Header "NOTES"
 These functions provide lower level access to signatures in certificates
 where an application wishes to analyse or generate a signature in a form
-where \fIX509_sign()\fR et al is not appropriate (for example a non standard
+where \fBX509_sign()\fR et al is not appropriate (for example a non standard
 or unsupported format).
 .PP
-The security bits returned by \fIX509_get_signature_info()\fR refers to information
+The security bits returned by \fBX509_get_signature_info()\fR refers to information
 available from the certificate signature (such as the signing digest). In some
 cases the actual security of the signature is less because the signing
 key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a
 1024 bit \s-1RSA\s0 key.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get_signature_nid()\fR, \fIX509_REQ_get_signature_nid()\fR and
-\&\fIX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0
+\&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and
+\&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0
 .PP
-\&\fIX509_get0_signature()\fR, \fIX509_REQ_get0_signature()\fR and
-\&\fIX509_CRL_get0_signature()\fR do not return values.
+\&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and
+\&\fBX509_CRL_get0_signature()\fR do not return values.
 .PP
-\&\fIX509_get_signature_info()\fR returns 1 if the signature information
+\&\fBX509_get_signature_info()\fR returns 1 if the signature information
 returned is valid or 0 if the information is not available (e.g.
 unknown algorithms or malformed parameters).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_get0_signature()\fR and \fIX509_get_signature_nid()\fR were first added to
-OpenSSL 1.0.2.
+The
+\&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were
+added in OpenSSL 1.0.2.
 .PP
-\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR,
-\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR were first added
-to OpenSSL 1.1.0.
+The
+\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR,
+\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were
+added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_get0_uids.3 b/secure/lib/libcrypto/man/X509_get0_uids.3
index 742fc71a2c406..c05b40139f389 100644
--- a/secure/lib/libcrypto/man/X509_get0_uids.3
+++ b/secure/lib/libcrypto/man/X509_get0_uids.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET0_UIDS 3"
-.TH X509_GET0_UIDS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET0_UIDS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -146,7 +150,7 @@ X509_get0_uids \- get certificate unique identifiers
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique
+\&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique
 identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present.
 .SH "NOTES"
 .IX Header "NOTES"
@@ -154,26 +158,26 @@ The issuer and subject unique identifier fields are very rarely encountered in
 practice outside test cases.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get0_uids()\fR does not return a value.
+\&\fBX509_get0_uids()\fR does not return a value.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/X509_get_extension_flags.3
index c0146c0e31955..82ed11dd4fbec 100644
--- a/secure/lib/libcrypto/man/X509_get_extension_flags.3
+++ b/secure/lib/libcrypto/man/X509_get_extension_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET_EXTENSION_FLAGS 3"
-.TH X509_GET_EXTENSION_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET_EXTENSION_FLAGS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,11 +159,11 @@ X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get_pathlen, X509_get
 .IX Header "DESCRIPTION"
 These functions retrieve information related to commonly used certificate extensions.
 .PP
-\&\fIX509_get_pathlen()\fR retrieves the path length extension from a certificate.
+\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate.
 This extension is used to limit the length of a cert chain that may be
 issued from that \s-1CA.\s0
 .PP
-\&\fIX509_get_extension_flags()\fR retrieves general information about a certificate,
+\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate,
 it will return one or more of the following flags ored together.
 .IP "\fB\s-1EXFLAG_V1\s0\fR" 4
 .IX Item "EXFLAG_V1"
@@ -193,13 +197,13 @@ certificate should be rejected.
 .IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4
 .IX Item "EXFLAG_KUSAGE"
 The certificate contains a key usage extension. The value can be retrieved
-using \fIX509_get_key_usage()\fR.
+using \fBX509_get_key_usage()\fR.
 .IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4
 .IX Item "EXFLAG_XKUSAGE"
 The certificate contains an extended key usage extension. The value can be
-retrieved using \fIX509_get_extended_key_usage()\fR.
+retrieved using \fBX509_get_extended_key_usage()\fR.
 .PP
-\&\fIX509_get_key_usage()\fR returns the value of the key usage extension.  If key
+\&\fBX509_get_key_usage()\fR returns the value of the key usage extension.  If key
 usage is present will return zero or more of the flags:
 \&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR,
 \&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR,
@@ -207,7 +211,7 @@ usage is present will return zero or more of the flags:
 individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is
 returned.
 .PP
-\&\fIX509_get_extended_key_usage()\fR returns the value of the extended key usage
+\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage
 extension. If extended key usage is present it will return zero or more of the
 flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR
 \&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These
@@ -217,63 +221,63 @@ correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR,
 Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are
 present.
 .PP
-\&\fIX509_get0_subject_key_id()\fR returns an internal pointer to the subject key
+\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key
 identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension
 is not present or cannot be parsed.
 .PP
-\&\fIX509_get0_authority_key_id()\fR returns an internal pointer to the authority key
+\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key
 identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension
 is not present or cannot be parsed.
 .PP
-\&\fIX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag.
+\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag.
 This is for the users who need to mark non\-RFC3820 proxy certificates as
 such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
 .PP
-\&\fIX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given
+\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given
 certificate \fBx\fR.  This is for the users who need to mark non\-RFC3820 proxy
 certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones.
 .PP
-\&\fIX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the
+\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the
 given certificate \fBx\fR if it is a proxy certificate.
 .SH "NOTES"
 .IX Header "NOTES"
 The value of the flags correspond to extension values which are cached
 in the \fBX509\fR structure. If the flags returned do not provide sufficient
 information an application should examine extension values directly
-for example using \fIX509_get_ext_d2i()\fR.
+for example using \fBX509_get_ext_d2i()\fR.
 .PP
 If the key usage or extended key usage extension is absent then typically usage
-is unrestricted. For this reason \fIX509_get_key_usage()\fR and
-\&\fIX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding
+is unrestricted. For this reason \fBX509_get_key_usage()\fR and
+\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding
 extension is absent. Applications can additionally check the return value of
-\&\fIX509_get_extension_flags()\fR and take appropriate action is an extension is
+\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is
 absent.
 .PP
-If \fIX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be
+If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be
 absent or malformed. Applications can determine the precise reason using
-\&\fIX509_get_ext_d2i()\fR.
+\&\fBX509_get_ext_d2i()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get_pathlen()\fR returns the path length value, or \-1 if the extension
+\&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension
 is not present.
 .PP
-\&\fIX509_get_extension_flags()\fR, \fIX509_get_key_usage()\fR and
-\&\fIX509_get_extended_key_usage()\fR return sets of flags corresponding to the
+\&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and
+\&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the
 certificate extension values.
 .PP
-\&\fIX509_get0_subject_key_id()\fR returns the subject key identifier as a
+\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a
 pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension
 is absent or an error occurred during parsing.
 .PP
-\&\fIX509_get_proxy_pathlen()\fR returns the path length value if the given
+\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given
 certificate is a proxy one and has a path length set, and \-1 otherwise.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_check_purpose\fR\|(3)
+\&\fBX509_check_purpose\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_get_pathlen()\fR, \fIX509_set_proxy_flag()\fR, \fIX509_set_proxy_pathlen()\fR and
-\&\fIX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0.
+\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and
+\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_get_pubkey.3 b/secure/lib/libcrypto/man/X509_get_pubkey.3
index 6fd823acec308..5dae956571c9e 100644
--- a/secure/lib/libcrypto/man/X509_get_pubkey.3
+++ b/secure/lib/libcrypto/man/X509_get_pubkey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET_PUBKEY 3"
-.TH X509_GET_PUBKEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET_PUBKEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -153,22 +157,22 @@ X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_R
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If
+\&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If
 successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its
 reference count incremented: this means the returned key must be freed up
-after use. \fIX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment
+after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment
 the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up
 after use.
 .PP
-\&\fIX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR
+\&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR
 structure which encodes the certificate of \fBx\fR. The returned value
 must not be freed up after use.
 .PP
-\&\fIX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to
+\&\fBX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to
 \&\fBpkey\fR. The key \fBpkey\fR should be freed up after use.
 .PP
-\&\fIX509_REQ_get_pubkey()\fR, \fIX509_REQ_get0_pubkey()\fR, \fIX509_REQ_set_pubkey()\fR and
-\&\fIX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR.
+\&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and
+\&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is
@@ -177,30 +181,30 @@ return the cached structure with its reference count incremented to
 improve performance.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get_pubkey()\fR, \fIX509_get0_pubkey()\fR, \fIX509_get_X509_PUBKEY()\fR,
-\&\fIX509_REQ_get_pubkey()\fR and \fIX509_REQ_get_X509_PUBKEY()\fR return a public key or
+\&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR,
+\&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or
 \&\fB\s-1NULL\s0\fR if an error occurred.
 .PP
-\&\fIX509_set_pubkey()\fR and \fIX509_REQ_set_pubkey()\fR return 1 for success and 0
+\&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0
 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_get_serialNumber.3 b/secure/lib/libcrypto/man/X509_get_serialNumber.3
index 464f1c0020bac..550b90b39ff6d 100644
--- a/secure/lib/libcrypto/man/X509_get_serialNumber.3
+++ b/secure/lib/libcrypto/man/X509_get_serialNumber.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET_SERIALNUMBER 3"
-.TH X509_GET_SERIALNUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET_SERIALNUMBER 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,44 +151,45 @@ X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an
+\&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an
 \&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value
 returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call.
 .PP
-\&\fIX509_get0_serialNumber()\fR is the same as \fIX509_get_serialNumber()\fR except it
+\&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it
 accepts a const parameter and returns a const result.
 .PP
-\&\fIX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to
+\&\fBX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to
 \&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should
 be freed up after use.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get_serialNumber()\fR and \fIX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR
+\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR
 structure.
 .PP
-\&\fIX509_set_serialNumber()\fR returns 1 for success and 0 for failure.
+\&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_get_serialNumber()\fR and \fIX509_set_serialNumber()\fR are available in
-all versions of OpenSSL. \fIX509_get0_serialNumber()\fR was added in OpenSSL 1.1.0.
+The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are
+available in all versions of OpenSSL.
+The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_get_subject_name.3 b/secure/lib/libcrypto/man/X509_get_subject_name.3
index b056d3480195c..27bed691e71cb 100644
--- a/secure/lib/libcrypto/man/X509_get_subject_name.3
+++ b/secure/lib/libcrypto/man/X509_get_subject_name.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET_SUBJECT_NAME 3"
-.TH X509_GET_SUBJECT_NAME 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET_SUBJECT_NAME 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,51 +159,51 @@ X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_iss
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The
+\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The
 returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed.
 .PP
-\&\fIX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to
+\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to
 \&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed
 up when it is no longer needed.
 .PP
-\&\fIX509_get_issuer_name()\fR and \fIX509_set_issuer_name()\fR are identical to
-\&\fIX509_get_subject_name()\fR and \fIX509_set_subject_name()\fR except the get and
+\&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to
+\&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and
 set the issuer name of \fBx\fR.
 .PP
-Similarly \fIX509_REQ_get_subject_name()\fR, \fIX509_REQ_set_subject_name()\fR,
-\&\fIX509_CRL_get_issuer()\fR and \fIX509_CRL_set_issuer_name()\fR get or set the subject
+Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR,
+\&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject
 or issuer names of certificate requests of CRLs respectively.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get_subject_name()\fR, \fIX509_get_issuer_name()\fR, \fIX509_REQ_get_subject_name()\fR
-and \fIX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer.
+\&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR
+and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer.
 .PP
-\&\fIX509_set_subject_name()\fR, \fIX509_set_issuer_name()\fR, \fIX509_REQ_set_subject_name()\fR
-and \fIX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure.
+\&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR
+and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in
+\&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in
 earlier versions.
 .PP
-\&\fIX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was first added
-to OpenSSL 1.0.0 as a macro.
+\&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously
+added in OpenSSL 1.0.0 as a macro.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3)
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3)
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_get_version.3 b/secure/lib/libcrypto/man/X509_get_version.3
index 73065034be057..0cc7f4ecc23d1 100644
--- a/secure/lib/libcrypto/man/X509_get_version.3
+++ b/secure/lib/libcrypto/man/X509_get_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_GET_VERSION 3"
-.TH X509_GET_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_GET_VERSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,50 +156,50 @@ X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version,
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_get_version()\fR returns the numerical value of the version field of
+\&\fBX509_get_version()\fR returns the numerical value of the version field of
 certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one
 less than the certificate version. So a version 3 certificate will return 2 and
 a version 1 certificate will return 0.
 .PP
-\&\fIX509_set_version()\fR sets the numerical value of the version field of certificate
+\&\fBX509_set_version()\fR sets the numerical value of the version field of certificate
 \&\fBx\fR to \fBversion\fR.
 .PP
-Similarly \fIX509_REQ_get_version()\fR, \fIX509_REQ_set_version()\fR,
-\&\fIX509_CRL_get_version()\fR and \fIX509_CRL_set_version()\fR get and set the version
+Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR,
+\&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version
 number of certificate requests and CRLs.
 .SH "NOTES"
 .IX Header "NOTES"
 The version field of certificates, certificate requests and CRLs has a
-\&\s-1DEFAULT\s0 value of \fB\f(BIv1\fB\|(0)\fR meaning the field should be omitted for version
+\&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version
 1. This is handled transparently by these functions.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR
+\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR
 return the numerical value of the version field.
 .PP
-\&\fIX509_set_version()\fR, \fIX509_REQ_set_version()\fR and \fIX509_CRL_set_version()\fR
+\&\fBX509_set_version()\fR, \fBX509_REQ_set_version()\fR and \fBX509_CRL_set_version()\fR
 return 1 for success and 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR are
+\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are
 functions in OpenSSL 1.1.0, in previous versions they were macros.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3
index de1353f59784a..2fe941f2f53c2 100644
--- a/secure/lib/libcrypto/man/X509_new.3
+++ b/secure/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NEW 3"
-.TH X509_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_NEW 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -151,54 +155,54 @@ X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 all
 The X509 \s-1ASN1\s0 allocation routines, allocate and free an
 X509 structure, which represents an X509 certificate.
 .PP
-\&\fIX509_new()\fR allocates and initializes a X509 structure with reference count
+\&\fBX509_new()\fR allocates and initializes a X509 structure with reference count
 \&\fB1\fR.
 .PP
-\&\fIX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and
+\&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and
 frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done.
 .PP
-\&\fIX509_up_ref()\fR increments the reference count of \fBa\fR.
+\&\fBX509_up_ref()\fR increments the reference count of \fBa\fR.
 .PP
-\&\fIX509_chain_up_ref()\fR increases the reference count of all certificates in
+\&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in
 chain \fBx\fR and returns a copy of the stack.
 .SH "NOTES"
 .IX Header "NOTES"
-The function \fIX509_up_ref()\fR if useful if a certificate structure is being
+The function \fBX509_up_ref()\fR if useful if a certificate structure is being
 used by several different operations each of which will free it up after
 use: this avoids the need to duplicate the entire certificate structure.
 .PP
-The function \fIX509_chain_up_ref()\fR doesn't just up the reference count of
-each certificate it also returns a copy of the stack, using \fIsk_X509_dup()\fR,
+The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of
+each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR,
 but it serves a similar purpose: the returned chain persists after the
 original has been freed.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
-code that can be obtained by \fIERR_get_error\fR\|(3).
+If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fBERR_get_error\fR\|(3).
 Otherwise it returns a pointer to the newly allocated structure.
 .PP
-\&\fIX509_up_ref()\fR returns 1 for success and 0 for failure.
+\&\fBX509_up_ref()\fR returns 1 for success and 0 for failure.
 .PP
-\&\fIX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error
+\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error
 occurred.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_sign.3 b/secure/lib/libcrypto/man/X509_sign.3
index fde61ff41e5c7..c323f9f84d750 100644
--- a/secure/lib/libcrypto/man/X509_sign.3
+++ b/secure/lib/libcrypto/man/X509_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_SIGN 3"
-.TH X509_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_SIGN 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,20 +159,20 @@ X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_RE
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message
-digest \fBmd\fR and sets the signature in \fBx\fR. \fIX509_sign_ctx()\fR also signs
+\&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message
+digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs
 certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR.
 .PP
-\&\fIX509_verify()\fR verifies the signature of certificate \fBx\fR using public key
+\&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key
 \&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate
 chain validity) are performed.
 .PP
-\&\fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR, \fIX509_REQ_verify()\fR,
-\&\fIX509_CRL_sign()\fR, \fIX509_CRL_sign_ctx()\fR and \fIX509_CRL_verify()\fR sign and verify
+\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR,
+\&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify
 certificate requests and CRLs respectively.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\fIX509_sign_ctx()\fR is used where the default parameters for the corresponding
+\&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding
 public key and digest are not suitable. It can be used to sign keys using
 RSA-PSS for example.
 .PP
@@ -180,39 +184,39 @@ normally a problem because modifying the signed portion will invalidate the
 signature and signing will always update the encoding.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509_sign()\fR, \fIX509_sign_ctx()\fR, \fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR,
-\&\fIX509_CRL_sign()\fR and \fIX509_CRL_sign_ctx()\fR return the size of the signature
+\&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR,
+\&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature
 in bytes for success and zero for failure.
 .PP
-\&\fIX509_verify()\fR, \fIX509_REQ_verify()\fR and \fIX509_CRL_verify()\fR return 1 if the
+\&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the
 signature is valid and 0 if the signature check fails. If the signature
 could not be checked at all because it was invalid or some other error
 occurred then \-1 is returned.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3),
-\&\fIERR_get_error\fR\|(3),
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBd2i_X509\fR\|(3),
+\&\fBERR_get_error\fR\|(3),
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIX509_sign()\fR, \fIX509_REQ_sign()\fR and \fIX509_CRL_sign()\fR are available in all
-versions of OpenSSL.
+The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are
+available in all versions of OpenSSL.
 .PP
-\&\fIX509_sign_ctx()\fR, \fIX509_REQ_sign_ctx()\fR and \fIX509_CRL_sign_ctx()\fR were first added
-to OpenSSL 1.0.1.
+The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR
+and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3
index fab02e6ff4d76..11f4966aa5633 100644
--- a/secure/lib/libcrypto/man/X509_verify_cert.3
+++ b/secure/lib/libcrypto/man/X509_verify_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_VERIFY_CERT 3"
-.TH X509_VERIFY_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509_VERIFY_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,9 +149,9 @@ X509_verify_cert \- discover and verify X509 certificate chain
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fIX509_verify_cert()\fR function attempts to discover and validate a
+The \fBX509_verify_cert()\fR function attempts to discover and validate a
 certificate chain based on parameters in \fBctx\fR. A complete description of
-the process is contained in the \fIverify\fR\|(1) manual page.
+the process is contained in the \fBverify\fR\|(1) manual page.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 If a complete chain can be built and validated this function returns 1,
@@ -155,14 +159,14 @@ otherwise it return zero, in exceptional circumstances it can also
 return a negative code.
 .PP
 If the function fails additional error information can be obtained by
-examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR.
+examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
 Applications rarely call this function directly but it is used by
 OpenSSL internally for certificate validation, in both the S/MIME and
 \&\s-1SSL/TLS\s0 code.
 .PP
-A negative return value from \fIX509_verify_cert()\fR can occur if it is invoked
+A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked
 incorrectly, such as with no certificate set in \fBctx\fR, or when it is called
 twice in succession without reinitialising \fBctx\fR for the second call.
 A negative return value can also happen due to internal resource problems or if
@@ -175,7 +179,7 @@ This function uses the header \fBx509.h\fR as opposed to most chain verification
 functions which use \fBx509_vfy.h\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509_STORE_CTX_get_error\fR\|(3)
+\&\fBX509_STORE_CTX_get_error\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 b/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
index 2028b107d357f..bc153bf477754 100644
--- a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
+++ b/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509V3_GET_EXT_BY_NID 3"
-.TH X509V3_GET_EXT_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509V3_GET_EXT_BY_NID 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -181,53 +185,53 @@ X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_O
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR.
+\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR.
 .PP
-\&\fIX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR
+\&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR
 can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned
 extension is an internal pointer which \fBmust not\fR be freed up by the
 application.
 .PP
-\&\fIX509v3_get_ext_by_NID()\fR and \fIX509v3_get_ext_by_OBJ()\fR look for an extension
+\&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension
 with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the
 extension after \fBlastpos\fR or from the beginning if <lastpos> is \fB\-1\fR. If
 the extension is found its index is returned otherwise \fB\-1\fR is returned.
 .PP
-\&\fIX509v3_get_ext_by_critical()\fR is similar to \fIX509v3_get_ext_by_NID()\fR except it
+\&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it
 looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR
 looks for a non-critical extension a non-zero value looks for a critical
 extension.
 .PP
-\&\fIX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The
+\&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The
 deleted extension is returned and must be freed by the caller. If \fBloc\fR
 is in invalid index value \fB\s-1NULL\s0\fR is returned.
 .PP
-\&\fIX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If
+\&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If
 \&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR
 a new stack will be allocated. The passed extension \fBex\fR is duplicated
 internally so it must be freed after use.
 .PP
-\&\fIX509_get_ext_count()\fR, \fIX509_get_ext()\fR, \fIX509_get_ext_by_NID()\fR,
-\&\fIX509_get_ext_by_OBJ()\fR, \fIX509_get_ext_by_critical()\fR, \fIX509_delete_ext()\fR
-and \fIX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are
+\&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR,
+\&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR
+and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are
 otherwise identical to the X509v3 functions.
 .PP
-\&\fIX509_CRL_get_ext_count()\fR, \fIX509_CRL_get_ext()\fR, \fIX509_CRL_get_ext_by_NID()\fR,
-\&\fIX509_CRL_get_ext_by_OBJ()\fR, \fIX509_CRL_get_ext_by_critical()\fR,
-\&\fIX509_CRL_delete_ext()\fR and \fIX509_CRL_add_ext()\fR operate on the extensions of
+\&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR,
+\&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR,
+\&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of
 \&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions.
 .PP
-\&\fIX509_REVOKED_get_ext_count()\fR, \fIX509_REVOKED_get_ext()\fR,
-\&\fIX509_REVOKED_get_ext_by_NID()\fR, \fIX509_REVOKED_get_ext_by_OBJ()\fR,
-\&\fIX509_REVOKED_get_ext_by_critical()\fR, \fIX509_REVOKED_delete_ext()\fR and
-\&\fIX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR
+\&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR,
+\&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR,
+\&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and
+\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR
 they are otherwise identical to the X509v3 functions.
 .SH "NOTES"
 .IX Header "NOTES"
 These functions are used to examine stacks of extensions directly. Many
 applications will want to parse or encode and add an extension: they should
 use the extension encode and decode functions instead such as
-\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR.
+\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR.
 .PP
 Extension indices start from zero, so a zero index return value is \fBnot\fR an
 error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR
@@ -235,21 +239,21 @@ parameter so it should initially be set to \fB\-1\fR, if it is set to zero the
 initial extension will not be checked.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIX509v3_get_ext_count()\fR returns the extension count.
+\&\fBX509v3_get_ext_count()\fR returns the extension count.
 .PP
-\&\fIX509v3_get_ext()\fR, \fIX509v3_delete_ext()\fR and \fIX509_delete_ext()\fR return an
+\&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an
 \&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs.
 .PP
-\&\fIX509v3_get_ext_by_NID()\fR \fIX509v3_get_ext_by_OBJ()\fR and
-\&\fIX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an
+\&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and
+\&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an
 error occurs.
 .PP
-\&\fIX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error.
+\&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error.
 .PP
-\&\fIX509_add_ext()\fR returns 1 on success and 0 on error.
+\&\fBX509_add_ext()\fR returns 1 on success and 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIX509V3_get_d2i\fR\|(3)
+\&\fBX509V3_get_d2i\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3
index 96733a3831668..5f8bc547f4538 100644
--- a/secure/lib/libcrypto/man/d2i_DHparams.3
+++ b/secure/lib/libcrypto/man/d2i_DHparams.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "D2I_DHPARAMS 3"
-.TH D2I_DHPARAMS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH D2I_DHPARAMS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -149,17 +153,17 @@ d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions
 These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the
 DHparameter structure described in PKCS#3.
 .PP
-Otherwise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
-described in the \fId2i_X509\fR\|(3) manual page.
+Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR
+described in the \fBd2i_X509\fR\|(3) manual page.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fId2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred.
+\&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIi2d_DHparams()\fR returns the length of encoded data on success or a value which
+\&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which
 is less than or equal to 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fId2i_X509\fR\|(3)
+\&\fBd2i_X509\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
index b2a78550aaf9e..b3f9e592d1f28 100644
--- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
+++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "D2I_PKCS8PRIVATEKEY_BIO 3"
-.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -166,29 +170,29 @@ The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
 PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
 .PP
 Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the
-corresponding \fB\s-1PEM\s0\fR function as described in \fIPEM_read_PrivateKey\fR\|(3).
+corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format.
 .PP
 Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which
 work directly on memory: this can be readily worked around by converting the buffers
-to memory BIOs, see \fIBIO_s_mem\fR\|(3) for details.
+to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details.
 .PP
 These functions make no assumption regarding the pass phrase received from the
 password callback.
 It will simply be treated as a byte sequence.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fId2i_PKCS8PrivateKey_bio()\fR and \fId2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR
+\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR
 structure or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIi2d_PKCS8PrivateKey_bio()\fR, \fIi2d_PKCS8PrivateKey_fp()\fR, \fIi2d_PKCS8PrivateKey_nid_bio()\fR
-and \fIi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error.
+\&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR
+and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIPEM_read_PrivateKey\fR\|(3),
-\&\fIpassphrase\-encoding\fR\|(7)
+\&\fBPEM_read_PrivateKey\fR\|(3),
+\&\fBpassphrase\-encoding\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PrivateKey.3
index c7fbaf861cf97..d43f6cb97558e 100644
--- a/secure/lib/libcrypto/man/d2i_PrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_PrivateKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "D2I_PRIVATEKEY 3"
-.TH D2I_PRIVATEKEY 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH D2I_PRIVATEKEY 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -155,45 +159,49 @@ d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fId2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to
+\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to
 use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The
 \&\fBtype\fR parameter should be a public key algorithm constant such as
 \&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR.
-\&\fId2i_PublicKey()\fR does the same for public keys.
+\&\fBd2i_PublicKey()\fR does the same for public keys.
 .PP
-\&\fId2i_AutoPrivateKey()\fR is similar to \fId2i_PrivateKey()\fR except it attempts to
+\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to
 automatically detect the private key format.
 .PP
-\&\fIi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is
+\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is
 defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format.
-\&\fIi2d_PublicKey()\fR does the same for public keys.
+\&\fBi2d_PublicKey()\fR does the same for public keys.
 .PP
-These functions are similar to the \fId2i_X509()\fR functions; see \fId2i_X509\fR\|(3).
+These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing
 to encrypt or decrypt private keys should use other functions such as
-\&\fId2i_PKCS8PrivateKey()\fR instead.
+\&\fBd2i_PKCS8PrivateKey()\fR instead.
 .PP
-If the \fB*a\fR is not \s-1NULL\s0 when calling \fId2i_PrivateKey()\fR or \fId2i_AutoPrivateKey()\fR
+If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR
 (i.e. an existing structure is being reused) and the key format is PKCS#8
 then \fB*a\fR will be freed and replaced on a successful call.
+.PP
+To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be
+a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper
+\&\s-1EC_GROUP.\s0
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fId2i_PrivateKey()\fR and \fId2i_AutoPrivateKey()\fR return a valid \fB\s-1EVP_KEY\s0\fR structure
-or \fB\s-1NULL\s0\fR if an error occurs. The error code can be obtained by calling
-\&\fIERR_get_error\fR\|(3).
+The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR,
+and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an
+error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3).
 .PP
-\&\fIi2d_PrivateKey()\fR returns the number of bytes successfully encoded or a
-negative value if an error occurs. The error code can be obtained by calling
-\&\fIERR_get_error\fR\|(3).
+\&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully
+encoded or a negative value if an error occurs. The error code can be obtained
+by calling \fBERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrypto\fR\|(7),
-\&\fId2i_PKCS8PrivateKey_bio\fR\|(3)
+\&\fBcrypto\fR\|(7),
+\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
index 082f9f6970a58..e5b054d3076c6 100644
--- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
+++ b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "D2I_SSL_SESSION 3"
-.TH D2I_SSL_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH D2I_SSL_SESSION 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,7 +152,7 @@ d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 repr
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 These functions decode and encode an \s-1SSL_SESSION\s0 object.
-For encoding details see \fId2i_X509\fR\|(3).
+For encoding details see \fBd2i_X509\fR\|(3).
 .PP
 \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache
 list, when being inserted into one \s-1SSL_CTX\s0 object's session cache.
@@ -157,17 +161,17 @@ only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created
 from this \s-1SSL_CTX\s0 object).
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0
+\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0
 object. In case of failure the NULL-pointer is returned and the error message
 can be retrieved from the error stack.
 .PP
-\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes.
+\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes.
 When the session is not valid, \fB0\fR is returned and no operation is performed.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3),
-\&\fISSL_CTX_sess_set_get_cb\fR\|(3),
-\&\fId2i_X509\fR\|(3)
+\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3),
+\&\fBSSL_CTX_sess_set_get_cb\fR\|(3),
+\&\fBd2i_X509\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3
index 0f9e840e9f46a..23f845b5358c4 100644
--- a/secure/lib/libcrypto/man/d2i_X509.3
+++ b/secure/lib/libcrypto/man/d2i_X509.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "D2I_X509 3"
-.TH D2I_X509 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH D2I_X509 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,7 +163,7 @@ encoding.  Unlike the C structures which can have pointers to sub-objects
 within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the
 network, writing to a file, and so on.
 .PP
-\&\fId2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a
+\&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a
 pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to
 the byte following the parsed data.  If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer
 to the returned structure is also written to \fB*a\fR.  If an error occurred
@@ -171,13 +175,13 @@ contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it.
 \&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN
 VALUES\s0 section).
 .PP
-\&\fId2i_TYPE_bio()\fR is similar to \fId2i_TYPE()\fR except it attempts
+\&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts
 to parse data from \s-1BIO\s0 \fBbp\fR.
 .PP
-\&\fId2i_TYPE_fp()\fR is similar to \fId2i_TYPE()\fR except it attempts
+\&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts
 to parse data from \s-1FILE\s0 pointer \fBfp\fR.
 .PP
-\&\fIi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format.
+\&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format.
 If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer
 at \fB*ppout\fR, and increments it to point after the data just written.
 If the return value is negative an error occurred, otherwise it
@@ -187,16 +191,16 @@ If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and t
 data written to it. In this case \fB*ppout\fR is not incremented and it points
 to the start of the data just written.
 .PP
-\&\fIi2d_TYPE_bio()\fR is similar to \fIi2d_TYPE()\fR except it writes
+\&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes
 the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it
 returns 1 for success and 0 for failure.
 .PP
-\&\fIi2d_TYPE_fp()\fR is similar to \fIi2d_TYPE()\fR except it writes
+\&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes
 the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it
 returns 1 for success and 0 for failure.
 .PP
 These routines do not encrypt private keys and therefore offer no
-security; use \fIPEM_write_PrivateKey\fR\|(3) or similar for writing to files.
+security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files.
 .SH "NOTES"
 .IX Header "NOTES"
 The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for
@@ -205,13 +209,13 @@ So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0
 .PP
 The functions can also understand \fB\s-1BER\s0\fR forms.
 .PP
-The actual \s-1TYPE\s0 structure passed to \fIi2d_TYPE()\fR must be a valid
+The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid
 populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an
-empty structure such as that returned by \fITYPE_new()\fR.
+empty structure such as that returned by \fBTYPE_new()\fR.
 .PP
 The encoded data is in binary form and may contain embedded zeroes.
 Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode.
-Functions such as \fIstrlen()\fR will \fBnot\fR return the correct length
+Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length
 of the encoded structure.
 .PP
 The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation
@@ -237,7 +241,7 @@ Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure.
 .IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4
 .IX Item "DSAPublicKey, DSAPrivateKey"
 Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR,
-\&\fB\f(BIPEM_write_PrivateKey\fB\|(3)\fR, or similar instead.
+\&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead.
 .IP "\fBRSAPublicKey\fR" 4
 .IX Item "RSAPublicKey"
 Represents a PKCS#1 \s-1RSA\s0 public key structure.
@@ -316,10 +320,10 @@ mistake is to attempt to use a buffer directly as follows:
 .PP
 This code will result in \fBbuf\fR apparently containing garbage because
 it was incremented after the call to point after the data just written.
-Also \fBbuf\fR will no longer contain the pointer allocated by \fIOPENSSL_malloc()\fR
-and the subsequent call to \fIOPENSSL_free()\fR is likely to crash.
+Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR
+and the subsequent call to \fBOPENSSL_free()\fR is likely to crash.
 .PP
-Another trap to avoid is misuse of the \fBa\fR argument to \fId2i_TYPE()\fR:
+Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR:
 .PP
 .Vb 1
 \& X509 *x;
@@ -328,41 +332,41 @@ Another trap to avoid is misuse of the \fBa\fR argument to \fId2i_TYPE()\fR:
 \&     /* error */
 .Ve
 .PP
-This will probably crash somewhere in \fId2i_X509()\fR. The reason for this
+This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this
 is that the variable \fBx\fR is uninitialized and an attempt will be made to
 interpret its (invalid) value as an \fBX509\fR structure, typically causing
 a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not
 happen.
 .SH "BUGS"
 .IX Header "BUGS"
-In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_TYPE()\fR when
+In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when
 \&\fB*px\fR is valid is broken and some parts of the reused structure may
 persist if they are not present in the new one. As a result the use
 of this \*(L"reuse\*(R" behaviour is strongly discouraged.
 .PP
-\&\fIi2d_TYPE()\fR will not return an error in many versions of OpenSSL,
+\&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL,
 if mandatory fields are not initialized due to a programming error
 then the encoded structure may contain invalid data or omit the
-fields entirely and will not be parsed by \fId2i_TYPE()\fR. This may be
-fixed in future so code should not assume that \fIi2d_TYPE()\fR will
+fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be
+fixed in future so code should not assume that \fBi2d_TYPE()\fR will
 always succeed.
 .PP
-Any function which encodes a structure (\fIi2d_TYPE()\fR,
-\&\fIi2d_TYPE()\fR or \fIi2d_TYPE()\fR) may return a stale encoding if the
+Any function which encodes a structure (\fBi2d_TYPE()\fR,
+\&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the
 structure has been modified after deserialization or previous
 serialization. This is because some objects cache the encoding for
 efficiency reasons.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fId2i_TYPE()\fR, \fId2i_TYPE_bio()\fR and \fId2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure
+\&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure
 or \fB\s-1NULL\s0\fR if an error occurs.  If the \*(L"reuse\*(R" capability has been used with
 a valid structure being passed in via \fBa\fR, then the object is not freed in
 the event of error but may be in a potentially invalid or inconsistent state.
 .PP
-\&\fIi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative
+\&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative
 value if an error occurs.
 .PP
-\&\fIi2d_TYPE_bio()\fR and \fIi2d_TYPE_fp()\fR return 1 for success and 0 if an error
+\&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error
 occurs.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
index c7cd21d8225a0..6894341d076be 100644
--- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "I2D_CMS_BIO_STREAM 3"
-.TH I2D_CMS_BIO_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH I2D_CMS_BIO_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,29 +149,29 @@ i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format.
+\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format.
 .PP
-It is otherwise identical to the function \fISMIME_write_CMS()\fR.
+It is otherwise identical to the function \fBSMIME_write_CMS()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting
+This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting
 streaming.
 .SH "BUGS"
 .IX Header "BUGS"
 The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure.
+\&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
-\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
-\&\fICMS_decrypt\fR\|(3),
-\&\fISMIME_write_CMS\fR\|(3),
-\&\fIPEM_write_bio_CMS_stream\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3),
+\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3)
+\&\fBCMS_decrypt\fR\|(3),
+\&\fBSMIME_write_CMS\fR\|(3),
+\&\fBPEM_write_bio_CMS_stream\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIi2d_CMS_bio_stream()\fR was added to OpenSSL 1.0.0
+The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
index feb2a63d5bcb1..fc1d08214eb91 100644
--- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "I2D_PKCS7_BIO_STREAM 3"
-.TH I2D_PKCS7_BIO_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH I2D_PKCS7_BIO_STREAM 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,29 +149,29 @@ i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format.
+\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format.
 .PP
-It is otherwise identical to the function \fISMIME_write_PKCS7()\fR.
+It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR.
 .SH "NOTES"
 .IX Header "NOTES"
-This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting
+This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting
 streaming.
 .SH "BUGS"
 .IX Header "BUGS"
 The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure.
+\&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
-\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
-\&\fIPKCS7_decrypt\fR\|(3),
-\&\fISMIME_write_PKCS7\fR\|(3),
-\&\fIPEM_write_bio_PKCS7_stream\fR\|(3)
+\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3),
+\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3)
+\&\fBPKCS7_decrypt\fR\|(3),
+\&\fBSMIME_write_PKCS7\fR\|(3),
+\&\fBPEM_write_bio_PKCS7_stream\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIi2d_PKCS7_bio_stream()\fR was added to OpenSSL 1.0.0
+The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 b/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
index 036aea450d7b5..2e76321ff47fb 100644
--- a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
+++ b/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "I2D_RE_X509_TBS 3"
-.TH I2D_RE_X509_TBS 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH I2D_RE_X509_TBS 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,19 +156,19 @@ d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_RE
 The X509 encode and decode routines encode and parse an
 \&\fBX509\fR structure, which represents an X509 certificate.
 .PP
-\&\fId2i_X509_AUX()\fR is similar to \fId2i_X509\fR\|(3) but the input is expected to
+\&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to
 consist of an X509 certificate followed by auxiliary trust information.
 This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects.
 This function should not be called on untrusted input.
 .PP
-\&\fIi2d_X509_AUX()\fR is similar to \fIi2d_X509\fR\|(3), but the encoded output
+\&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output
 contains both the certificate and any auxiliary trust information.
 This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects.
 Note that this is a non-standard OpenSSL-specific data format.
 .PP
-\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509\fR\|(3) except it encodes only
-the TBSCertificate portion of the certificate.  \fIi2d_re_X509_CRL_tbs()\fR
-and \fIi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request,
+\&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only
+the TBSCertificate portion of the certificate.  \fBi2d_re_X509_CRL_tbs()\fR
+and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request,
 respectively.  The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R",
 and ensures that a fresh encoding is generated in case the object has been
 modified after creation (see the \s-1BUGS\s0 section).
@@ -174,36 +178,36 @@ in the \fBX509\fR structure internally to improve encoding performance
 and to ensure certificate signatures are verified correctly in some
 certificates with broken (non-DER) encodings.
 .PP
-If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR,
+If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR,
 the encoding is automatically renewed. Otherwise, the encoding of the
 TBSCertificate portion of the \fBX509\fR can be manually renewed by calling
-\&\fIi2d_re_X509_tbs()\fR.
+\&\fBi2d_re_X509_tbs()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fId2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred.
+\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred.
 .PP
-\&\fIi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error.
+\&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error.
 .PP
-\&\fIi2d_re_X509_tbs()\fR, \fIi2d_re_X509_CRL_tbs()\fR and \fIi2d_re_X509_REQ_tbs()\fR return the
+\&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the
 length of encoded data or 0 on error.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIERR_get_error\fR\|(3)
-\&\fIX509_CRL_get0_by_serial\fR\|(3),
-\&\fIX509_get0_signature\fR\|(3),
-\&\fIX509_get_ext_d2i\fR\|(3),
-\&\fIX509_get_extension_flags\fR\|(3),
-\&\fIX509_get_pubkey\fR\|(3),
-\&\fIX509_get_subject_name\fR\|(3),
-\&\fIX509_get_version\fR\|(3),
-\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
-\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
-\&\fIX509_NAME_get_index_by_NID\fR\|(3),
-\&\fIX509_NAME_print_ex\fR\|(3),
-\&\fIX509_new\fR\|(3),
-\&\fIX509_sign\fR\|(3),
-\&\fIX509V3_get_d2i\fR\|(3),
-\&\fIX509_verify_cert\fR\|(3)
+\&\fBERR_get_error\fR\|(3)
+\&\fBX509_CRL_get0_by_serial\fR\|(3),
+\&\fBX509_get0_signature\fR\|(3),
+\&\fBX509_get_ext_d2i\fR\|(3),
+\&\fBX509_get_extension_flags\fR\|(3),
+\&\fBX509_get_pubkey\fR\|(3),
+\&\fBX509_get_subject_name\fR\|(3),
+\&\fBX509_get_version\fR\|(3),
+\&\fBX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fBX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fBX509_NAME_get_index_by_NID\fR\|(3),
+\&\fBX509_NAME_print_ex\fR\|(3),
+\&\fBX509_new\fR\|(3),
+\&\fBX509_sign\fR\|(3),
+\&\fBX509V3_get_d2i\fR\|(3),
+\&\fBX509_verify_cert\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/lib/libcrypto/man/o2i_SCT_LIST.3 b/secure/lib/libcrypto/man/o2i_SCT_LIST.3
index 0aa43c0254b92..fe6cba5ec0a44 100644
--- a/secure/lib/libcrypto/man/o2i_SCT_LIST.3
+++ b/secure/lib/libcrypto/man/o2i_SCT_LIST.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "O2I_SCT_LIST 3"
-.TH O2I_SCT_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH O2I_SCT_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,9 +163,9 @@ All of the functions have return values consistent with those stated for
 d2i_SCT_LIST and i2d_SCT_LIST.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIct\fR\|(7),
-\&\fId2i_SCT_LIST\fR\|(3),
-\&\fIi2d_SCT_LIST\fR\|(3)
+\&\fBct\fR\|(7),
+\&\fBd2i_SCT_LIST\fR\|(3),
+\&\fBi2d_SCT_LIST\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.1.0.
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index 126e63cbaa85a..62361743b4172 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CA.PL 1"
-.TH CA.PL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CA.PL 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -265,7 +269,7 @@ the request and finally create a PKCS#12 file containing it.
 .SH "DSA CERTIFICATES"
 .IX Header "DSA CERTIFICATES"
 Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to
-use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command
+use it with \s-1DSA\s0 certificates and requests using the \fBreq\fR\|(1) command
 directly. The following example shows the steps that would typically be taken.
 .PP
 Create some \s-1DSA\s0 parameters:
@@ -325,8 +329,8 @@ by a beginner. Its behaviour isn't always what is wanted. For more control over
 behaviour of the certificate commands call the \fBopenssl\fR command directly.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1),
-\&\fIconfig\fR\|(5)
+\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBreq\fR\|(1), \fBpkcs12\fR\|(1),
+\&\fBconfig\fR\|(5)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index a9d20be114bf8..5f7227df4d515 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1PARSE 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -205,7 +209,7 @@ option can be used multiple times to \*(L"drill down\*(R" into a nested structur
 .IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4
 .IX Item "-genstr string, -genconf file"
 Generate encoded data based on \fBstring\fR, \fBfile\fR or both using
-\&\fIASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is
+\&\fBASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is
 present then the string is obtained from the default section using the name
 \&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as
 though it came from a file, the contents can thus be examined and written to a
@@ -324,7 +328,7 @@ There should be options to change the format of output lines. The output of some
 \&\s-1ASN.1\s0 types is not well handled (if at all).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIASN1_generate_nconf\fR\|(3)
+\&\fBASN1_generate_nconf\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index c155e24150989..c235cc738963e 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CA 1"
-.TH CA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CA 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -207,7 +211,7 @@ This prints extra details about the operations being performed.
 .IX Item "-config filename"
 Specifies the configuration file to use.
 Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
 .IP "\fB\-name section\fR" 4
 .IX Item "-name section"
 Specifies the configuration file section to use (overrides
@@ -269,7 +273,7 @@ self-signed certificate.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-notext\fR" 4
 .IX Item "-notext"
 Don't output the text form of a certificate to the output file.
@@ -331,8 +335,8 @@ The section of the configuration file containing certificate extensions
 to be added when a certificate is issued (defaults to \fBx509_extensions\fR
 unless the \fB\-extfile\fR option is used). If no extension section is
 present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created. See the:w
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+is present (even if it is empty), then a V3 certificate is created. See the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
 extension section format.
 .IP "\fB\-extfile file\fR" 4
 .IX Item "-extfile file"
@@ -444,7 +448,7 @@ created, if the \s-1CRL\s0 extension section is present (even if it is
 empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are
 \&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions.  It should be noted
 that some software (for example Netscape) can't handle V2 CRLs. See
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
 extension section format.
 .SH "CONFIGURATION FILE OPTIONS"
 .IX Header "CONFIGURATION FILE OPTIONS"
@@ -802,11 +806,11 @@ earlier than year 2049 (included), and as GeneralizedTime if the dates
 are in year 2050 or later.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIreq\fR\|(1), \fIspkac\fR\|(1), \fIx509\fR\|(1), \s-1\fICA\s0.pl\fR\|(1),
-\&\fIconfig\fR\|(5), \fIx509v3_config\fR\|(5)
+\&\fBreq\fR\|(1), \fBspkac\fR\|(1), \fBx509\fR\|(1), \s-1\fBCA\s0.pl\fR\|(1),
+\&\fBconfig\fR\|(5), \fBx509v3_config\fR\|(5)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index 82d7870c8e318..98a408437bcba 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CIPHERS 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -190,7 +194,7 @@ When combined with \fB\-s\fR includes cipher suites which require \s-1SRP.\s0
 .IP "\fB\-v\fR" 4
 .IX Item "-v"
 Verbose output: For each cipher suite, list details as provided by
-\&\fISSL_CIPHER_description\fR\|(3).
+\&\fBSSL_CIPHER_description\fR\|(3).
 .IP "\fB\-V\fR" 4
 .IX Item "-V"
 Like \fB\-v\fR, but include the official cipher suite values in hex.
@@ -845,7 +849,7 @@ Set security level to 2 and display all ciphers consistent with level 2:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIssl\fR\|(7)
+\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBssl\fR\|(7)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0.
@@ -853,7 +857,7 @@ The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0.
 The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled
 (\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1.
 .PP
-The \fB\-convert\fR was added in OpenSSL 1.1.1.
+The \fB\-convert\fR option was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index 152fc013ecc21..07e20e17f4f93 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS 1"
-.TH CMS 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -397,8 +401,8 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
 .IX Item "-cipher"
 The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR
 or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the
-\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
-example \fB\-aes\-128\-cbc\fR. See \fIenc\fR\|(1) for a list of ciphers
+\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
+example \fB\-aes\-128\-cbc\fR. See \fBenc\fR\|(1) for a list of ciphers
 supported by your version of OpenSSL.
 .Sp
 If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and
@@ -534,7 +538,7 @@ or to modify default parameters for \s-1ECDH.\s0
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-rand file...\fR" 4
 .IX Item "-rand file..."
 A file or files containing random data used to seed the random number
@@ -559,7 +563,7 @@ address matches that specified in the From: address.
 .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
 Set various certificate chain validation options. See the
-\&\fIverify\fR\|(1) manual page for details.
+\&\fBverify\fR\|(1) manual page for details.
 .SH "NOTES"
 .IX Header "NOTES"
 The \s-1MIME\s0 message must be sent without any blank lines between the
@@ -606,7 +610,7 @@ tried whether they succeed or not and if no recipients match the message
 is \*(L"decrypted\*(R" using a random key which will typically output garbage.
 The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection
 and return an error if no recipient can be found: this option should be used
-with caution. For a fuller description see \fICMS_decrypt\fR\|(3)).
+with caution. For a fuller description see \fBCMS_decrypt\fR\|(3)).
 .SH "EXIT CODES"
 .IX Header "EXIT CODES"
 .IP "0" 4
@@ -798,14 +802,14 @@ No revocation checking is done on the signer's certificate.
 The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first
 added in OpenSSL 1.0.0.
 .PP
-The \fBkeyopt\fR option was first added in OpenSSL 1.0.2.
+The \fBkeyopt\fR option was added in OpenSSL 1.0.2.
 .PP
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
+Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.
 .PP
-The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR was first added
-to OpenSSL 1.0.2.
+The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR
+was added in OpenSSL 1.0.2.
 .PP
-The \-no_alt_chains options was first added to OpenSSL 1.0.2b.
+The \-no_alt_chains option was added in OpenSSL 1.0.2b.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index 628cb3213b1b6..31c680c498b27 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CRL 1"
-.TH CRL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CRL 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -184,7 +188,7 @@ Print out the \s-1CRL\s0 in text form.
 .IP "\fB\-nameopt option\fR" 4
 .IX Item "-nameopt option"
 Option which determines how the subject or issuer names are displayed. See
-the description of \fB\-nameopt\fR in \fIx509\fR\|(1).
+the description of \fB\-nameopt\fR in \fBx509\fR\|(1).
 .IP "\fB\-noout\fR" 4
 .IX Item "-noout"
 Don't output the encoded version of the \s-1CRL.\s0
@@ -242,7 +246,7 @@ Ideally it should be possible to create a \s-1CRL\s0 using appropriate options
 and files too.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrl2pkcs7\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1)
+\&\fBcrl2pkcs7\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index 20a5269e33f62..abb3876dcd3cd 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CRL2PKCS7 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -212,7 +216,7 @@ The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can b
 install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIpkcs7\fR\|(1)
+\&\fBpkcs7\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index db0c6100ae4ef..d959cf3572b54 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DGST 1"
-.TH DGST 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DGST 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -219,7 +223,7 @@ Names and values of these options are algorithm-specific.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-verify filename\fR" 4
 .IX Item "-verify filename"
 Verify the signature using the public key in \*(L"filename\*(R".
@@ -325,11 +329,11 @@ or similar program to transform the hex signature into a binary signature
 prior to verification.
 .SH "HISTORY"
 .IX Header "HISTORY"
-The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0
-The FIPS-related options were removed in OpenSSL 1.1.0
+The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0.
+The FIPS-related options were removed in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index f0a753566e989..5670aba30964f 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DHPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -230,7 +234,7 @@ This option prints out the \s-1DH\s0 parameters in human readable form.
 .IP "\fB\-C\fR" 4
 .IX Item "-C"
 This option converts the parameters into C code. The parameters can then
-be loaded by calling the \fIget_dhNNNN()\fR function.
+be loaded by calling the \fBget_dhNNNN()\fR function.
 .IP "\fB\-engine id\fR" 4
 .IX Item "-engine id"
 Specifying an engine (by its unique \fBid\fR string) will cause \fBdhparam\fR
@@ -261,7 +265,7 @@ This program manipulates \s-1DH\s0 parameters not keys.
 There should be a way to generate and manipulate \s-1DH\s0 keys.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIdsaparam\fR\|(1)
+\&\fBdsaparam\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index a799b42bfff5e..f4ac6765f9c29 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA 1"
-.TH DSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -198,7 +202,7 @@ prompted for.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-out filename\fR" 4
 .IX Item "-out filename"
 This specifies the output filename to write a key to or standard output by
@@ -208,7 +212,7 @@ filename.
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
 The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4
 .IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea"
 These options encrypt the private key with the specified
@@ -290,8 +294,8 @@ To just output the public part of a private key:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIdsaparam\fR\|(1), \fIgendsa\fR\|(1), \fIrsa\fR\|(1),
-\&\fIgenrsa\fR\|(1)
+\&\fBdsaparam\fR\|(1), \fBgendsa\fR\|(1), \fBrsa\fR\|(1),
+\&\fBgenrsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index b9c6088097d1f..06228699f9b3d 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSAPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -189,7 +193,7 @@ This option prints out the \s-1DSA\s0 parameters in human readable form.
 .IP "\fB\-C\fR" 4
 .IX Item "-C"
 This option converts the parameters into C code. The parameters can then
-be loaded by calling the \fIget_dsaXXX()\fR function.
+be loaded by calling the \fBget_dsaXXX()\fR function.
 .IP "\fB\-genkey\fR" 4
 .IX Item "-genkey"
 This option will generate a \s-1DSA\s0 either using the specified or generated
@@ -229,8 +233,8 @@ for all available algorithms.
 \&\s-1DSA\s0 parameters is often used to generate several distinct keys.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIgendsa\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIrsa\fR\|(1)
+\&\fBgendsa\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBrsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index b2288579a6009..d51ada449b94c 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC 1"
-.TH EC 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -191,7 +195,7 @@ prompted for.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-out filename\fR" 4
 .IX Item "-out filename"
 This specifies the output filename to write a key to or standard output by
@@ -201,7 +205,7 @@ filename.
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
 The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-des|\-des3|\-idea\fR" 4
 .IX Item "-des|-des3|-idea"
 These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or
@@ -218,9 +222,6 @@ Prints out the public, private key components and parameters.
 .IP "\fB\-noout\fR" 4
 .IX Item "-noout"
 This option prevents output of the encoded version of the key.
-.IP "\fB\-modulus\fR" 4
-.IX Item "-modulus"
-This option prints out the value of the public key component of the key.
 .IP "\fB\-pubin\fR" 4
 .IX Item "-pubin"
 By default, a private key is read from the input file. With this option a
@@ -314,10 +315,10 @@ To change the point conversion form to \fBcompressed\fR:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIecparam\fR\|(1), \fIdsa\fR\|(1), \fIrsa\fR\|(1)
+\&\fBecparam\fR\|(1), \fBdsa\fR\|(1), \fBrsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index a422cf92a865b..93bdd9b186b15 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ECPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -193,7 +197,7 @@ This option prints out the \s-1EC\s0 parameters in human readable form.
 .IP "\fB\-C\fR" 4
 .IX Item "-C"
 This option converts the \s-1EC\s0 parameters into C code. The parameters can then
-be loaded by calling the \fIget_ec_group_XXX()\fR function.
+be loaded by calling the \fBget_ec_group_XXX()\fR function.
 .IP "\fB\-check\fR" 4
 .IX Item "-check"
 Validate the elliptic curve parameters.
@@ -297,7 +301,7 @@ To print out the \s-1EC\s0 parameters to standard output:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIec\fR\|(1), \fIdsaparam\fR\|(1)
+\&\fBec\fR\|(1), \fBdsaparam\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2003\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index c39476ff7383d..927018cd2d0e4 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ENC 1"
-.TH ENC 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ENC 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -194,7 +198,7 @@ The output filename, standard output by default.
 .IP "\fB\-pass arg\fR" 4
 .IX Item "-pass arg"
 The password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-e\fR" 4
 .IX Item "-e"
 Encrypt the input data: this is the default.
@@ -364,7 +368,7 @@ management issues also affect other modes currently exposed in \fBenc\fR,
 but the failure modes are less extreme in these cases, and the
 functionality cannot be removed with a stable release branch.
 For bulk encryption of data, whether using authenticated encryption
-modes or other modes, \fIcms\fR\|(1) is recommended, as it provides a
+modes or other modes, \fBcms\fR\|(1) is recommended, as it provides a
 standard data format and performs the needed key/iv/nonce management.
 .PP
 .Vb 1
@@ -522,7 +526,7 @@ certain parameters. So if, for example, you want to use \s-1RC2\s0 with a
 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program.
 .SH "HISTORY"
 .IX Header "HISTORY"
-The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in Openssl 1.1.0.
+The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/engine.1 b/secure/usr.bin/openssl/man/engine.1
index 851f31e46ae31..ff7917274d3db 100644
--- a/secure/usr.bin/openssl/man/engine.1
+++ b/secure/usr.bin/openssl/man/engine.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ENGINE 1"
-.TH ENGINE 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ENGINE 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -225,7 +229,7 @@ To list the capabilities of the \fIrsax\fR engine:
 The path to the engines directory.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIconfig\fR\|(5)
+\&\fBconfig\fR\|(5)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index 25f92828f2899..3b6daca1a4665 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERRSTR 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index cdcaaf281d71e..b72bc23f994ac 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "GENDSA 1"
-.TH GENDSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH GENDSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -203,8 +207,8 @@ and examined using the \fBopenssl dsaparam\fR command.
 much quicker that \s-1RSA\s0 key generation for example.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIdsaparam\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIrsa\fR\|(1)
+\&\fBdsaparam\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBrsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index 1fd374770d10c..bbb5c72b33ad7 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH GENPKEY 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -168,11 +172,11 @@ This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is
 .IP "\fB\-pass arg\fR" 4
 .IX Item "-pass arg"
 The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-\f(BIcipher\fB\fR" 4
 .IX Item "-cipher"
 This option encrypts the private key with the supplied cipher. Any algorithm
-name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
+name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
 .IP "\fB\-engine id\fR" 4
 .IX Item "-engine id"
 Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR
@@ -417,9 +421,9 @@ Generate an \s-1ED448\s0 private key:
 .SH "HISTORY"
 .IX Header "HISTORY"
 The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly,
-were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in
-OpenSSL 1.1.0. The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in
-OpenSSL 1.1.1.
+were added in OpenSSL 1.0.2.
+The ability to generate X25519 keys was added in OpenSSL 1.1.0.
+The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index f2221a082d6a5..7845ce19fec79 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "GENRSA 1"
-.TH GENRSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH GENRSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -176,7 +180,7 @@ standard output is used.
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
 The output file password source. For more information about the format
-of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4
 .IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea"
 These options encrypt the private key with specified
@@ -228,7 +232,7 @@ may vary somewhat. But in general, more primes lead to less generation time
 of a key.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIgendsa\fR\|(1)
+\&\fBgendsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/list.1 b/secure/usr.bin/openssl/man/list.1
index 8b0d6cf3486f6..573027fbbb31c 100644
--- a/secure/usr.bin/openssl/man/list.1
+++ b/secure/usr.bin/openssl/man/list.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "LIST 1"
-.TH LIST 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH LIST 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -168,7 +172,7 @@ Display a list of standard commands.
 .IP "\fB\-digest\-commands\fR" 4
 .IX Item "-digest-commands"
 Display a list of message digest commands, which are typically used
-as input to the \fIdgst\fR\|(1) or \fIspeed\fR\|(1) commands.
+as input to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands.
 .IP "\fB\-digest\-algorithms\fR" 4
 .IX Item "-digest-algorithms"
 Display a list of message digest algorithms.
@@ -178,7 +182,7 @@ then \fBfoo\fR is an alias for the official algorithm name, \fBbar\fR.
 .IP "\fB\-cipher\-commands\fR" 4
 .IX Item "-cipher-commands"
 Display a list of cipher commands, which are typically used as input
-to the \fIdgst\fR\|(1) or \fIspeed\fR\|(1) commands.
+to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands.
 .IP "\fB\-cipher\-algorithms\fR" 4
 .IX Item "-cipher-algorithms"
 Display a list of cipher algorithms.
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index c181828447920..6cf495394d75e 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "NSEQ 1"
-.TH NSEQ 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH NSEQ 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index a8c9c564d3fec..b47b837a24de4 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP 1"
-.TH OCSP 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -313,7 +317,7 @@ Child processes will detect changes in the \s-1CA\s0 index file and automaticall
 reload it.
 When running as a responder \fB\-timeout\fR option is recommended to limit the time
 each child is willing to wait for the client's \s-1OCSP\s0 response.
-This option is available on \s-1POSIX\s0 systems (that support the \fIfork()\fR and other
+This option is available on \s-1POSIX\s0 systems (that support the \fBfork()\fR and other
 required unix system-calls).
 .IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4
 .IX Item "-CAfile file, -CApath pathname"
@@ -328,7 +332,7 @@ Do not load the trusted \s-1CA\s0 certificates from the default directory locati
 .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
 Set different certificate verification options.
-See \fIverify\fR\|(1) manual page for details.
+See \fBverify\fR\|(1) manual page for details.
 .IP "\fB\-verify_other file\fR" 4
 .IX Item "-verify_other file"
 File containing additional certificates to search when attempting to locate
@@ -569,7 +573,7 @@ to a second file.
 .Ve
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \-no_alt_chains options was first added to OpenSSL 1.1.0.
+The \-no_alt_chains option was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index bd6dbf7a69763..cc688f4852276 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -173,7 +177,7 @@ The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in
 (\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
 .PP
 Detailed documentation and use cases for most standard subcommands are available
-(e.g., \fIx509\fR\|(1) or \fIopenssl\-x509\fR\|(1)).
+(e.g., \fBx509\fR\|(1) or \fBopenssl\-x509\fR\|(1)).
 .PP
 Many commands use an external configuration file for some or all of their
 arguments and have a \fB\-config\fR option to specify that file.
@@ -235,18 +239,18 @@ Message Digest Calculation.
 .IP "\fBdh\fR" 4
 .IX Item "dh"
 Diffie-Hellman Parameter Management.
-Obsoleted by \fIdhparam\fR\|(1).
+Obsoleted by \fBdhparam\fR\|(1).
 .IP "\fBdhparam\fR" 4
 .IX Item "dhparam"
 Generation and Management of Diffie-Hellman Parameters. Superseded by
-\&\fIgenpkey\fR\|(1) and \fIpkeyparam\fR\|(1).
+\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1).
 .IP "\fBdsa\fR" 4
 .IX Item "dsa"
 \&\s-1DSA\s0 Data Management.
 .IP "\fBdsaparam\fR" 4
 .IX Item "dsaparam"
 \&\s-1DSA\s0 Parameter Generation and Management. Superseded by
-\&\fIgenpkey\fR\|(1) and \fIpkeyparam\fR\|(1).
+\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1).
 .IP "\fBec\fR" 4
 .IX Item "ec"
 \&\s-1EC\s0 (Elliptic curve) key processing.
@@ -265,17 +269,17 @@ Error Number to Error String Conversion.
 .IP "\fBgendh\fR" 4
 .IX Item "gendh"
 Generation of Diffie-Hellman Parameters.
-Obsoleted by \fIdhparam\fR\|(1).
+Obsoleted by \fBdhparam\fR\|(1).
 .IP "\fBgendsa\fR" 4
 .IX Item "gendsa"
 Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by
-\&\fIgenpkey\fR\|(1) and \fIpkey\fR\|(1).
+\&\fBgenpkey\fR\|(1) and \fBpkey\fR\|(1).
 .IP "\fBgenpkey\fR" 4
 .IX Item "genpkey"
 Generation of Private Key or Parameters.
 .IP "\fBgenrsa\fR" 4
 .IX Item "genrsa"
-Generation of \s-1RSA\s0 Private Key. Superseded by \fIgenpkey\fR\|(1).
+Generation of \s-1RSA\s0 Private Key. Superseded by \fBgenpkey\fR\|(1).
 .IP "\fBnseq\fR" 4
 .IX Item "nseq"
 Create or examine a Netscape certificate sequence.
@@ -321,7 +325,7 @@ PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management.
 .IP "\fBrsautl\fR" 4
 .IX Item "rsautl"
 \&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded
-by  \fIpkeyutl\fR\|(1).
+by  \fBpkeyutl\fR\|(1).
 .IP "\fBs_client\fR" 4
 .IX Item "s_client"
 This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
@@ -434,7 +438,7 @@ The following aliases provide convenient access to the most used encodings
 and ciphers.
 .PP
 Depending on how OpenSSL was configured and built, not all ciphers listed
-here may be present. See \fIenc\fR\|(1) for more information and command usage.
+here may be present. See \fBenc\fR\|(1) for more information and command usage.
 .IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4
 .IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb"
 \&\s-1AES\-128\s0 Cipher
@@ -521,7 +525,7 @@ prompted to enter one: this will typically be read from the current
 terminal with echoing turned off.
 .PP
 Note that character encoding may be relevant, please see
-\&\fIpassphrase\-encoding\fR\|(7).
+\&\fBpassphrase\-encoding\fR\|(7).
 .IP "\fBpass:password\fR" 4
 .IX Item "pass:password"
 The actual password is \fBpassword\fR. Since the password is visible
@@ -548,22 +552,22 @@ send the data via a pipe for example.
 Read the password from standard input.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIciphers\fR\|(1), \fIcms\fR\|(1), \fIconfig\fR\|(5),
-\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1),
-\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1),
-\&\fIec\fR\|(1), \fIecparam\fR\|(1),
-\&\fIenc\fR\|(1), \fIengine\fR\|(1), \fIerrstr\fR\|(1), \fIgendsa\fR\|(1), \fIgenpkey\fR\|(1),
-\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIocsp\fR\|(1),
-\&\fIpasswd\fR\|(1),
-\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1),
-\&\fIpkey\fR\|(1), \fIpkeyparam\fR\|(1), \fIpkeyutl\fR\|(1), \fIprime\fR\|(1),
-\&\fIrand\fR\|(1), \fIrehash\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1),
-\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1),
-\&\fIs_server\fR\|(1), \fIs_time\fR\|(1), \fIsess_id\fR\|(1),
-\&\fIsmime\fR\|(1), \fIspeed\fR\|(1), \fIspkac\fR\|(1), \fIsrp\fR\|(1), \fIstoreutl\fR\|(1),
-\&\fIts\fR\|(1),
-\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1),
-\&\fIcrypto\fR\|(7), \fIssl\fR\|(7), \fIx509v3_config\fR\|(5)
+\&\fBasn1parse\fR\|(1), \fBca\fR\|(1), \fBciphers\fR\|(1), \fBcms\fR\|(1), \fBconfig\fR\|(5),
+\&\fBcrl\fR\|(1), \fBcrl2pkcs7\fR\|(1), \fBdgst\fR\|(1),
+\&\fBdhparam\fR\|(1), \fBdsa\fR\|(1), \fBdsaparam\fR\|(1),
+\&\fBec\fR\|(1), \fBecparam\fR\|(1),
+\&\fBenc\fR\|(1), \fBengine\fR\|(1), \fBerrstr\fR\|(1), \fBgendsa\fR\|(1), \fBgenpkey\fR\|(1),
+\&\fBgenrsa\fR\|(1), \fBnseq\fR\|(1), \fBocsp\fR\|(1),
+\&\fBpasswd\fR\|(1),
+\&\fBpkcs12\fR\|(1), \fBpkcs7\fR\|(1), \fBpkcs8\fR\|(1),
+\&\fBpkey\fR\|(1), \fBpkeyparam\fR\|(1), \fBpkeyutl\fR\|(1), \fBprime\fR\|(1),
+\&\fBrand\fR\|(1), \fBrehash\fR\|(1), \fBreq\fR\|(1), \fBrsa\fR\|(1),
+\&\fBrsautl\fR\|(1), \fBs_client\fR\|(1),
+\&\fBs_server\fR\|(1), \fBs_time\fR\|(1), \fBsess_id\fR\|(1),
+\&\fBsmime\fR\|(1), \fBspeed\fR\|(1), \fBspkac\fR\|(1), \fBsrp\fR\|(1), \fBstoreutl\fR\|(1),
+\&\fBts\fR\|(1),
+\&\fBverify\fR\|(1), \fBversion\fR\|(1), \fBx509\fR\|(1),
+\&\fBcrypto\fR\|(7), \fBssl\fR\|(7), \fBx509v3_config\fR\|(5)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0;
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index b44ea2d0d68a6..7842c1f0cd7fa 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PASSWD 1"
-.TH PASSWD 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PASSWD 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index dca9461fefad6..1de3d361e9da6 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12 1"
-.TH PKCS12 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS12 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -202,12 +206,12 @@ default.  They are all written in \s-1PEM\s0 format.
 .IX Item "-passin arg"
 The PKCS#12 file (i.e. input file) password source. For more information about
 the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
-\&\fIopenssl\fR\|(1).
+\&\fBopenssl\fR\|(1).
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
 Pass phrase source to encrypt any outputted private keys with. For more
 information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section
-in \fIopenssl\fR\|(1).
+in \fBopenssl\fR\|(1).
 .IP "\fB\-password arg\fR" 4
 .IX Item "-password arg"
 With \-export, \-password is equivalent to \-passout.
@@ -260,7 +264,8 @@ Don't attempt to verify the integrity \s-1MAC\s0 before reading the file.
 .IX Item "-twopass"
 Prompt for separate integrity and encryption passwords: most software
 always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+\&\-password, \-passin (if importing) or \-passout (if exporting).
 .SH "FILE CREATION OPTIONS"
 .IX Header "FILE CREATION OPTIONS"
 .IP "\fB\-export\fR" 4
@@ -300,12 +305,12 @@ displays them.
 .IX Item "-pass arg, -passout arg"
 The PKCS#12 file (i.e. output file) password source. For more information about
 the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
-\&\fIopenssl\fR\|(1).
+\&\fBopenssl\fR\|(1).
 .IP "\fB\-passin password\fR" 4
 .IX Item "-passin password"
 Pass phrase source to decrypt any input private keys with. For more information
 about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
-\&\fIopenssl\fR\|(1).
+\&\fBopenssl\fR\|(1).
 .IP "\fB\-chain\fR" 4
 .IX Item "-chain"
 If this option is present then an attempt is made to include the entire
@@ -462,10 +467,10 @@ Include some extra certificates:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIpkcs8\fR\|(1)
+\&\fBpkcs8\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index 9154b12bf9c3d..a25577c2333d3 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7 1"
-.TH PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS7 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -227,7 +231,7 @@ This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0
 cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIcrl2pkcs7\fR\|(1)
+\&\fBcrl2pkcs7\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index ad6119457beab..711e150d1dc8b 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS8 1"
-.TH PKCS8 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS8 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -196,7 +200,7 @@ prompted for.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-out filename\fR" 4
 .IX Item "-out filename"
 This specifies the output filename to write a key to or standard output by
@@ -206,7 +210,7 @@ filename.
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
 The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-iter count\fR" 4
 .IX Item "-iter count"
 When creating new PKCS#8 containers, use a given number of iterations on
@@ -415,11 +419,11 @@ There should be an option that prints out the encryption algorithm
 in use and other details such as the iteration count.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIdsa\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1)
+\&\fBdsa\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fB\-iter\fR option was added to OpenSSL 1.1.0.
+The \fB\-iter\fR option was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index 6a9196412fe83..c77fc34788c5c 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKEY 1"
-.TH PKEY 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKEY 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -180,7 +184,7 @@ prompted for.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-out filename\fR" 4
 .IX Item "-out filename"
 This specifies the output filename to write a key to or standard output if this
@@ -190,7 +194,7 @@ filename.
 .IP "\fB\-passout password\fR" 4
 .IX Item "-passout password"
 The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-traditional\fR" 4
 .IX Item "-traditional"
 Normally a private key is written using standard format: this is PKCS#8 form
@@ -199,7 +203,7 @@ option is specified then the older \*(L"traditional\*(R" format is used instead.
 .IP "\fB\-\f(BIcipher\fB\fR" 4
 .IX Item "-cipher"
 These options encrypt the private key with the supplied cipher. Any algorithm
-name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
+name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
 .IP "\fB\-text\fR" 4
 .IX Item "-text"
 Prints out the various public or private key components in
@@ -272,8 +276,8 @@ To just output the public part of a private key:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1),
-\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1)
+\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1),
+\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index 0f84ec6ff4da2..19b9d76233269 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKEYPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -191,8 +195,8 @@ There are no \fB\-inform\fR or \fB\-outform\fR options for this command because
 \&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1),
-\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1)
+\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1),
+\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index 1c413421a3a7f..e1ff78e7a7fc6 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKEYUTL 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -195,7 +199,7 @@ The key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 Default is \s-1PEM.\s0
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The input key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-peerkey file\fR" 4
 .IX Item "-peerkey file"
 The peer key file, used by key derivation (agreement) operations.
@@ -238,7 +242,7 @@ Use key derivation function \fBalgorithm\fR.  The supported algorithms are
 at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR.
 Note: additional parameters and the \s-1KDF\s0 output length will normally have to be
 set for this to work.
-See \fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
+See \fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
 for the supported string parameters of each algorithm.
 .IP "\fB\-kdflen length\fR" 4
 .IX Item "-kdflen length"
@@ -282,7 +286,7 @@ and its implementation. The OpenSSL operations and options are indicated below.
 Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option
 which specifies the digest in use for sign, verify and verifyrecover operations.
 The value \fBalg\fR should represent a digest name as used in the
-\&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to
+\&\fBEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to
 hash the input data. It is used (by some algorithms) for sanity-checking the
 lengths of data passed in to the \fBpkeyutl\fR and for creating the structures that
 make up the signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures).
@@ -412,9 +416,9 @@ seed consisting of the single byte 0xFF:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIgenpkey\fR\|(1), \fIpkey\fR\|(1), \fIrsautl\fR\|(1)
-\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
+\&\fBgenpkey\fR\|(1), \fBpkey\fR\|(1), \fBrsautl\fR\|(1)
+\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/prime.1 b/secure/usr.bin/openssl/man/prime.1
index ded2a5e5ac522..a697aab69ccc7 100644
--- a/secure/usr.bin/openssl/man/prime.1
+++ b/secure/usr.bin/openssl/man/prime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PRIME 1"
-.TH PRIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PRIME 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index ae88ed6a3b9b0..23db172545bed 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND 1"
-.TH RAND 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -181,7 +185,7 @@ Perform base64 encoding on the output.
 Show the output as a hex string.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIRAND_bytes\fR\|(3)
+\&\fBRAND_bytes\fR\|(3)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index 20cf8fe68768f..f44a0ee084014 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REQ 1"
-.TH REQ 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH REQ 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -208,7 +212,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not specified.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-out filename\fR" 4
 .IX Item "-out filename"
 This specifies the output filename to write to or standard output by
@@ -216,7 +220,7 @@ default.
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
 The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-text\fR" 4
 .IX Item "-text"
 Prints out the certificate request in text form.
@@ -318,7 +322,7 @@ signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use
 .IX Item "-config filename"
 This allows an alternative configuration file to be specified.
 Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
 .IP "\fB\-subj arg\fR" 4
 .IX Item "-subj arg"
 Sets subject name for new request or supersedes the subject name
@@ -393,13 +397,13 @@ configuration file, must be valid \s-1UTF8\s0 strings.
 Option which determines how the subject or issuer names are displayed. The
 \&\fBoption\fR argument can be a single option or multiple options separated by
 commas.  Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
 .IP "\fB\-reqopt\fR" 4
 .IX Item "-reqopt"
 Customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be
 a single option or multiple options separated by commas.
 .Sp
-See discussion of the  \fB\-certopt\fR parameter in the \fIx509\fR\|(1)
+See discussion of the  \fB\-certopt\fR parameter in the \fBx509\fR\|(1)
 command.
 .IP "\fB\-newhdr\fR" 4
 .IX Item "-newhdr"
@@ -494,7 +498,7 @@ problems with BMPStrings and UTF8Strings: in particular Netscape.
 This specifies the configuration file section containing a list of
 extensions to add to the certificate request. It can be overridden
 by the \fB\-reqexts\fR command line switch. See the
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
 extension section format.
 .IP "\fBx509_extensions\fR" 4
 .IX Item "x509_extensions"
@@ -572,7 +576,7 @@ The actual permitted field names are any object identifier short or
 long names. These are compiled into OpenSSL and include the usual
 values such as commonName, countryName, localityName, organizationName,
 organizationalUnitName, stateOrProvinceName. Additionally emailAddress
-is include as well as name, surname, givenName initials and dnQualifier.
+is included as well as name, surname, givenName, initials, and dnQualifier.
 .PP
 Additional object identifiers can be defined with the \fBoid_file\fR or
 \&\fBoid_section\fR options in the configuration file. Any additional fields
@@ -775,9 +779,9 @@ statically defined in the configuration file. Some of these: like an email
 address in subjectAltName should be input by the user.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1), \fIconfig\fR\|(5),
-\&\fIx509v3_config\fR\|(5)
+\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1), \fBconfig\fR\|(5),
+\&\fBx509v3_config\fR\|(5)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 53e2d89a7f741..e658eee3b21d3 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA 1"
-.TH RSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -198,7 +202,7 @@ prompted for.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-out filename\fR" 4
 .IX Item "-out filename"
 This specifies the output filename to write a key to or standard output if this
@@ -208,7 +212,7 @@ filename.
 .IP "\fB\-passout password\fR" 4
 .IX Item "-passout password"
 The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4
 .IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea"
 These options encrypt the private key with the specified
@@ -314,8 +318,8 @@ There should be an option that automatically handles .key files,
 without having to manually edit them.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIpkcs8\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1)
+\&\fBpkcs8\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index 089d1ac607892..6b1486957ebdc 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSAUTL 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -330,7 +334,7 @@ and its digest computed with:
 which it can be seen agrees with the recovered value above.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1)
+\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index 3601cd511b79e..395b3f56bee43 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH S_CLIENT 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -231,6 +235,7 @@ openssl\-s_client, s_client \- SSL/TLS client program
 [\fB\-dtls1\fR]
 [\fB\-dtls1_2\fR]
 [\fB\-sctp\fR]
+[\fB\-sctp_label_bug\fR]
 [\fB\-fallback_scsv\fR]
 [\fB\-async\fR]
 [\fB\-max_send_frag\fR]
@@ -276,7 +281,7 @@ to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool
 .IX Header "OPTIONS"
 In addition to the options below the \fBs_client\fR utility also supports the
 common and client only options documented in the
-in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3)
+in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3)
 manual page.
 .IP "\fB\-help\fR" 4
 .IX Item "-help"
@@ -309,14 +314,17 @@ Use IPv6 only.
 .IP "\fB\-servername name\fR" 4
 .IX Item "-servername name"
 Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message to
-the given value. If both this option and the \fB\-noservername\fR are not given, the
-\&\s-1TLS SNI\s0 extension is still set to the hostname provided to the \fB\-connect\fR option,
-or \*(L"localhost\*(R" if \fB\-connect\fR has not been supplied. This is default since OpenSSL
-1.1.1.
+the given value. 
+If \fB\-servername\fR is not provided, the \s-1TLS SNI\s0 extension will be populated with 
+the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is 
+not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R".
+This is the default since OpenSSL 1.1.1.
 .Sp
-Even though \s-1SNI\s0 name should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, this
-option will not make the distinction when parsing \fB\-connect\fR and will send
-\&\s-1IP\s0 address if one passed.
+Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if 
+\&\fB\-servername\fR is provided then that name will be sent, regardless of whether 
+it is a \s-1DNS\s0 name or not.
+.Sp
+This option cannot be used in conjuction with \fB\-noservername\fR.
 .IP "\fB\-noservername\fR" 4
 .IX Item "-noservername"
 Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the
@@ -362,7 +370,7 @@ Extra certificate and private key format respectively.
 .IP "\fB\-pass arg\fR" 4
 .IX Item "-pass arg"
 the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-verify depth\fR" 4
 .IX Item "-verify depth"
 The verify depth to use. This specifies the maximum length of the
@@ -379,11 +387,11 @@ abort the handshake with a fatal error.
 Option which determines how the subject or issuer names are displayed. The
 \&\fBoption\fR argument can be a single option or multiple options separated by
 commas.  Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
 .IP "\fB\-CApath directory\fR" 4
 .IX Item "-CApath directory"
 The directory to use for server certificate verification. This directory
-must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. These are
+must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are
 also used when building the client certificate chain.
 .IP "\fB\-CAfile file\fR" 4
 .IX Item "-CAfile file"
@@ -392,7 +400,7 @@ and to use when attempting to build the client certificate chain.
 .IP "\fB\-chainCApath directory\fR" 4
 .IX Item "-chainCApath directory"
 The directory to use for building the chain provided to the server. This
-directory must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information.
+directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information.
 .IP "\fB\-chainCAfile file\fR" 4
 .IX Item "-chainCAfile file"
 A file containing trusted certificates to use when attempting to build the
@@ -448,7 +456,7 @@ whitespace is ignored in the associated data field.  For example:
 .Ve
 .IP "\fB\-dane_ee_no_namechecks\fR" 4
 .IX Item "-dane_ee_no_namechecks"
-This disables server name checks when authenticating via \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
+This disables server name checks when authenticating via \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
 records.
 For some applications, primarily web browsers, it is not safe to disable name
 checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can
@@ -457,7 +465,7 @@ connection to the malicious server.
 The malicious server may then be able to violate cross-origin scripting
 restrictions.
 Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for
-\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe
+\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe
 to do so.
 In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0
 records already make it possible for a remote domain to redirect client
@@ -466,7 +474,7 @@ do not execute scripts downloaded from remote servers.
 .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
 Set various certificate chain validation options. See the
-\&\fIverify\fR\|(1) manual page for details.
+\&\fBverify\fR\|(1) manual page for details.
 .IP "\fB\-reconnect\fR" 4
 .IX Item "-reconnect"
 Reconnects to the same server 5 times using the same session \s-1ID,\s0 this can
@@ -558,6 +566,13 @@ respectively.
 Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in
 conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only
 available where OpenSSL has support for \s-1SCTP\s0 enabled.
+.IP "\fB\-sctp_label_bug\fR" 4
+.IX Item "-sctp_label_bug"
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only
+available where OpenSSL has support for \s-1SCTP\s0 enabled.
 .IP "\fB\-fallback_scsv\fR" 4
 .IX Item "-fallback_scsv"
 Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello.
@@ -570,7 +585,7 @@ is also used via the \fB\-engine\fR option. For test purposes the dummy async en
 .IP "\fB\-max_send_frag int\fR" 4
 .IX Item "-max_send_frag int"
 The maximum size of data fragment to send.
-See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information.
 .IP "\fB\-split_send_frag int\fR" 4
 .IX Item "-split_send_frag int"
 The size used to split data for encrypt pipelines. If more data is written in
@@ -578,18 +593,18 @@ one go than this value then it will be split into multiple pipelines, up to the
 maximum number of pipelines defined by max_pipelines. This only has an effect if
 a suitable cipher suite has been negotiated, an engine that supports pipelining
 has been loaded, and max_pipelines is greater than 1. See
-\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information.
+\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information.
 .IP "\fB\-max_pipelines int\fR" 4
 .IX Item "-max_pipelines int"
 The maximum number of encrypt/decrypt pipelines to be used. This will only have
 an effect if an engine has been loaded that supports pipelining (e.g. the dasync
 engine) and a suitable cipher suite has been negotiated. The default value is 1.
-See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information.
 .IP "\fB\-read_buf int\fR" 4
 .IX Item "-read_buf int"
 The default read buffer size to be used for connections. This will only have an
 effect if the buffer size is larger than the size that would otherwise be used
-and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for
+and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for
 further information).
 .IP "\fB\-bugs\fR" 4
 .IX Item "-bugs"
@@ -614,7 +629,7 @@ normal verbose output.
 .IX Item "-sigalgs sigalglist"
 Specifies the list of signature algorithms that are sent by the client.
 The server selects one entry in the list based on its preferences.
-For example strings, see \fISSL_CTX_set1_sigalgs\fR\|(3)
+For example strings, see \fBSSL_CTX_set1_sigalgs\fR\|(3)
 .IP "\fB\-curves curvelist\fR" 4
 .IX Item "-curves curvelist"
 Specifies the list of supported curves to be sent by the client. The curve is
@@ -730,7 +745,7 @@ for SCTs.
 .IP "\fB\-ctlogfile\fR" 4
 .IX Item "-ctlogfile"
 A file containing a list of known Certificate Transparency logs. See
-\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format.
+\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format.
 .IP "\fB\-keylogfile file\fR" 4
 .IX Item "-keylogfile file"
 Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs
@@ -831,16 +846,16 @@ The \fB\-prexit\fR option is a bit of a hack. We should really report
 information whenever a session is renegotiated.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_cmd\fR\|(3), \fIsess_id\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1),
-\&\fISSL_CTX_set_max_send_fragment\fR\|(3), \fISSL_CTX_set_split_send_fragment\fR\|(3),
-\&\fISSL_CTX_set_max_pipelines\fR\|(3)
+\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1),
+\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), \fBSSL_CTX_set_split_send_fragment\fR\|(3),
+\&\fBSSL_CTX_set_max_pipelines\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fB\-no_alt_chains\fR option was first added to OpenSSL 1.1.0.
+The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0.
 The \fB\-name\fR option was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index f3fa8ae0e4661..c6c1fe82e1a0b 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH S_SERVER 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -229,6 +233,7 @@ openssl\-s_server, s_server \- SSL/TLS server program
 [\fB\-no_comp\fR]
 [\fB\-comp\fR]
 [\fB\-no_ticket\fR]
+[\fB\-num_tickets\fR]
 [\fB\-serverpref\fR]
 [\fB\-legacy_renegotiation\fR]
 [\fB\-no_renegotiation\fR]
@@ -303,6 +308,7 @@ openssl\-s_server, s_server \- SSL/TLS server program
 [\fB\-dtls1\fR]
 [\fB\-dtls1_2\fR]
 [\fB\-sctp\fR]
+[\fB\-sctp_label_bug\fR]
 [\fB\-no_dhe\fR]
 [\fB\-nextprotoneg val\fR]
 [\fB\-use_srtp val\fR]
@@ -321,7 +327,7 @@ for connections on a given port using \s-1SSL/TLS.\s0
 .IX Header "OPTIONS"
 In addition to the options below the \fBs_server\fR utility also supports the
 common and server only options documented in the
-in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3)
+in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3)
 manual page.
 .IP "\fB\-help\fR" 4
 .IX Item "-help"
@@ -378,7 +384,7 @@ provided to the client.
 Option which determines how the subject or issuer names are displayed. The
 \&\fBval\fR argument can be a single option or multiple options separated by
 commas.  Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
 .IP "\fB\-naccept +int\fR" 4
 .IX Item "-naccept +int"
 The server will exit after receiving the specified number of connections,
@@ -403,7 +409,7 @@ The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
 .IP "\fB\-pass val\fR" 4
 .IX Item "-pass val"
 The private key password source. For more information about the format of \fBval\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-dcert infile\fR, \fB\-dkey infile\fR" 4
 .IX Item "-dcert infile, -dkey infile"
 Specify an additional certificate and private key, these behave in the
@@ -463,12 +469,12 @@ a certificate is requested.
 .IP "\fB\-CApath dir\fR" 4
 .IX Item "-CApath dir"
 The directory to use for client certificate verification. This directory
-must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. These are
+must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are
 also used when building the server certificate chain.
 .IP "\fB\-chainCApath dir\fR" 4
 .IX Item "-chainCApath dir"
 The directory to use for building the chain provided to the client. This
-directory must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information.
+directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information.
 .IP "\fB\-chainCAfile file\fR" 4
 .IX Item "-chainCAfile file"
 A file containing trusted certificates to use when attempting to build the
@@ -573,7 +579,7 @@ is also used via the \fB\-engine\fR option. For test purposes the dummy async en
 .IP "\fB\-max_send_frag +int\fR" 4
 .IX Item "-max_send_frag +int"
 The maximum size of data fragment to send.
-See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information.
 .IP "\fB\-split_send_frag +int\fR" 4
 .IX Item "-split_send_frag +int"
 The size used to split data for encrypt pipelines. If more data is written in
@@ -581,18 +587,18 @@ one go than this value then it will be split into multiple pipelines, up to the
 maximum number of pipelines defined by max_pipelines. This only has an effect if
 a suitable cipher suite has been negotiated, an engine that supports pipelining
 has been loaded, and max_pipelines is greater than 1. See
-\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information.
+\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information.
 .IP "\fB\-max_pipelines +int\fR" 4
 .IX Item "-max_pipelines +int"
 The maximum number of encrypt/decrypt pipelines to be used. This will only have
 an effect if an engine has been loaded that supports pipelining (e.g. the dasync
 engine) and a suitable cipher suite has been negotiated. The default value is 1.
-See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information.
 .IP "\fB\-read_buf +int\fR" 4
 .IX Item "-read_buf +int"
 The default read buffer size to be used for connections. This will only have an
 effect if the buffer size is larger than the size that would otherwise be used
-and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for
+and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for
 further information).
 .IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4
 .IX Item "-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3"
@@ -620,7 +626,13 @@ This option was introduced in OpenSSL 1.1.0.
 OpenSSL 1.1.0.
 .IP "\fB\-no_ticket\fR" 4
 .IX Item "-no_ticket"
-Disable RFC4507bis session ticket support.
+Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
+is negotiated. See \fB\-num_tickets\fR.
+.IP "\fB\-num_tickets\fR" 4
+.IX Item "-num_tickets"
+Control the number of tickets that will be sent to the client after a full
+handshake in TLSv1.3. The default number of tickets is 2. This option does not
+affect the number of tickets sent after a resumption handshake.
 .IP "\fB\-serverpref\fR" 4
 .IX Item "-serverpref"
 Use the server's cipher preferences, rather than the client's preferences.
@@ -669,7 +681,7 @@ program will be used.
 .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
 Set different peer certificate verification options.
-See the \fIverify\fR\|(1) manual page for details.
+See the \fBverify\fR\|(1) manual page for details.
 .IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
 .IX Item "-crl_check, -crl_check_all"
 Check the peer certificate has not been revoked by its \s-1CA.\s0
@@ -716,6 +728,13 @@ respectively.
 Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in
 conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only
 available where OpenSSL has support for \s-1SCTP\s0 enabled.
+.IP "\fB\-sctp_label_bug\fR" 4
+.IX Item "-sctp_label_bug"
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only
+available where OpenSSL has support for \s-1SCTP\s0 enabled.
 .IP "\fB\-no_dhe\fR" 4
 .IX Item "-no_dhe"
 If this option is set then no \s-1DH\s0 parameters will be loaded effectively
@@ -829,19 +848,19 @@ There should be a way for the \fBs_server\fR program to print out details of any
 unknown cipher suites a client says it supports.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fISSL_CONF_cmd\fR\|(3), \fIsess_id\fR\|(1), \fIs_client\fR\|(1), \fIciphers\fR\|(1)
-\&\fISSL_CTX_set_max_send_fragment\fR\|(3),
-\&\fISSL_CTX_set_split_send_fragment\fR\|(3),
-\&\fISSL_CTX_set_max_pipelines\fR\|(3)
+\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_client\fR\|(1), \fBciphers\fR\|(1)
+\&\fBSSL_CTX_set_max_send_fragment\fR\|(3),
+\&\fBSSL_CTX_set_split_send_fragment\fR\|(3),
+\&\fBSSL_CTX_set_max_pipelines\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \-no_alt_chains option was first added to OpenSSL 1.1.0.
+The \-no_alt_chains option was added in OpenSSL 1.1.0.
 .PP
-The \-allow\-no\-dhe\-kex and \-prioritize_chacha options were first added to
-OpenSSL 1.1.1.
+The
+\&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index 0439fe218f68e..d833e4435b8b4 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "S_TIME 1"
-.TH S_TIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH S_TIME 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -198,7 +202,7 @@ will never fail due to a server certificate verify failure.
 Option which determines how the subject or issuer names are displayed. The
 \&\fBoption\fR argument can be a single option or multiple options separated by
 commas.  Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
 .IP "\fB\-CApath directory\fR" 4
 .IX Item "-CApath directory"
 The directory to use for server certificate verification. This directory
@@ -231,7 +235,7 @@ the initial handshake uses a method which should be compatible with all
 servers and permit them to use \s-1SSL\s0 v3 or \s-1TLS\s0 as appropriate.
 .Sp
 The timing program is not as rich in options to turn protocols on and off as
-the \fIs_client\fR\|(1) program and may not connect to all servers.
+the \fBs_client\fR\|(1) program and may not connect to all servers.
 Unfortunately there are a lot of ancient and broken servers in use which
 cannot handle this technique and will fail to connect. Some servers only
 work if \s-1TLS\s0 is turned off with the \fB\-ssl3\fR option.
@@ -248,14 +252,14 @@ This allows the TLSv1.2 and below cipher list sent by the client to be modified.
 This list will be combined with any TLSv1.3 ciphersuites that have been
 configured. Although the server determines which cipher suite is used it should
 take the first supported cipher in the list sent by the client. See
-\&\fIciphers\fR\|(1) for more information.
+\&\fBciphers\fR\|(1) for more information.
 .IP "\fB\-ciphersuites val\fR" 4
 .IX Item "-ciphersuites val"
 This allows the TLSv1.3 ciphersuites sent by the client to be modified. This
 list will be combined with any TLSv1.2 and below ciphersuites that have been
 configured. Although the server determines which cipher suite is used it should
 take the first supported cipher in the list sent by the client. See
-\&\fIciphers\fR\|(1) for more information. The format for this list is a simple
+\&\fBciphers\fR\|(1) for more information. The format for this list is a simple
 colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names.
 .IP "\fB\-time length\fR" 4
 .IX Item "-time length"
@@ -272,7 +276,7 @@ To connect to an \s-1SSL HTTP\s0 server and get the default page the command
 .Ve
 .PP
 would typically be used (https uses port 443). 'commoncipher' is a cipher to
-which both client and server can agree, see the \fIciphers\fR\|(1) command
+which both client and server can agree, see the \fBciphers\fR\|(1) command
 for details.
 .PP
 If the handshake fails then there are several possible causes, if it is
@@ -285,10 +289,10 @@ A frequent problem when attempting to get client certificates working
 is that a web client complains it has no certificates or gives an empty
 list to choose from. This is normally because the server is not sending
 the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it
-requests a certificate. By using \fIs_client\fR\|(1) the \s-1CA\s0 list can be
+requests a certificate. By using \fBs_client\fR\|(1) the \s-1CA\s0 list can be
 viewed and checked. However some servers only request client authentication
 after a specific \s-1URL\s0 is requested. To obtain the list in this case it
-is necessary to use the \fB\-prexit\fR option of \fIs_client\fR\|(1) and
+is necessary to use the \fB\-prexit\fR option of \fBs_client\fR\|(1) and
 send an \s-1HTTP\s0 request for an appropriate page.
 .PP
 If a certificate is specified on the command line using the \fB\-cert\fR
@@ -298,14 +302,14 @@ on the command line is no guarantee that the certificate works.
 .SH "BUGS"
 .IX Header "BUGS"
 Because this program does not have all the options of the
-\&\fIs_client\fR\|(1) program to turn protocols on and off, you may not be
+\&\fBs_client\fR\|(1) program to turn protocols on and off, you may not be
 able to measure the performance of all protocols with all servers.
 .PP
 The \fB\-verify\fR option should really exit if the server verification
 fails.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1)
+\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index dac71229957c3..22dc0382b521c 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SESS_ID 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -257,7 +261,7 @@ strongly discouraged and should only be used for debugging purposes.
 The cipher and start time should be printed out in human readable form.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIciphers\fR\|(1), \fIs_server\fR\|(1)
+\&\fBciphers\fR\|(1), \fBs_server\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index d200e89e52a94..c87a67a414f4f 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME 1"
-.TH SMIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SMIME 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -312,7 +316,7 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
 .IX Item "-cipher"
 The encryption algorithm to use. For example \s-1DES\s0  (56 bits) \- \fB\-des\fR,
 triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR,
-\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
+\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
 example \fB\-aes\-128\-cbc\fR. See \fBenc\fR for list of ciphers
 supported by your version of OpenSSL.
 .Sp
@@ -387,7 +391,7 @@ specified, the argument is given to the engine as a key identifier.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-rand file...\fR" 4
 .IX Item "-rand file..."
 A file or files containing random data used to seed the random number
@@ -412,7 +416,7 @@ address matches that specified in the From: address.
 .IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
 .IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
 Set various options of certificate chain verification. See
-\&\fIverify\fR\|(1) manual page for details.
+\&\fBverify\fR\|(1) manual page for details.
 .SH "NOTES"
 .IX Header "NOTES"
 The \s-1MIME\s0 message must be sent without any blank lines between the
@@ -602,7 +606,7 @@ structures may cause parsing errors.
 The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first
 added in OpenSSL 1.0.0
 .PP
-The \-no_alt_chains options was first added to OpenSSL 1.1.0.
+The \-no_alt_chains option was added in OpenSSL 1.1.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index 1b556805bd00c..6497cb985c86e 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SPEED 1"
-.TH SPEED 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SPEED 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index 99cb3e60b390a..a3fdc0896b48d 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SPKAC 1"
-.TH SPKAC 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SPKAC 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -182,7 +186,7 @@ The default is \s-1PEM.\s0
 .IP "\fB\-passin password\fR" 4
 .IX Item "-passin password"
 The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-challenge string\fR" 4
 .IX Item "-challenge string"
 Specifies the challenge string if an \s-1SPKAC\s0 is being created.
@@ -259,7 +263,7 @@ some applications. Without this it is possible for a previous \s-1SPKAC\s0
 to be used in a \*(L"replay attack\*(R".
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIca\fR\|(1)
+\&\fBca\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/srp.1 b/secure/usr.bin/openssl/man/srp.1
index 109ca21f10158..666e7aab0a023 100644
--- a/secure/usr.bin/openssl/man/srp.1
+++ b/secure/usr.bin/openssl/man/srp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SRP 1"
-.TH SRP 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SRP 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -175,7 +179,7 @@ The \fB\-gn\fR flag specifies the \fBg\fR and \fBN\fR values, using one of
 the strengths defined in \s-1IETF RFC 5054.\s0
 .PP
 The \fB\-passin\fR and \fB\-passout\fR arguments are parsed as described in
-the \fIopenssl\fR\|(1) command.
+the \fBopenssl\fR\|(1) command.
 .SH "OPTIONS"
 .IX Header "OPTIONS"
 .IP "[\fB\-help\fR]" 4
diff --git a/secure/usr.bin/openssl/man/storeutl.1 b/secure/usr.bin/openssl/man/storeutl.1
index b09f3f4732973..742dd9c9ee0cc 100644
--- a/secure/usr.bin/openssl/man/storeutl.1
+++ b/secure/usr.bin/openssl/man/storeutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "STOREUTL 1"
-.TH STOREUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH STOREUTL 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -175,7 +179,7 @@ this option prevents output of the \s-1PEM\s0 data.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 the key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-text\fR" 4
 .IX Item "-text"
 Prints out the objects in text form, similarly to the \fB\-text\fR output from
@@ -231,10 +235,10 @@ Search for an object having the given fingerprint.
 The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIopenssl\fR\|(1)
+\&\fBopenssl\fR\|(1)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fBopenssl\fR \fBstoreutl\fR was added to OpenSSL 1.1.1.
+The \fBopenssl\fR \fBstoreutl\fR app was added in OpenSSL 1.1.1.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 43ad019c72901..52c3242e1e755 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "TS 1"
-.TH TS 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH TS 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -264,7 +268,7 @@ This can be used with a subsequent \fB\-rand\fR flag.
 .IX Item "-config configfile"
 The configuration file to use.
 Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
 .IP "\fB\-data\fR file_to_hash" 4
 .IX Item "-data file_to_hash"
 The data file for which the time stamp request needs to be
@@ -325,7 +329,7 @@ otherwise it is a time stamp token (ContentInfo).
 .IX Item "-config configfile"
 The configuration file to use.
 Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
 See \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for configurable variables.
 .IP "\fB\-section\fR tsa_section" 4
 .IX Item "-section tsa_section"
@@ -338,7 +342,7 @@ The name of the file containing a \s-1DER\s0 encoded time stamp request. (Option
 .IP "\fB\-passin\fR password_src" 4
 .IX Item "-passin password_src"
 Specifies the password source for the private key of the \s-1TSA.\s0 See
-\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
+\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fBopenssl\fR\|(1). (Optional)
 .IP "\fB\-signer\fR tsa_cert.pem" 4
 .IX Item "-signer tsa_cert.pem"
 The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing
@@ -435,13 +439,13 @@ of a time stamp response (TimeStampResp). (Optional)
 .IP "\fB\-CApath\fR trusted_cert_path" 4
 .IX Item "-CApath trusted_cert_path"
 The name of the directory containing the trusted \s-1CA\s0 certificates of the
-client. See the similar option of \fIverify\fR\|(1) for additional
+client. See the similar option of \fBverify\fR\|(1) for additional
 details. Either this option or \fB\-CAfile\fR must be specified. (Optional)
 .IP "\fB\-CAfile\fR trusted_certs.pem" 4
 .IX Item "-CAfile trusted_certs.pem"
 The name of the file containing a set of trusted self-signed \s-1CA\s0
 certificates in \s-1PEM\s0 format. See the similar option of
-\&\fIverify\fR\|(1) for additional details. Either this option
+\&\fBverify\fR\|(1) for additional details. Either this option
 or \fB\-CApath\fR must be specified.
 (Optional)
 .IP "\fB\-untrusted\fR cert_file.pem" 4
@@ -461,11 +465,11 @@ The options \fB\-attime timestamp\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR,
 \&\fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR,
 \&\fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR,
 \&\fB\-verify_name\fR, and \fB\-x509_strict\fR can be used to control timestamp
-verification.  See \fIverify\fR\|(1).
+verification.  See \fBverify\fR\|(1).
 .SH "CONFIGURATION FILE OPTIONS"
 .IX Header "CONFIGURATION FILE OPTIONS"
 The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file.
-See \fIconfig\fR\|(5)
+See \fBconfig\fR\|(5)
 for a general description of the syntax of the config file. The
 \&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section
 and it can work without it. However, the \fB\-reply\fR command needs the
@@ -480,13 +484,13 @@ that contains all the options for the \fB\-reply\fR command. This default
 section can be overridden with the \fB\-section\fR command line switch. (Optional)
 .IP "\fBoid_file\fR" 4
 .IX Item "oid_file"
-See \fIca\fR\|(1) for description. (Optional)
+See \fBca\fR\|(1) for description. (Optional)
 .IP "\fBoid_section\fR" 4
 .IX Item "oid_section"
-See \fIca\fR\|(1) for description. (Optional)
+See \fBca\fR\|(1) for description. (Optional)
 .IP "\fB\s-1RANDFILE\s0\fR" 4
 .IX Item "RANDFILE"
-See \fIca\fR\|(1) for description. (Optional)
+See \fBca\fR\|(1) for description. (Optional)
 .IP "\fBserial\fR" 4
 .IX Item "serial"
 The name of the file containing the hexadecimal serial number of the
@@ -613,7 +617,7 @@ user certificate section of the config file to generate a proper certificate;
 \&   extendedKeyUsage = critical,timeStamping
 .Ve
 .PP
-See \fIreq\fR\|(1), \fIca\fR\|(1), and \fIx509\fR\|(1) for instructions. The examples
+See \fBreq\fR\|(1), \fBca\fR\|(1), and \fBx509\fR\|(1) for instructions. The examples
 below assume that cacert.pem contains the certificate of the \s-1CA,\s0
 tsacert.pem is the signing certificate issued by cacert.pem and
 tsakey.pem is the private key of the \s-1TSA.\s0
@@ -690,14 +694,14 @@ You could also look at the 'test' directory for more examples.
 .IX Header "BUGS"
 .IP "\(bu" 2
 No support for time stamps over \s-1SMTP,\s0 though it is quite easy
-to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1)
-and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
+to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1)
+and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
 a separate apache module. \s-1HTTP\s0 client support is provided by
-\&\fItsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported.
+\&\fBtsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported.
 .IP "\(bu" 2
 The file containing the last serial number of the \s-1TSA\s0 is not
 locked when being read or written. This is a problem if more than one
-instance of \fIopenssl\fR\|(1) is trying to create a time stamp
+instance of \fBopenssl\fR\|(1) is trying to create a time stamp
 response at the same time. This is not an issue when using the apache
 server module, it does proper locking.
 .IP "\(bu" 2
@@ -709,9 +713,9 @@ More testing is needed, I have done only some basic tests (see
 test/testtsa).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fItsget\fR\|(1), \fIopenssl\fR\|(1), \fIreq\fR\|(1),
-\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIconfig\fR\|(5)
+\&\fBtsget\fR\|(1), \fBopenssl\fR\|(1), \fBreq\fR\|(1),
+\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBconfig\fR\|(5)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1
index 9dc722411cb03..b52398b6521e1 100644
--- a/secure/usr.bin/openssl/man/tsget.1
+++ b/secure/usr.bin/openssl/man/tsget.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "TSGET 1"
-.TH TSGET 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH TSGET 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -157,7 +161,7 @@ openssl\-tsget, tsget \- Time Stamping HTTP/HTTPS client
 The \fBtsget\fR command can be used for sending a time stamp request, as
 specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing
 the time stamp response in a file. This tool cannot be used for creating the
-requests and verifying responses, you can use the OpenSSL \fB\f(BIts\fB\|(1)\fR command to
+requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to
 do that. \fBtsget\fR can send several requests to the server without closing
 the \s-1TCP\s0 connection if more than one requests are specified on the command
 line.
@@ -309,7 +313,7 @@ example:
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIopenssl\fR\|(1), \fIts\fR\|(1), \fIcurl\fR\|(1),
+\&\fBopenssl\fR\|(1), \fBts\fR\|(1), \fBcurl\fR\|(1),
 \&\fB\s-1RFC 3161\s0\fR
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index 92d18ae51430b..57e1c6f3c8cbe 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VERIFY 1"
-.TH VERIFY 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH VERIFY 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -238,7 +242,7 @@ Checks the validity of \fBall\fR certificates in the chain by attempting
 to look up valid CRLs.
 .IP "\fB\-engine id\fR" 4
 .IX Item "-engine id"
-Specifying an engine \fBid\fR will cause \fIverify\fR\|(1) to attempt to load the
+Specifying an engine \fBid\fR will cause \fBverify\fR\|(1) to attempt to load the
 specified engine.
 The engine will then be set as the default for all its supported algorithms.
 If you want to load certificates or CRLs that require engine support via any of
@@ -267,7 +271,7 @@ Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0).
 Option which determines how the subject or issuer names are displayed. The
 \&\fBoption\fR argument can be a single option or multiple options separated by
 commas.  Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
 .IP "\fB\-no_check_time\fR" 4
 .IX Item "-no_check_time"
 This option suppresses checking the validity period of certificates and CRLs
@@ -354,7 +358,7 @@ must meet the specified security \fBlevel\fR.
 The signature algorithm security level is enforced for all the certificates in
 the chain except for the chain's \fItrust anchor\fR, which is either directly
 trusted or validated by means other than its signature.
-See \fISSL_CTX_set_security_level\fR\|(3) for the definitions of the available
+See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available
 levels.
 The default security level is \-1, or \*(L"not set\*(R".
 At security level 0 or lower all algorithms are acceptable.
@@ -385,7 +389,7 @@ Use default verification policies like trust model and required certificate
 policies identified by \fBname\fR.
 The trust model determines which auxiliary trust or reject OIDs are applicable
 to verifying the given certificate chain.
-See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fIx509\fR\|(1) command-line
+See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fBx509\fR\|(1) command-line
 utility.
 Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR,
 \&\fBssl_client\fR, \fBssl_server\fR.
@@ -710,7 +714,7 @@ Email address mismatch.
 .IX Item "X509_V_ERR_DANE_NO_MATCH"
 \&\s-1DANE TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the
 certificate chain.
-This error is only possible in \fIs_client\fR\|(1).
+This error is only possible in \fBs_client\fR\|(1).
 .IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL\fR" 4
 .IX Item "X509_V_ERR_EE_KEY_TOO_SMALL"
 \&\s-1EE\s0 certificate key too weak.
@@ -759,10 +763,10 @@ Previous versions of this documentation swapped the meaning of the
 \&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIx509\fR\|(1)
+\&\fBx509\fR\|(1)
 .SH "HISTORY"
 .IX Header "HISTORY"
-The \fB\-show_chain\fR option was first added to OpenSSL 1.1.0.
+The \fB\-show_chain\fR option was added in OpenSSL 1.1.0.
 .PP
 The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and
 is silently ignored.
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
index 7b4cb41e37019..9b7e37d092a8e 100644
--- a/secure/usr.bin/openssl/man/version.1
+++ b/secure/usr.bin/openssl/man/version.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VERSION 1"
-.TH VERSION 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH VERSION 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index c7a8c229929f0..dec95bccb1cff 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509 1"
-.TH X509 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509 1 "2019-02-26" "1.1.1b" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -273,7 +277,7 @@ any extensions present and any trust settings.
 .IX Item "-ext extensions"
 Prints out the certificate extensions in text form. Extensions are specified
 with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R".
-See the \fIx509v3_config\fR\|(5) manual page for the extension names.
+See the \fBx509v3_config\fR\|(5) manual page for the extension names.
 .IP "\fB\-certopt option\fR" 4
 .IX Item "-certopt option"
 Customise the output format used with \fB\-text\fR. The \fBoption\fR argument
@@ -282,7 +286,7 @@ can be a single option or multiple options separated by commas. The
 options. See the \fB\s-1TEXT OPTIONS\s0\fR section for more information.
 .IP "\fB\-noout\fR" 4
 .IX Item "-noout"
-This option prevents output of the encoded version of the request.
+This option prevents output of the encoded version of the certificate.
 .IP "\fB\-pubkey\fR" 4
 .IX Item "-pubkey"
 Outputs the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format.
@@ -437,7 +441,7 @@ the request.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 The key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
 .IP "\fB\-clrext\fR" 4
 .IX Item "-clrext"
 Delete any extensions from a certificate. This option is used when a
@@ -511,7 +515,7 @@ The section to add certificate extensions from. If this option is not
 specified then the extensions should either be contained in the unnamed
 (default) section or the default section should contain a variable called
 \&\*(L"extensions\*(R" which contains the section to use. See the
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
 extension section format.
 .IP "\fB\-force_pubkey key\fR" 4
 .IX Item "-force_pubkey key"
@@ -925,9 +929,9 @@ There should be options to explicitly set such things as start and end
 dates rather than an offset from the current time.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1), \fIverify\fR\|(1),
-\&\fIx509v3_config\fR\|(5)
+\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1), \fBverify\fR\|(1),
+\&\fBx509v3_config\fR\|(5)
 .SH "HISTORY"
 .IX Header "HISTORY"
 The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options
@@ -937,7 +941,7 @@ canonical version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any direct
 the old form must have their links rebuilt using \fBc_rehash\fR or similar.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy