Add missing 'RETURN VALUES' sections in doc

All missing sections are added.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4976)

doc/man3/ASN1_STRING_length.pod

@@ -77,13 +77,33 @@ character in big endian format, UTF8String will be in UTF8 format.
 Similar care should be take to ensure the data is in the correct format
 when calling ASN1_STRING_set().
 
+=head1 RETURN VALUES
+
+ASN1_STRING_length() returns the length of the content of B<x>.
+
+ASN1_STRING_get0_data() and ASN1_STRING_data() return an internal pointer to
+the data of B<x>.
+
+ASN1_STRING_dup() returns a valid B<ASN1_STRING> structure or B<NULL> if an
+error occurred.
+
+ASN1_STRING_cmp() returns an integer greater than, equal to, or less than 0,
+according to whether B<a> is greater than, equal to, or less than B<b>.
+
+ASN1_STRING_set() returns 1 on success or 0 on error.
+
+ASN1_STRING_type() returns the type of B<x>.
+
+ASN1_STRING_to_UTF8() returns the number of bytes in output string B<out> or a
+negative value if an error occurred.
+
 =head1 SEE ALSO
 
 L<ERR_get_error(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ASN1_STRING_print_ex.pod

@@ -89,6 +89,15 @@ equivalent to:
  ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
  ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER
 
+=head1 RETURN VALUES
+
+ASN1_STRING_print_ex() and ASN1_STRING_print_ex_fp() return the number of
+characters written or -1 if an error occurred.
+
+ASN1_STRING_print() returns 1 on success or 0 on error.
+
+ASN1_tag2str() returns a human-readable name of the specified ASN.1 B<tag>.
+
 =head1 SEE ALSO
 
 L<X509_NAME_print_ex(3)>,

doc/man3/BIO_f_ssl.pod

@@ -271,6 +271,22 @@ a client and also echoes the request to standard output.
  BIO_flush(sbio);
  BIO_free_all(sbio);
 
+=head1 RETURN VALUES
+
+BIO_f_ssl() returns the SSL B<BIO_METHOD> structure.
+
+BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(),
+BIO_set_ssl_renegotiate_timeout() and BIO_get_num_renegotiates() return 1 on
+success or a value which is less than or equal to 0 if an error occurred.
+
+BIO_new_ssl(), BIO_new_ssl_connect() and BIO_new_buffer_ssl_connect() return
+a valid B<BIO> structure on success or B<NULL> if an error occurred.
+
+BIO_ssl_copy_session_id() returns 1 on success or 0 on error.
+
+BIO_do_handshake() returns 1 if the connection was established successfully.
+A zero or negative value is returned if the connection could not be established.
+
 =head1 HISTORY
 
 In OpenSSL before 1.0.0 the BIO_pop() call was handled incorrectly,
@@ -282,7 +298,7 @@ be modified to handle this fix or they may free up an already freed BIO.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_get_ex_new_index.pod

@@ -48,6 +48,14 @@ an offset into the opaque exdata part of the TYPE object.
 TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with
 an offset into the opaque exdata part of the TYPE object.
 
+=head1 RETURN VALUES
+
+TYPE_get_new_ex_index() returns a new index on success or -1 on error.
+
+TYPE_set_ex_data() returns 1 on success or 0 on error.
+
+TYPE_get_ex_data() returns the application data or NULL if an error occurred.
+
 =head1 SEE ALSO
 
 L<CRYPTO_get_ex_new_index(3)>.

doc/man3/BIO_meth_new.pod

@@ -133,6 +133,17 @@ the L<BIO_callback_ctrl(3)> page for more information. This function will be cal
 in response to the application calling BIO_callback_ctrl(). The parameters for
 the function have the same meaning as for BIO_callback_ctrl().
 
+=head1 RETURN VALUES
+
+BIO_get_new_index() returns the new BIO type value or -1 if an error occurred.
+
+BIO_meth_new(int type, const char *name) returns a valid B<BIO_METHOD> or NULL
+if an error occurred.
+
+The B<BIO_meth_set> functions return 1 on success or 0 on error.
+
+The B<BIO_meth_get> functions return the corresponding function pointers.
+
 =head1 SEE ALSO
 
 L<bio>, L<BIO_find_type>, L<BIO_ctrl>, L<BIO_read_ex>, L<BIO_new>

doc/man3/BIO_parse_hostserv.pod

@@ -58,13 +58,17 @@ and B<hostserv_prio>, as follows:
  when hostserv_prio == BIO_PARSE_PRIO_SERV
  service              => *host untouched, *service = "service"
 
+=head1 RETURN VALUES
+
+BIO_parse_hostserv() returns 1 on success or 0 on error.
+
 =head1 SEE ALSO
 
 L<BIO_ADDRINFO(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_s_mem.pod

@@ -22,7 +22,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
 
 =head1 DESCRIPTION
 
-BIO_s_mem() return the memory BIO method function.
+BIO_s_mem() returns the memory BIO method function.
 
 A memory BIO is a source/sink BIO which uses memory for its I/O. Data
 written to a memory BIO is stored in a BUF_MEM structure which is extended
@@ -113,9 +113,18 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
  BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
  BIO_free(mem);
 
+=head1 RETURN VALUES
+
+BIO_s_mem() and BIO_s_secmem() return a valid memory B<BIO_METHOD> structure.
+
+BIO_set_mem_eof_return(), BIO_get_mem_data(), BIO_set_mem_buf() and BIO_get_mem_ptr()
+return 1 on success or a value which is less than or equal to 0 if an error occurred.
+
+BIO_new_mem_buf() returns a valid B<BIO> structure on success or NULL on error.
+
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_set_callback.pod

@@ -212,9 +212,21 @@ after.
 The BIO_debug_callback() function is a good example, its source is
 in crypto/bio/bio_cb.c
 
+=head1 RETURN VALUES
+
+BIO_get_callback_ex() and BIO_get_callback() return the callback function
+previously set by a call to BIO_set_callback_ex() and BIO_set_callback()
+respectively.
+
+BIO_get_callback_arg() returns a B<char> pointer to the value previously set
+via a call to BIO_set_callback_arg().
+
+BIO_debug_callback() returns 1 or B<ret> if it's called after specific BIO
+operations.
+
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_should_retry.pod

@@ -111,6 +111,19 @@ that is they cannot retry after a partial read or write. This is usually
 worked around by only passing the relevant data to ASN1 functions when
 the entire structure can be read or written.
 
+=head1 RETURN VALUES
+
+BIO_should_read(), BIO_should_write(), BIO_should_io_special(), and
+BIO_should_retry() return either 1 or 0 based on the actual conditions
+of the B<BIO>.
+
+BIO_retry_type() returns a flag combination presenting the cause of a retry
+condition or false if there is no retry condition.
+
+BIO_get_retry_BIO() returns a valid B<BIO> structure.
+
+BIO_get_retry_reason() returns the reason for a special condition.
+
 =head1 SEE ALSO
 
 L<bio>
@@ -122,7 +135,7 @@ OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BN_swap.pod

@@ -14,6 +14,10 @@ BN_swap - exchange BIGNUMs
 
 BN_swap() exchanges the values of I<a> and I<b>.
 
+=head1 RETURN VALUES
+
+BN_swap() does not return a value.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

doc/man3/CONF_modules_free.pod

@@ -32,7 +32,7 @@ CONF_modules_unload() finishes and unloads configuration modules. If
 B<all> is set to B<0> only modules loaded from DSOs will be unloads. If
 B<all> is B<1> all modules, including builtin modules will be unloaded.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 None of the functions return a value.
 
@@ -48,7 +48,7 @@ For more information see L<OPENSSL_init_crypto(3)>.
 
 =head1 COPYRIGHT
 
-Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DES_random_key.pod

@@ -243,6 +243,9 @@ third parameter.  This mostly emulates the normal non-thread-safe semantics
 of crypt(3).
 The B<salt> must be two ASCII characters.
 
+The values returned by DES_fcrypt() and DES_crypt() are terminated by NUL
+character.
+
 DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
 buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
 using I<sched> for the key and I<iv> as a starting vector.  The actual
@@ -282,6 +285,17 @@ functions directly.
 Single-key DES is insecure due to its short key size.  ECB mode is
 not suitable for most applications; see L<des_modes(7)>.
 
+=head1 RETURN VALUES
+
+DES_set_key(), DES_key_sched(), DES_set_key_checked() and DES_is_weak_key()
+return 0 on success or negative values on error.
+
+DES_cbc_cksum() and DES_quad_cksum() return 4-byte integer representing the
+last 4 bytes of the checksum of the input.
+
+DES_fcrypt() returns a pointer to the caller-provided buffer and DES_crypt() -
+to a static buffer on success; otherwise they return NULL.
+
 =head1 HISTORY
 
 The requirement that the B<salt> parameter to DES_crypt() and DES_fcrypt()
@@ -297,7 +311,7 @@ L<EVP_EncryptInit(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DH_size.pod

@@ -28,7 +28,7 @@ B<dh> and B<dh-E<gt>p> must not be B<NULL>.
 DH_security_bits() returns the number of security bits of the given B<dh>
 key. See L<BN_security_bits(3)>.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 DH_size() returns the prime size of Diffie-Hellman in bytes.
 

doc/man3/DSA_dup_DH.pod

@@ -16,7 +16,7 @@ DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
 is lost during that conversion, but the resulting DH parameters
 contain its length.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
 error codes can be obtained by L<ERR_get_error(3)>.
@@ -31,7 +31,7 @@ L<DH_new(3)>, L<DSA_new(3)>, L<ERR_get_error(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DSA_generate_key.pod

@@ -17,7 +17,7 @@ a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
 
 The PRNG must be seeded prior to calling DSA_generate_key().
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 DSA_generate_key() returns 1 on success, 0 otherwise.
 The error codes can be obtained by L<ERR_get_error(3)>.
@@ -29,7 +29,7 @@ L<DSA_generate_parameters_ex(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DSA_generate_parameters.pod

@@ -92,7 +92,7 @@ When the generator has been found, B<BN_GENCB_call(cb, 3, 1)> is called.
 
 =back
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise.
 The error codes can be obtained by L<ERR_get_error(3)>.
@@ -116,7 +116,7 @@ DSA_generate_parameters_ex() instead.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DSA_size.pod

@@ -26,7 +26,7 @@ of bits in the B<p> parameter.
 DSA_security_bits() returns the number of security bits of the given B<dsa>
 key. See L<BN_security_bits(3)>.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 DSA_size() returns the signature size in bytes.
 

doc/man3/ENGINE_add.pod

@@ -571,6 +571,78 @@ The path to the engines directory.
 
 =back
 
+=head1 RETURN VALUES
+
+ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next() and ENGINE_get_prev()
+return a valid B<ENGINE> structure or NULL if an error occurred.
+
+ENGINE_add() and ENGINE_remove() return 1 on success or 0 on error.
+
+ENGINE_by_id() returns a valid B<ENGINE> structure or NULL if an error occurred.
+
+ENGINE_init() and ENGINE_finish() return 1 on success or 0 on error.
+
+All ENGINE_get_default_TYPE() functions, ENGINE_get_cipher_engine() and
+ENGINE_get_digest_engine() return a valid B<ENGINE> structure on success or NULL
+if an error occurred.
+
+All ENGINE_set_default_TYPE() functions return 1 on success or 0 on error.
+
+ENGINE_set_default() returns 1 on success or 0 on error.
+
+ENGINE_get_table_flags() returns an unsigned integer value representing the
+global table flags which are used to control the registration behaviour of
+B<ENGINE> implementations.
+
+All ENGINE_register_TYPE() functions return 1 on success or 0 on error.
+
+ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success
+or 0 on error.
+
+ENGINE_ctrl() returns a positive value on success or others on error.
+
+ENGINE_cmd_is_executable() returns 1 if B<cmd> is executable or 0 otherwise.
+
+ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error.
+
+ENGINE_new() returns a valid B<ENGINE> structure on success or NULL if an error
+occurred.
+
+ENGINE_free() returns 1 on success or 0 on error.
+
+ENGINE_up_ref() returns 1 on success or 0 on error.
+
+ENGINE_set_id() and ENGINE_set_name() return 1 on success or 0 on error.
+
+All other B<ENGINE_set_*> functions return 1 on success or 0 on error.
+
+ENGINE_get_id() and ENGINE_get_name() return a string representing the identifier
+and the name of the ENGINE B<e> respectively.
+
+ENGINE_get_RSA(), ENGINE_get_DSA(), ENGINE_get_DH() and ENGINE_get_RAND()
+return corresponding method structures for each algorithms.
+
+ENGINE_get_destroy_function(), ENGINE_get_init_function(),
+ENGINE_get_finish_function(), ENGINE_get_ctrl_function(),
+ENGINE_get_load_privkey_function(), ENGINE_get_load_pubkey_function(),
+ENGINE_get_ciphers() and ENGINE_get_digests() return corresponding function
+pointers of the callbacks.
+
+ENGINE_get_cipher() returns a valid B<EVP_CIPHER> structure on success or NULL
+if an error occurred.
+
+ENGINE_get_digest() returns a valid B<EVP_MD> structure on success or NULL if an
+error occurred.
+
+ENGINE_get_flags() returns an integer representing the ENGINE flags which are
+used to control various behaviours of an ENGINE.
+
+ENGINE_get_cmd_defns() returns an B<ENGINE_CMD_DEFN> structure or NULL if it's
+not set.
+
+ENGINE_load_private_key() and ENGINE_load_public_key() return a valid B<EVP_PKEY>
+structure on success or NULL if an error occurred.
+
 =head1 SEE ALSO
 
 L<OPENSSL_init_crypto(3)>, L<RSA_new_method(3)>, L<DSA_new(3)>, L<DH_new(3)>,

doc/man3/ERR_load_strings.pod

@@ -36,7 +36,7 @@ The last entry in the array is {0,0}.
 ERR_get_next_error_library() can be used to assign library numbers
 to user libraries at runtime.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 ERR_load_strings() returns no value. ERR_PACK() return the error code.
 ERR_get_next_error_library() returns zero on failure, otherwise a new

doc/man3/ERR_remove_state.pod

@@ -23,7 +23,7 @@ thread, identified by B<tid>.
 ERR_remove_thread_state() does the same thing, except the identifier is
 an opaque pointer.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 ERR_remove_state() and ERR_remove_thread_state() return no value.
 

doc/man3/OPENSSL_VERSION_NUMBER.pod

@@ -86,9 +86,11 @@ if available or "ENGINESDIR: N/A" otherwise.
 
 For an unknown B<t>, the text "not available" is returned.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
-The version number.
+OpenSSL_version_num() returns the version number.
+
+OpenSSL_version() returns requested version strings.
 
 =head1 SEE ALSO
 
@@ -96,7 +98,7 @@ L<crypto(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OPENSSL_fork_prepare.pod

@@ -38,6 +38,11 @@ be called before a fork() is done.  After the fork() returns, the parent
 process should call OPENSSL_fork_parent() and the child process should
 call OPENSSL_fork_child().
 
+=head1 RETURN VALUES
+
+OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not
+return values.
+
 =head1 SEE ALSO
 
 L<OPENSSL_init_crypto(3)>

doc/man3/OPENSSL_instrument_bus.pod

@@ -32,7 +32,7 @@ periods when probe values appeared deterministic. The subroutine
 performs at most B<max> probes in attempt to fill the B<vector[num]>,
 with B<max> value of 0 meaning "as many as it takes."
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 Return value of 0 indicates that CPU is not capable of performing the
 benchmark, either because oscillator counter or 'flush cache line' is
@@ -43,7 +43,7 @@ Otherwise number of recorded values is returned.
 
 =head1 COPYRIGHT
 
-Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OPENSSL_load_builtin_modules.pod

@@ -10,7 +10,7 @@ OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add
 
  void OPENSSL_load_builtin_modules(void);
  void ASN1_add_oid_module(void);
- ENGINE_add_conf_module();
+ void ENGINE_add_conf_module(void);
 
 =head1 DESCRIPTION
 
@@ -36,7 +36,7 @@ configuration modules instead of adding modules selectively: otherwise
 functionality may be missing from the application if an when new
 modules are added.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 None of the functions return a value.
 
@@ -46,7 +46,7 @@ L<config(5)>, L<OPENSSL_config(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/PEM_read_bio_PrivateKey.pod

@@ -450,7 +450,7 @@ where B<x> already contains a valid certificate, may not work, whereas:
 
 is guaranteed to work.
 
-=head1 RETURN CODES
+=head1 RETURN VALUES
 
 The read routines return either a pointer to the structure read or NULL
 if an error occurred.
@@ -469,7 +469,7 @@ L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/PKCS12_create.pod

@@ -60,13 +60,17 @@ should be used.
 
 B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
 
+=head1 RETURN VALUES
+
+PKCS12_create() returns a valid B<PKCS12> structure or NULL if an error occurred.
+
 =head1 SEE ALSO
 
 L<d2i_PKCS12(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RAND_cleanup.pod

@@ -19,7 +19,7 @@ the PRNG.  As of version 1.1.0, it does nothing and should not be called,
 since no explicit initialisation or de-initialisation is necessary. See
 L<OPENSSL_init_crypto(3)>.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 RAND_cleanup() returns no value.
 

doc/man3/RAND_egd.pod

@@ -34,7 +34,7 @@ RAND_add() is not called.
 OpenSSL can be configured at build time to try to use the EGD for seeding
 automatically.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
 daemon on success, or -1 if the connection failed or the daemon did not

doc/man3/RSA_check_key.pod

@@ -33,7 +33,7 @@ manner as L<BN_is_prime_ex(3)>.
 
 RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL B<cb>.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 RSA_check_key_ex() and RSA_check_key()
 return 1 if B<rsa> is a valid RSA key, and 0 otherwise.
@@ -74,7 +74,7 @@ RSA_check_key_ex() appeared after OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RSA_generate_key.pod

@@ -73,7 +73,7 @@ it is called as B<BN_GENCB_call(cb, 3, 0)>.
 The process is then repeated for prime q and other primes (if any)
 with B<BN_GENCB_call(cb, 3, i)> where B<i> indicates the i-th prime.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 RSA_generate_multi_prime_key() returns 1 on success or 0 on error.
 RSA_generate_key_ex() returns 1 on success or 0 on error.

doc/man3/RSA_size.pod

@@ -27,7 +27,7 @@ B<rsa> and B<rsa-E<gt>n> must not be B<NULL>.
 RSA_security_bits() returns the number of security bits of the given B<rsa>
 key. See L<BN_security_bits(3)>.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 RSA_size() returns the size of modulus in bytes.
 
@@ -45,7 +45,7 @@ RSA_bits() was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SCT_print.pod

@@ -29,6 +29,11 @@ SCT_validation_status_string() will return the validation status of an SCT as
 a human-readable string. Call SCT_validate() or SCT_LIST_validate()
 beforehand in order to set the validation status of an SCT first.
 
+=head1 RETURN VALUES
+
+SCT_validation_status_string() returns a null-terminated string representing
+the validation status of an B<SCT> object.
+
 =head1 SEE ALSO
 
 L<ct(7)>,
@@ -42,7 +47,7 @@ These functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CIPHER_get_name.pod

@@ -150,6 +150,33 @@ Some examples for the output of SSL_CIPHER_description():
  ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
  RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
 
+=head1 RETURN VALUES
+
+SSL_CIPHER_get_name(), SSL_CIPHER_standard_name(), OPENSSL_cipher_name(),
+SSL_CIPHER_get_version() and SSL_CIPHER_description() return the corresponding
+value in a null-terminated string for a specific cipher or "(NONE)"
+if the cipher is not found.
+
+SSL_CIPHER_get_bits() returns a positive integer representing the number of
+secret bits or 0 if an error occurred.
+
+SSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(),
+SSL_CIPHER_get_kx_nid() and SSL_CIPHER_get_auth_nid() return the NID value or
+B<NID_undef> if an error occurred.
+
+SSL_CIPHER_get_handshake_digest() returns a valid B<EVP_MD> structure or NULL
+if an error occurred.
+
+SSL_CIPHER_is_aead() returns 1 if the cipher is AEAD or 0 otherwise.
+
+SSL_CIPHER_find() returns a valid B<SSL_CIPHER> structure or NULL if an error
+occurred.
+
+SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific ID.
+
+SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS
+protocol-specific ID.
+
 =head1 HISTORY
 
 SSL_CIPHER_get_version() was updated to always return the correct protocol

doc/man3/SSL_CTX_flush_sessions.pod

@@ -34,6 +34,10 @@ cache. When a session is found and removed, the remove_session_cb is however
 called to synchronize with the external cache (see
 L<SSL_CTX_sess_set_get_cb(3)>).
 
+=head1 RETURN VALUES
+
+SSL_CTX_flush_sessions() does not return a value.
+
 =head1 SEE ALSO
 
 L<ssl(7)>,
@@ -43,7 +47,7 @@ L<SSL_CTX_sess_set_get_cb(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_sess_set_get_cb.pod

@@ -89,6 +89,11 @@ Normally the reference count is not incremented and therefore the
 session must not be explicitly freed with
 L<SSL_SESSION_free(3)>.
 
+=head1 RETURN VALUES
+
+SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb() and SSL_CTX_sess_get_get_cb()
+return different callback function pointers respectively.
+
 =head1 SEE ALSO
 
 L<ssl(7)>, L<d2i_SSL_SESSION(3)>,

doc/man3/SSL_CTX_sessions.pod

@@ -25,6 +25,10 @@ L<LHASH(3)> operations, so that the database must not be
 modified directly but by using the
 L<SSL_CTX_add_session(3)> family of functions.
 
+=head1 RETURN VALUES
+
+SSL_CTX_sessions() returns a pointer to the lhash of B<SSL_SESSION>.
+
 =head1 SEE ALSO
 
 L<ssl(7)>, L<LHASH(3)>,
@@ -33,7 +37,7 @@ L<SSL_CTX_set_session_cache_mode(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_cert_cb.pod

@@ -59,6 +59,10 @@ Normal server sanity checks are performed on any certificates set
 by the callback. So if an EC chain is set for a curve the client does not
 support it will B<not> be used.
 
+=head1 RETURN VALUES
+
+SSL_CTX_set_cert_cb() and SSL_set_cert_cb() do not return values.
+
 =head1 SEE ALSO
 
 L<ssl(7)>, L<SSL_use_certificate(3)>,
@@ -68,7 +72,7 @@ L<SSL_clear(3)>, L<SSL_free(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_cert_verify_callback.pod

@@ -42,6 +42,10 @@ about the detailed result of the verification procedure!
 Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback>
 function set using L<SSL_CTX_set_verify(3)>.
 
+=head1 RETURN VALUES
+
+SSL_CTX_set_cert_verify_callback() does not return a value.
+
 =head1 WARNINGS
 
 Do not mix the verification callback described in this function with the
@@ -66,7 +70,7 @@ L<SSL_CTX_load_verify_locations(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_client_cert_cb.pod

@@ -63,6 +63,11 @@ object. It will not be reset by calling L<SSL_clear(3)>.
 If the callback returns no certificate, the OpenSSL library will not send
 a certificate.
 
+=head1 RETURN VALUES
+
+SSL_CTX_get_client_cert_cb() returns function pointer of client_cert_cb() or
+NULL if the callback is not set.
+
 =head1 BUGS
 
 The client_cert_cb() cannot return a complete certificate chain, it can
@@ -96,7 +101,7 @@ L<SSL_clear(3)>, L<SSL_free(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_keylog_callback.pod

@@ -31,6 +31,11 @@ format used by NSS for its B<SSLKEYLOGFILE> debugging output. To recreate that
 file, the key logging callback should log B<line>, followed by a newline.
 B<line> will always be a NULL-terminated string.
 
+=head1 RETURN VALUES
+
+SSL_CTX_get_keylog_callback() returns a pointer to B<SSL_CTX_keylog_cb_func> or
+NULL if the callback is not set.
+
 =head1 SEE ALSO
 
 L<ssl(7)>

doc/man3/SSL_CTX_set_msg_callback.pod

@@ -117,6 +117,11 @@ an "inner" content type. B<buf> contains the encoded "inner" content type byte.
 
 =back
 
+=head1 RETURN VALUES
+
+SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback()
+and SSL_set_msg_callback_arg() do not return values.
+
 =head1 SEE ALSO
 
 L<ssl(7)>, L<SSL_new(3)>

doc/man3/SSL_CTX_set_security_level.pod

@@ -158,13 +158,29 @@ key using SSL_CTX_use_certificate() at level 1. Applications which do not
 check the return values for errors will misbehave: for example it might
 appear that a certificate is not set at all because it had been rejected.
 
+=head1 RETURN VALUES
+
+SSL_CTX_set_security_level() and SSL_set_security_level() do not return values.
+
+SSL_CTX_get_security_level() and SSL_get_security_level() return a integer that
+represents the security level with B<SSL_CTX> or B<SSL>, respectively.
+
+SSL_CTX_set_security_callback() and SSL_set_security_callback() do not return
+values.
+
+SSL_CTX_get_security_callback() and SSL_get_security_callback() return the pointer
+to the security callback or NULL if the callback is not set.
+
+SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() return the extra
+data pointer or NULL if the ex data is not set.
+
 =head1 HISTORY
 
 These functions were first added to OpenSSL 1.1.0
 
 =head1 COPYRIGHT
 
-Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_SESSION_get0_hostname.pod

@@ -41,6 +41,15 @@ value in B<alpn> which should be of length B<len> bytes. A copy of the input
 value is made, and the caller retains ownership of the memory pointed to by
 B<alpn>.
 
+=head1 RETURN VALUES
+
+SSL_SESSION_get0_hostname() returns either a string or NULL based on if there
+is the SNI value sent by client.
+
+SSL_SESSION_set1_hostname() returns 1 on success or 0 on error.
+
+SSL_SESSION_set1_alpn_selected() returns 1 on success or 0 on error.
+
 =head1 SEE ALSO
 
 L<ssl(7)>,

doc/man3/SSL_SESSION_has_ticket.pod

@@ -29,6 +29,12 @@ NULL then a pointer to the ticket is written to B<*tick>. The pointer is only
 valid while the connection is in use. The session (and hence the ticket pointer)
 may also become invalid as a result of a call to SSL_CTX_flush_sessions().
 
+=head1 RETURN VALUES
+
+SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.
+
+SSL_SESSION_get_ticket_lifetime_hint() returns the number of seconds.
+
 =head1 SEE ALSO
 
 L<ssl(7)>,
@@ -43,7 +49,7 @@ SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_SESSION_is_resumable.pod

@@ -18,6 +18,10 @@ to resume a session or not. Returns 1 if it can or 0 if not. Note that
 attempting to resume with a non-resumable session will result in a full
 handshake.
 
+=head1 RETURN VALUES
+
+SSL_SESSION_is_resumable() returns 1 if the session is resumable or 0 otherwise.
+
 =head1 SEE ALSO
 
 L<ssl(7)>,

doc/man3/UI_UTIL_read_pw.pod

@@ -48,13 +48,21 @@ UI_UTIL_read_pw_string() and UI_UTIL_read_pw(), there is
 PEM_def_callback(), EVP_read_pw_string() and EVP_read_pw_string_min())
 all use the default B<UI_METHOD>.
 
+=head1 RETURN VALUES
+
+UI_UTIL_read_pw_string() and UI_UTIL_read_pw() return 0 on success or a negative
+value on error.
+
+UI_UTIL_wrap_read_pem_callback() returns a valid B<UI_METHOD> structure or NULL
+if an error occurred.
+
 =head1 SEE ALSO
 
 L<UI_get_default_method(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/UI_new.pod

@@ -209,6 +209,34 @@ For Windows, if the OPENSSL_WIN32_UTF8 environment variable is set,
 the built-in method UI_OpenSSL() will produce UTF-8 encoded strings
 instead.
 
+=head1 RETURN VALUES
+
+UI_new() and UI_new_method() return a valid B<UI> structure or NULL if an error
+occurred.
+
+UI_add_input_string(), UI_dup_input_string(), UI_add_verify_string(),
+UI_dup_verify_string(), UI_add_input_boolean(), UI_dup_input_boolean(),
+UI_add_info_string(), UI_dup_info_string(), UI_add_error_string()
+and UI_dup_error_string() return a positive number on success or a value which
+is less than or equal to 0 otherwise.
+
+UI_construct_prompt() returns a string or NULL if an error occurred.
+
+UI_dup_user_data() returns 0 on success or -1 on error.
+
+UI_get0_result() returns a string or NULL on error.
+
+UI_get_result_length() returns a positive integer or 0 on success; otherwise it
+returns -1 on error.
+
+UI_process() returns 0 on success or a negative value on error.
+
+UI_ctrl() returns a mask on success or -1 on error.
+
+UI_get_default_method(), UI_get_method(), UI_Openssl(), UI_null() and
+UI_set_method() return either a valid B<UI_METHOD> structure or NULL
+respectively.
+
 =head1 HISTORY
 
 UI_dup_user_data()

doc/man3/X509_ALGOR_dup.pod

@@ -36,9 +36,21 @@ values for the message digest B<md>.
 X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
 encodings and non-zero otherwise.
 
+=head1 RETURN VALUES
+
+X509_ALGOR_dup() returns a valid B<X509_ALGOR> structure or NULL if an error
+occurred.
+
+X509_ALGOR_set0() returns 1 on success or 0 on error.
+
+X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.
+
+X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and
+non-zero otherwise.
+
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/X509_LOOKUP_hash_dir.pod

@@ -111,6 +111,14 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL
 OpenSSL includes a L<rehash(1)> utility which creates symlinks with correct
 hashed names for all files with .pem suffix in a given directory.
 
+=head1 RETURN VALUES
+
+X509_LOOKUP_hash_dir() and X509_LOOKUP_file() always return a valid
+B<X509_LOOKUP_METHOD> structure.
+
+X509_load_cert_file(), X509_load_crl_file() and X509_load_cert_crl_file() return
+the number of loaded objects or 0 on error.
+
 =head1 SEE ALSO
 
 L<PEM_read_PrivateKey(3)>,

doc/man3/X509_NAME_ENTRY_get_object.pod

@@ -67,6 +67,21 @@ X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
 B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
 set first so the relevant field information can be looked up internally.
 
+=head1 RETURN VALUES
+
+X509_NAME_ENTRY_get_object() returns a valid B<ASN1_OBJECT> structure if it is
+set or NULL if an error occurred.
+
+X509_NAME_ENTRY_get_data() returns a valid B<ASN1_STRING> structure if it is set
+or NULL if an error occurred.
+
+X509_NAME_ENTRY_set_object() and X509_NAME_ENTRY_set_data() return 1 on success
+or 0 on error.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and
+X509_NAME_ENTRY_create_by_OBJ() return a valid B<X509_NAME_ENTRY> on success or
+NULL if an error occurred.
+
 =head1 SEE ALSO
 
 L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>,
@@ -74,7 +89,7 @@ L<OBJ_nid2obj(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/X509_NAME_print_ex.pod

@@ -97,13 +97,23 @@ B<XN_FLAG_MULTILINE> is a multiline format which is the same as:
 
 B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
 
+=head1 RETURN VALUES
+
+X509_NAME_oneline() returns a valid string on success or NULL on error.
+
+X509_NAME_print() returns 1 on success or 0 on error.
+
+X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error
+if the B<XN_FLAG_COMPAT> is set, which is the same as X509_NAME_print(). Otherwise,
+it returns -1 on error or other values on success.
+
 =head1 SEE ALSO
 
 L<ASN1_STRING_print_ex(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/X509_SIG_get0.pod

@@ -20,13 +20,17 @@ value in B<sig>. X509_SIG_getm() is identical to X509_SIG_get0()
 except the pointers returned are not constant and can be modified:
 for example to initialise them.
 
+=head1 RETURN VALUES
+
+X509_SIG_get0() and X509_SIG_getm() return no values.
+
 =head1 SEE ALSO
 
 L<d2i_X509(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/X509_check_ca.pod

@@ -15,7 +15,7 @@ X509_check_ca - check if given certificate is CA certificate
 This function checks if given certificate is CA certificate (can be used
 to sign other certificates).
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
 CA certificate with B<basicConstraints> extension CA:TRUE,
@@ -35,7 +35,7 @@ L<X509_check_purpose(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/X509_check_issued.pod

@@ -22,7 +22,7 @@ B<subjectKeyIdentifier> of I<issuer> if B<authorityKeyIdentifier>
 present in the I<subject> certificate and checks B<keyUsage> field of
 I<issuer>.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 Function return B<X509_V_OK> if certificate I<subject> is issued by
 I<issuer> or some B<X509_V_ERR*> constant to indicate an error.
@@ -35,7 +35,7 @@ L<verify(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/X509_check_private_key.pod

@@ -22,7 +22,7 @@ key B<k> with the public key in B<x>.
 X509_REQ_check_private_key() is equivalent to X509_check_private_key()
 except that B<x> represents a certificate request of structure B<X509_REQ>.
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 X509_check_private_key() and X509_REQ_check_private_key() return 1 if
 the keys match each other, and 0 if not.

doc/man3/X509_get_extension_flags.pod

@@ -138,7 +138,7 @@ If X509_get0_subject_key_id() returns B<NULL> then the extension may be
 absent or malformed. Applications can determine the precise reason using
 X509_get_ext_d2i().
 
-=head1 RETURN VALUE
+=head1 RETURN VALUES
 
 X509_get_pathlen() returns the path length value, or -1 if the extension
 is not present.
@@ -165,7 +165,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/d2i_DHparams.pod

@@ -19,13 +19,20 @@ DHparameter structure described in PKCS#3.
 Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
 described in the L<d2i_X509(3)> manual page.
 
+=head1 RETURN VALUES
+
+d2i_DHparams() returns a valid B<DH> structure or NULL if an error occurred.
+
+i2d_DHparams() returns the length of encoded data on success or a value which
+is less than or equal to 0 on error.
+
 =head1 SEE ALSO
 
 L<d2i_X509(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/d2i_PKCS8PrivateKey_bio.pod

@@ -45,13 +45,21 @@ Currently all the functions use BIOs or FILE pointers, there are no functions wh
 work directly on memory: this can be readily worked around by converting the buffers
 to memory BIOs, see L<BIO_s_mem(3)> for details.
 
+=head1 RETURN VALUES
+
+d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid B<EVP_PKEY>
+structure or NULL if an error occurred.
+
+i2d_PKCS8PrivateKey_bio(), i2d_PKCS8PrivateKey_fp(), i2d_PKCS8PrivateKey_nid_bio()
+and i2d_PKCS8PrivateKey_nid_fp() return 1 on success or 0 on error.
+
 =head1 SEE ALSO
 
 L<PEM_read_PrivateKey(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/i2d_re_X509_tbs.pod

@@ -48,6 +48,15 @@ the encoding is automatically renewed. Otherwise, the encoding of the
 TBSCertificate portion of the B<X509> can be manually renewed by calling
 i2d_re_X509_tbs().
 
+=head1 RETURN VALUES
+
+d2i_X509_AUX() returns a valid B<X509> structure or NULL if an error occurred.
+
+i2d_X509_AUX() returns the length of encoded data or -1 on error.
+
+i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the
+length of encoded data or 0 on error.
+
 =head1 SEE ALSO
 
 L<ERR_get_error(3)>
@@ -69,7 +78,7 @@ L<X509_verify_cert(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy