man pages: add missing commas between subordinate and main clauses

jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.

ok jmc@

41 files changed, 167 insertions, 167 deletions

diff --git a/src/lib/libc/net/getaddrinfo.3 b/src/lib/libc/net/getaddrinfo.3
index de46e70182..035db2780b 100644
--- a/src/lib/libc/net/getaddrinfo.3
+++ b/src/lib/libc/net/getaddrinfo.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: getaddrinfo.3,v 1.59 2019/08/30 20:20:50 jmc Exp $
+.\"     $OpenBSD: getaddrinfo.3,v 1.60 2022/03/31 17:27:16 naddy Exp $
 .\"     $KAME: getaddrinfo.3,v 1.36 2005/01/05 03:23:05 itojun Exp $
 .\"
 .\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
@@ -16,7 +16,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 30 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt GETADDRINFO 3
 .Os
 .Sh NAME
@@ -105,7 +105,7 @@ or
 .Dv SOCK_RAW .
 When
 .Fa ai_socktype
-is zero the caller will accept any socket type.
+is zero, the caller will accept any socket type.
 .It Fa ai_protocol
 Indicates which transport protocol is desired,
 .Dv IPPROTO_UDP
@@ -113,7 +113,7 @@ or
 .Dv IPPROTO_TCP .
 If
 .Fa ai_protocol
-is zero the caller will accept any protocol.
+is zero, the caller will accept any protocol.
 .It Fa ai_flags
 .Fa ai_flags
 is formed by
@@ -180,7 +180,7 @@ and no service name resolution should be attempted.
 .It Dv AI_PASSIVE
 If the
 .Dv AI_PASSIVE
-bit is set it indicates that the returned socket address structure
+bit is set, it indicates that the returned socket address structure
 is intended for use in a call to
 .Xr bind 2 .
 In this case, if the
diff --git a/src/lib/libc/net/inet6_opt_init.3 b/src/lib/libc/net/inet6_opt_init.3
index fb4253aa2c..41ba842166 100644
--- a/src/lib/libc/net/inet6_opt_init.3
+++ b/src/lib/libc/net/inet6_opt_init.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: inet6_opt_init.3,v 1.7 2022/03/29 18:15:52 naddy Exp $
+.\"     $OpenBSD: inet6_opt_init.3,v 1.8 2022/03/31 17:27:16 naddy Exp $
 .\"     $KAME: inet6_opt_init.3,v 1.7 2004/12/27 05:08:23 itojun Exp $
 .\"
 .\" Copyright (C) 2004 WIDE Project.
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt INET6_OPT_INIT 3
 .Os
 .\"
@@ -97,7 +97,7 @@ The
 function can perform different jobs.
 When a valid
 .Fa extbuf
-argument is supplied it appends an option to the extension buffer and
+argument is supplied, it appends an option to the extension buffer and
 returns the updated total length as well as a pointer to the newly
 created option in
 .Fa databufp .
@@ -173,7 +173,7 @@ or
 When
 .Fa extbuf
 is not
-.Dv NULL
+.Dv NULL ,
 the function also sets up the appropriate padding bytes by inserting a
 Pad1 or PadN option of the proper length.
 .Pp
@@ -238,7 +238,7 @@ and
 point to the 8-bit option type, the 8-bit option length and the option
 data respectively.
 This function does not return any PAD1 or PADN options.
-When an error occurs or there are no more options the return
+When an error occurs or there are no more options, the return
 value is \-1.
 .\"
 .Ss inet6_opt_find
diff --git a/src/lib/libc/net/inet6_rth_space.3 b/src/lib/libc/net/inet6_rth_space.3
index fd69da2455..c40b45057e 100644
--- a/src/lib/libc/net/inet6_rth_space.3
+++ b/src/lib/libc/net/inet6_rth_space.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: inet6_rth_space.3,v 1.7 2014/06/11 16:59:47 chrisz Exp $
+.\"     $OpenBSD: inet6_rth_space.3,v 1.8 2022/03/31 17:27:16 naddy Exp $
 .\"     $KAME: inet6_rth_space.3,v 1.7 2005/01/05 03:00:44 itojun Exp $
 .\"
 .\" Copyright (C) 2004 WIDE Project.
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 11 2014 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt INET6_RTH_SPACE 3
 .Os
 .\"
@@ -85,7 +85,7 @@ argument and containing the number of addresses specified in the
 .Fa segments
 argument.
 When the type is
-.Dv IPV6_RTHDR_TYPE_0
+.Dv IPV6_RTHDR_TYPE_0 ,
 the number of segments must be from 0 through 127.
 The return value from this function is the number of bytes required to
 store the routing header.
diff --git a/src/lib/libc/net/inet_net_ntop.3 b/src/lib/libc/net/inet_net_ntop.3
index 816e87bf98..cac234be42 100644
--- a/src/lib/libc/net/inet_net_ntop.3
+++ b/src/lib/libc/net/inet_net_ntop.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: inet_net_ntop.3,v 1.2 2021/09/01 15:59:22 claudio Exp $
+.\"     $OpenBSD: inet_net_ntop.3,v 1.3 2022/03/31 17:27:16 naddy Exp $
 .\"     $NetBSD: inet_net.3,v 1.1 1997/06/18 02:25:27 lukem Exp $
 .\"
 .\" Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -28,7 +28,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 1 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt INET_NET_NTOP 3
 .Os
 .Sh NAME
@@ -110,7 +110,7 @@ is in the range
 and is used to explicitly specify the number of bits in the network address.
 When
 .Dq Li /bits
-is not specified the number of bits in the network address is calculated
+is not specified, the number of bits in the network address is calculated
 as the larger of the number of bits in the class to which the address
 belongs and the number of bits provided rounded up modulo 8.
 Examples:
@@ -176,7 +176,7 @@ is in the range
 and is used to explicitly specify the number of bits in the network address.
 When
 .Dq Li /bits
-is not specified 128 is used.
+is not specified, 128 is used.
 Note that when the number of bits is specified using
 .Dq Li /bits
 notation, the value of the address still includes all bits supplied
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index dc3e691ece..9bd498ab50 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -30,9 +30,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: malloc.3,v 1.128 2021/04/09 06:04:15 otto Exp $
+.\"     $OpenBSD: malloc.3,v 1.129 2022/03/31 17:27:16 naddy Exp $
 .\"
-.Dd $Mdocdate: April 9 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt MALLOC 3
 .Os
 .Sh NAME
@@ -423,7 +423,7 @@ and multiplying
 .Fa oldnmemb
 and
 .Fa size
-results in integer overflow
+results in integer overflow,
 .Fn recallocarray
 returns
 .Dv NULL
@@ -610,7 +610,7 @@ Here is a brief description of the error messages and what they mean:
 .It Dq out of memory
 If the
 .Cm X
-option is specified it is an error for the allocation functions
+option is specified, it is an error for the allocation functions
 to return
 .Dv NULL .
 .It Dq bogus pointer (double free?)
diff --git a/src/lib/libc/stdlib/tsearch.3 b/src/lib/libc/stdlib/tsearch.3
index cd90435614..a7ab985013 100644
--- a/src/lib/libc/stdlib/tsearch.3
+++ b/src/lib/libc/stdlib/tsearch.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tsearch.3,v 1.21 2019/01/25 00:19:25 millert Exp $
+.\" $OpenBSD: tsearch.3,v 1.22 2022/03/31 17:27:16 naddy Exp $
 .\"
 .\" Copyright (c) 1997 Todd C. Miller <millert@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 25 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt TSEARCH 3
 .Os
 .Sh NAME
@@ -63,7 +63,7 @@ except that if no match is found,
 is inserted into the tree and a pointer to it is returned.
 If
 .Fa rootp
-points to a null value a new binary search tree is created.
+points to a null value, a new binary search tree is created.
 .Pp
 .Fn tdelete
 deletes a node from the specified binary search tree and returns
diff --git a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
index a53723fbfd..15156ffca3 100644
--- a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
+++ b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $
+.\"     $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.6 2022/03/31 17:27:16 naddy Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ACCESS_DESCRIPTION_NEW 3
 .Os
 .Sh NAME
@@ -94,7 +94,7 @@ object, which is a
 and represents an ASN.1
 .Vt AuthorityInfoAccessSyntax
 structure defined in RFC 5280 section 4.2.2.1.
-If can be used for the authority information access extension of
+It can be used for the authority information access extension of
 certificates and certificate revocation lists and for the subject
 information access extension of certificates.
 .Fn AUTHORITY_INFO_ACCESS_free
diff --git a/src/lib/libcrypto/man/ASN1_TIME_set.3 b/src/lib/libcrypto/man/ASN1_TIME_set.3
index b966165fb2..cd6ab937d0 100644
--- a/src/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/src/lib/libcrypto/man/ASN1_TIME_set.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_TIME_set.3,v 1.16 2021/11/21 17:35:53 schwarze Exp $
+.\" $OpenBSD: ASN1_TIME_set.3,v 1.17 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 21 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ASN1_TIME_SET 3
 .Os
 .Sh NAME
@@ -321,7 +321,7 @@ If both
 .Pf * Fa pday
 and
 .Pf * Fa psec
-are nonzero they will always have the same sign.
+are nonzero, they will always have the same sign.
 The value of
 .Pf * Fa psec
 will always be less than the number of seconds in a day.
diff --git a/src/lib/libcrypto/man/BIO_f_buffer.3 b/src/lib/libcrypto/man/BIO_f_buffer.3
index 21a6e9a5fe..27baf7270c 100644
--- a/src/lib/libcrypto/man/BIO_f_buffer.3
+++ b/src/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_f_buffer.3,v 1.10 2018/05/01 17:05:05 schwarze Exp $
+.\"     $OpenBSD: BIO_f_buffer.3,v 1.11 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 9b86974e Mar 19 12:32:14 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_F_BUFFER 3
 .Os
 .Sh NAME
@@ -132,7 +132,7 @@ bytes of
 .Fa buf .
 If
 .Fa num
-is larger than the current buffer size the buffer is expanded.
+is larger than the current buffer size, the buffer is expanded.
 .Pp
 Except
 .Fn BIO_f_buffer ,
diff --git a/src/lib/libcrypto/man/BIO_s_accept.3 b/src/lib/libcrypto/man/BIO_s_accept.3
index 4ead28b62f..c33abee901 100644
--- a/src/lib/libcrypto/man/BIO_s_accept.3
+++ b/src/lib/libcrypto/man/BIO_s_accept.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_accept.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $
+.\"     $OpenBSD: BIO_s_accept.3,v 1.12 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL c03726ca Thu Aug 27 12:28:08 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 12 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_ACCEPT 3
 .Os
 .Sh NAME
@@ -223,7 +223,7 @@ incoming connection before processing I/O calls.
 When an accept BIO is not at then end of a chain,
 it passes I/O calls to the next BIO in the chain.
 .Pp
-When a connection is established a new socket BIO is created
+When a connection is established, a new socket BIO is created
 for the connection and appended to the chain.
 That is the chain is now accept->socket.
 This effectively means that attempting I/O on an initial accept
diff --git a/src/lib/libcrypto/man/BIO_s_bio.3 b/src/lib/libcrypto/man/BIO_s_bio.3
index 171207dfe1..bf4e8738b5 100644
--- a/src/lib/libcrypto/man/BIO_s_bio.3
+++ b/src/lib/libcrypto/man/BIO_s_bio.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_bio.3,v 1.13 2018/05/01 17:05:05 schwarze Exp $
+.\"     $OpenBSD: BIO_s_bio.3,v 1.14 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL c03726ca Aug 27 12:28:08 2015 -0400
 .\"
 .\" This file was written by
@@ -53,7 +53,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_BIO 3
 .Os
 .Sh NAME
@@ -182,7 +182,7 @@ sets the write buffer size of BIO
 .Fa b
 to
 .Fa size .
-If the size is not initialized a default value is used.
+If the size is not initialized, a default value is used.
 This is currently 17K, sufficient for a maximum size TLS record.
 .Pp
 .Fn BIO_get_write_buf_size
@@ -255,7 +255,7 @@ or
 .Xr SSL_free 3
 call, the other half still needs to be freed.
 .Pp
-When used in bidirectional applications (such as TLS/SSL)
+When used in bidirectional applications (such as TLS/SSL),
 care should be taken to flush any data in the write buffer.
 This can be done by calling
 .Xr BIO_pending 3
diff --git a/src/lib/libcrypto/man/BIO_s_connect.3 b/src/lib/libcrypto/man/BIO_s_connect.3
index 7ddde85f53..2732e9bc9c 100644
--- a/src/lib/libcrypto/man/BIO_s_connect.3
+++ b/src/lib/libcrypto/man/BIO_s_connect.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_connect.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $
+.\"     $OpenBSD: BIO_s_connect.3,v 1.12 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 12 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_CONNECT 3
 .Os
 .Sh NAME
@@ -159,7 +159,7 @@ and also returns the socket.
 If
 .Fa c
 is not
-.Dv NULL
+.Dv NULL ,
 it should be of type
 .Vt "int *" .
 .Pp
diff --git a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index e431b2cb36..094d6ec487 100644
--- a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $
+.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.8 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 2 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt CMS_GET0_RECIPIENTINFOS 3
 .Os
 .Sh NAME
@@ -255,7 +255,7 @@ Depending on the type, the
 structure can be ignored or its key identifier data retrieved using
 an appropriate function.
 If the corresponding secret or private key can be obtained by any
-appropriate means it can then be associated with the structure and
+appropriate means, it can then be associated with the structure and
 .Fn CMS_RecipientInfo_decrypt
 called.
 If successful,
diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
index c78076b8a8..9d72b85642 100644
--- a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.12 2019/08/16 12:16:22 schwarze Exp $
+.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.13 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL CRYPTO_get_ex_new_index 9e183d22 Mar 11 08:56:44 2017 -0500
 .\" selective merge up to: 72a7a702 Feb 26 14:05:09 2019 +0000
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 16 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt CRYPTO_SET_EX_DATA 3
 .Os
 .Sh NAME
@@ -156,7 +156,7 @@ header file.
 .Pp
 The API described here is used by OpenSSL to manipulate exdata for
 specific structures.
-Since the application data can be anything at all it is passed and
+Since the application data can be anything at all, it is passed and
 retrieved as a
 .Vt void *
 type.
diff --git a/src/lib/libcrypto/man/DES_set_key.3 b/src/lib/libcrypto/man/DES_set_key.3
index da58957d36..e74c7c5e48 100644
--- a/src/lib/libcrypto/man/DES_set_key.3
+++ b/src/lib/libcrypto/man/DES_set_key.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: DES_set_key.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400
 .\"
@@ -115,7 +115,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt DES_SET_KEY 3
 .Os
 .Sh NAME
@@ -747,7 +747,7 @@ If set to
 .Dv DES_PCBC_MODE
 (the default), DES_pcbc_encrypt is used.
 If set to
-.Dv DES_CBC_MODE
+.Dv DES_CBC_MODE ,
 DES_cbc_encrypt is used.
 .Sh RETURN VALUES
 .Fn DES_set_key ,
diff --git a/src/lib/libcrypto/man/EC_GROUP_new.3 b/src/lib/libcrypto/man/EC_GROUP_new.3
index a02104f967..ef7251fa3d 100644
--- a/src/lib/libcrypto/man/EC_GROUP_new.3
+++ b/src/lib/libcrypto/man/EC_GROUP_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EC_GROUP_new.3,v 1.13 2021/05/11 04:22:32 tb Exp $
+.\"     $OpenBSD: EC_GROUP_new.3,v 1.14 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 11 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EC_GROUP_NEW 3
 .Os
 .Sh NAME
@@ -288,7 +288,7 @@ item has a unique integer ID
 .Pq Fa nid
 and a human readable comment string describing the curve.
 .Pp
-In order to construct a builtin curve use the function
+In order to construct a builtin curve, use the function
 .Fn EC_GROUP_new_by_curve_name
 and provide the
 .Fa nid
diff --git a/src/lib/libcrypto/man/ERR_put_error.3 b/src/lib/libcrypto/man/ERR_put_error.3
index 142d2eb2bd..7eac5e415c 100644
--- a/src/lib/libcrypto/man/ERR_put_error.3
+++ b/src/lib/libcrypto/man/ERR_put_error.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ERR_put_error.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $
+.\"     $OpenBSD: ERR_put_error.3,v 1.10 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ERR_PUT_ERROR 3
 .Os
 .Sh NAME
@@ -128,7 +128,7 @@ Function and reason codes should consist of upper case characters,
 numbers and underscores only.
 The error file generation script translates function codes into function
 names by looking in the header files for an appropriate function name.
-If none is found it just uses the capitalized form such as "SSL23_READ"
+If none is found, it just uses the capitalized form such as "SSL23_READ"
 in the above example.
 .Pp
 The trailing section of a reason code (after the "_R_") is translated
diff --git a/src/lib/libcrypto/man/EVP_DigestInit.3 b/src/lib/libcrypto/man/EVP_DigestInit.3
index 9b2ee4e09f..b9aacf9e9f 100644
--- a/src/lib/libcrypto/man/EVP_DigestInit.3
+++ b/src/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.22 2022/01/15 09:08:51 tb Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.23 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL a95d7574 Jul 2 12:16:38 2017 -0400
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -457,7 +457,7 @@ For example
 .Fn EVP_sha1
 is associated with RSA so this will return
 .Dv NID_sha1WithRSAEncryption .
-Since digests and signature algorithms are no longer linked this
+Since digests and signature algorithms are no longer linked, this
 function is only retained for compatibility reasons.
 .Pp
 .Fn EVP_md5 ,
diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 58d18346e1..47527925ba 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.42 2021/10/14 00:45:02 tb Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.43 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -71,7 +71,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 14 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -535,7 +535,7 @@ The encrypted final data is written to
 which should have sufficient space for one cipher block.
 The number of bytes written is placed in
 .Fa outl .
-After this function is called the encryption operation is finished and
+After this function is called, the encryption operation is finished and
 no further calls to
 .Fn EVP_EncryptUpdate
 should be made.
@@ -754,7 +754,7 @@ This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it
 ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the
 same NID.
 If the cipher does not have an object identifier or does not
-have ASN.1 support this function will return
+have ASN.1 support, this function will return
 .Dv NID_undef .
 .Pp
 .Fn EVP_CIPHER_CTX_cipher
@@ -842,7 +842,7 @@ block size n will equal the block size.
 For example if the block size is 8 and 11 bytes are to be encrypted then
 5 padding bytes of value 5 will be added.
 .Pp
-When decrypting the final block is checked to see if it has the correct
+When decrypting, the final block is checked to see if it has the correct
 form.
 .Pp
 Although the decryption operation can produce an error if padding is
@@ -1374,7 +1374,7 @@ first appeared in LibreSSL 2.8.1 and has been available since
 and
 .Dv EVP_MAX_IV_LENGTH
 only refer to the internal ciphers with default key lengths.
-If custom ciphers exceed these values the results are unpredictable.
+If custom ciphers exceed these values, the results are unpredictable.
 This is because it has become standard practice to define a generic key
 as a fixed unsigned char array containing
 .Dv EVP_MAX_KEY_LENGTH
diff --git a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
index cdae726c42..af5ed93fba 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_DECRYPT 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa out
 buffer.
-If the call is successful the decrypted data is written to
+If the call is successful, the decrypted data is written to
 .Fa out
 and the amount of data written to
 .Fa outlen .
diff --git a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
index a627c2abb6..210c43d6d8 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_encrypt.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_encrypt.3,v 1.7 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_ENCRYPT 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa out
 buffer.
-If the call is successful the encrypted data is written to
+If the call is successful, the encrypted data is written to
 .Fa out
 and the amount of data written to
 .Fa outlen .
diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3
index efbea950c9..fbd8e66376 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_SIGN 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa sig
 buffer.
-If the call is successful the signature is written to
+If the call is successful, the signature is written to
 .Fa sig
 and the amount of data written to
 .Fa siglen .
diff --git a/src/lib/libcrypto/man/EVP_SignInit.3 b/src/lib/libcrypto/man/EVP_SignInit.3
index a53d059b46..06aeb2f141 100644
--- a/src/lib/libcrypto/man/EVP_SignInit.3
+++ b/src/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_SignInit.3,v 1.14 2019/06/10 14:58:48 schwarze Exp $
+.\" $OpenBSD: EVP_SignInit.3,v 1.15 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_SIGNINIT 3
 .Os
 .Sh NAME
@@ -217,7 +217,7 @@ could not be made after calling
 .Fn EVP_SignFinal .
 .Pp
 Since the private key is passed in the call to
-.Fn EVP_SignFinal
+.Fn EVP_SignFinal ,
 any error relating to the private key (for example an unsuitable key and
 digest combination) will not be indicated until after potentially large
 amounts of data have been passed through
diff --git a/src/lib/libcrypto/man/OBJ_nid2obj.3 b/src/lib/libcrypto/man/OBJ_nid2obj.3
index 511bf8567a..4b35762dcf 100644
--- a/src/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/src/lib/libcrypto/man/OBJ_nid2obj.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_nid2obj.3,v 1.18 2021/12/18 17:47:45 schwarze Exp $
+.\" $OpenBSD: OBJ_nid2obj.3,v 1.19 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000
 .\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 18 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OBJ_NID2OBJ 3
 .Os
 .Sh NAME
@@ -206,7 +206,7 @@ is 0 then long names and short names will be interpreted as well as
 numerical forms.
 If
 .Fa no_name
-is 1 only the numerical form is acceptable.
+is 1, only the numerical form is acceptable.
 .Pp
 .Fn OBJ_obj2txt
 converts the
diff --git a/src/lib/libcrypto/man/OCSP_cert_to_id.3 b/src/lib/libcrypto/man/OCSP_cert_to_id.3
index f2ed8b1154..73a21867b9 100644
--- a/src/lib/libcrypto/man/OCSP_cert_to_id.3
+++ b/src/lib/libcrypto/man/OCSP_cert_to_id.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.11 2021/08/06 21:45:55 schwarze Exp $
+.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.12 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 6 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_CERT_TO_ID 3
 .Os
 .Sh NAME
@@ -180,7 +180,7 @@ and
 returns the issuer name hash, hash OID, issuer key hash and serial
 number contained in
 .Fa cid .
-If any of the values are not required the corresponding parameter can be
+If any of the values are not required, the corresponding parameter can be
 set to
 .Dv NULL .
 The values returned by
diff --git a/src/lib/libcrypto/man/OCSP_resp_find_status.3 b/src/lib/libcrypto/man/OCSP_resp_find_status.3
index bcfefb5754..06d0354bd6 100644
--- a/src/lib/libcrypto/man/OCSP_resp_find_status.3
+++ b/src/lib/libcrypto/man/OCSP_resp_find_status.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OCSP_resp_find_status.3,v 1.10 2019/08/27 10:00:41 schwarze Exp $
+.\" $OpenBSD: OCSP_resp_find_status.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL c952780c Jun 21 07:03:34 2016 -0400
 .\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 27 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_RESP_FIND_STATUS 3
 .Os
 .Sh NAME
@@ -295,11 +295,11 @@ or
 .Fn OCSP_single_get0_status .
 If
 .Fa sec
-is non-zero it indicates how many seconds leeway should be allowed in
+is non-zero, it indicates how many seconds leeway should be allowed in
 the check.
 If
 .Fa maxsec
-is positive it indicates the maximum age of
+is positive, it indicates the maximum age of
 .Fa thisupd
 in seconds.
 .Pp
diff --git a/src/lib/libcrypto/man/OCSP_sendreq_new.3 b/src/lib/libcrypto/man/OCSP_sendreq_new.3
index c8107c4d58..300f719525 100644
--- a/src/lib/libcrypto/man/OCSP_sendreq_new.3
+++ b/src/lib/libcrypto/man/OCSP_sendreq_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OCSP_sendreq_new.3,v 1.9 2019/08/27 10:48:41 schwarze Exp $
+.\" $OpenBSD: OCSP_sendreq_new.3,v 1.10 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 27 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_SENDREQ_NEW 3
 .Os
 .Sh NAME
@@ -159,7 +159,7 @@ should be set to
 .Fn OCSP_sendreq_nbio
 performs non-blocking I/O on the OCSP request context
 .Fa rctx .
-When the operation is complete it returns the response in
+When the operation is complete, it returns the response in
 .Pf * Fa presp .
 If
 .Fn OCSP_sendreq_nbio
diff --git a/src/lib/libcrypto/man/PKCS12_create.3 b/src/lib/libcrypto/man/PKCS12_create.3
index d19a6f3e44..bc00d3df78 100644
--- a/src/lib/libcrypto/man/PKCS12_create.3
+++ b/src/lib/libcrypto/man/PKCS12_create.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS12_create.3,v 1.11 2021/10/22 15:50:19 schwarze Exp $
+.\" $OpenBSD: PKCS12_create.3,v 1.12 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 22 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt PKCS12_CREATE 3
 .Os
 .Sh NAME
@@ -137,10 +137,10 @@ should be set to PKCS12_DEFAULT_ITER.
 adds a flag to the store private key.
 This is a non-standard extension that is only currently interpreted by
 MSIE.
-If set to zero the flag is omitted; if set to
-.Dv KEY_SIG
+If set to zero, the flag is omitted; if set to
+.Dv KEY_SIG ,
 the key can be used for signing only; and if set to
-.Dv KEY_EX
+.Dv KEY_EX ,
 it can be used for signing and encryption.
 This option was useful for old export grade software which could use
 signing only keys of arbitrary size but had restrictions on the
diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3
index 2895da16d8..d091c03dfd 100644
--- a/src/lib/libcrypto/man/PKCS7_verify.3
+++ b/src/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: PKCS7_verify.3,v 1.10 2022/01/19 20:28:06 tb Exp $
+.\"     $OpenBSD: PKCS7_verify.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 19 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt PKCS7_VERIFY 3
 .Os
 .Sh NAME
@@ -133,13 +133,13 @@ parameter (if it is not
 and then looking in any certificates contained in the
 .Fa p7
 structure itself.
-If any signer's certificates cannot be located the operation fails.
+If any signer's certificates cannot be located, the operation fails.
 .Pp
 Each signer's certificate is chain verified using the
 .Sy smimesign
 purpose and the supplied trusted certificate store.
 Any internal certificates in the message are used as untrusted CAs.
-If any chain verify fails an error code is returned.
+If any chain verify fails, an error code is returned.
 .Pp
 Finally, the signed content is read (and written to
 .Fa out
diff --git a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 b/src/lib/libcrypto/man/RSA_get_ex_new_index.3
index cf3d3f6fd7..ee1e0e82f7 100644
--- a/src/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/src/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: RSA_get_ex_new_index.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $
+.\"     $OpenBSD: RSA_get_ex_new_index.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org> and
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt RSA_GET_EX_NEW_INDEX 3
 .Os
 .Sh NAME
@@ -117,7 +117,7 @@ with a structure (for example the hash of some part of the structure) or
 some additional data (for example a handle to the data in an external
 library).
 .Pp
-Since the application data can be anything at all it is passed and
+Since the application data can be anything at all, it is passed and
 retrieved as a
 .Vt void *
 type.
diff --git a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index cd7e94d4e1..3c1237d20e 100644
--- a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.15 2021/12/09 19:01:52 schwarze Exp $
+.\"     $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.16 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 9 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_NAME_ADD_ENTRY_BY_TXT 3
 .Os
 .Sh NAME
@@ -205,11 +205,11 @@ if it is -1 it is appended.
 .Pp
 .Fa set
 determines how the new type is added.
-If it is zero a new RDN is created.
+If it is zero, a new RDN is created.
 .Pp
 If
 .Fa set
-is -1 or 1 it is added to the previous or next RDN structure
+is -1 or 1, it is added to the previous or next RDN structure
 respectively.
 This will then be a multivalued RDN: since multivalue RDNs are very
 seldom used,
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 8964d612b2..fdcfd4834e 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.24 2022/03/29 14:27:59 naddy Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.25 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -493,7 +493,7 @@ enables CRL checking for the entire certificate chain.
 disables critical extension checking.
 By default any unhandled critical extensions in certificates or (if
 checked) CRLs results in a fatal error.
-If this flag is set unhandled critical extensions are ignored.
+If this flag is set, unhandled critical extensions are ignored.
 .Sy WARNING :
 setting this option for anything other than debugging purposes can be a
 security risk.
@@ -539,7 +539,7 @@ By default some additional features such as indirect CRLs and CRLs
 signed by different keys are disabled.
 If
 .Dv X509_V_FLAG_EXTENDED_CRL_SUPPORT
-is set they are enabled.
+is set, they are enabled.
 .Pp
 If
 .Dv X509_V_FLAG_USE_DELTAS
diff --git a/src/lib/libcrypto/man/X509_get_pubkey.3 b/src/lib/libcrypto/man/X509_get_pubkey.3
index 506404d9ac..0829397982 100644
--- a/src/lib/libcrypto/man/X509_get_pubkey.3
+++ b/src/lib/libcrypto/man/X509_get_pubkey.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_pubkey.3,v 1.12 2021/10/26 18:05:07 tb Exp $
+.\" $OpenBSD: X509_get_pubkey.3,v 1.13 2022/03/31 17:27:17 naddy Exp $
 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 26 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_GET_PUBKEY 3
 .Os
 .Sh NAME
@@ -128,7 +128,7 @@
 .Fn X509_get_pubkey
 attempts to decode the public key for certificate
 .Fa x .
-If successful it returns the public key as an
+If successful, it returns the public key as an
 .Vt EVP_PKEY
 pointer with its reference count incremented: this means the returned
 key must be freed up after use.
diff --git a/src/lib/libcrypto/man/lh_new.3 b/src/lib/libcrypto/man/lh_new.3
index a9ac283a90..c848eed825 100644
--- a/src/lib/libcrypto/man/lh_new.3
+++ b/src/lib/libcrypto/man/lh_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: lh_new.3,v 1.8 2021/12/17 16:32:07 schwarze Exp $
+.\" $OpenBSD: lh_new.3,v 1.9 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400
 .\" selective merge up to:
@@ -118,7 +118,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: December 17 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt LH_NEW 3
 .Os
 .Sh NAME
@@ -488,7 +488,7 @@ The load is the number of items in the hash table divided by the size of
 the hash table.
 The default values are as follows.
 If (hash->up_load < load) => expand.
-if (hash->down_load > load) => contract.
+If (hash->down_load > load) => contract.
 The
 .Fa up_load
 has a default value of 1 and
@@ -503,12 +503,12 @@ variables.
 The 'load' is kept in a form which is multiplied by 256.
 So hash->up_load=8*256 will cause a load of 8 to be set.
 .Pp
-If you are interested in performance the field to watch is
+If you are interested in performance, the field to watch is
 .Fa num_comp_calls .
 The hash library keeps track of the 'hash' value for each item so when a
 lookup is done, the 'hashes' are compared, if there is a match, then a
 full compare is done, and hash->num_comp_calls is incremented.
-If num_comp_calls is not equal to num_delete plus num_retrieve it means
+If num_comp_calls is not equal to num_delete plus num_retrieve, it means
 that your hash function is generating hashes that are the same for
 different values.
 It is probably worth changing your hash function if this is the case
diff --git a/src/lib/libcrypto/man/openssl.cnf.5 b/src/lib/libcrypto/man/openssl.cnf.5
index ae56869b8b..48ca66cf4b 100644
--- a/src/lib/libcrypto/man/openssl.cnf.5
+++ b/src/lib/libcrypto/man/openssl.cnf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.cnf.5,v 1.7 2020/02/17 12:52:42 inoguchi Exp $
+.\" $OpenBSD: openssl.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100
 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 17 2020 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OPENSSL.CNF 5
 .Os
 .Sh NAME
@@ -265,7 +265,7 @@ bar = bar_section
 The command
 .Ic engine_id
 is used to give the ENGINE name.
-If used this command must be first.
+If used, this command must be first.
 For example:
 .Bd -literal -offset indent
 [engine_section]
@@ -305,7 +305,7 @@ The command
 sets the default algorithms an ENGINE will supply using the functions
 .Xr ENGINE_set_default_string 3 .
 .Pp
-If the name matches none of the above command names it is assumed
+If the name matches none of the above command names, it is assumed
 to be a ctrl command which is sent to the ENGINE.
 The value of the command is the argument to the ctrl command.
 If the value is the string
diff --git a/src/lib/libcrypto/man/x509v3.cnf.5 b/src/lib/libcrypto/man/x509v3.cnf.5
index 392c44d456..89f52d6a01 100644
--- a/src/lib/libcrypto/man/x509v3.cnf.5
+++ b/src/lib/libcrypto/man/x509v3.cnf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: x509v3.cnf.5,v 1.7 2020/06/11 18:03:19 jmc Exp $
+.\" $OpenBSD: x509v3.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL man5/x509v3_config a41815f0 Mar 17 18:43:53 2017 -0700
 .\" selective merge up to: OpenSSL 36cf10cf Oct 4 02:11:08 2017 -0400
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 11 2020 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509V3.CNF 5
 .Os
 .Sh NAME
@@ -163,7 +163,7 @@ parameter indicates the maximum number of CAs that can appear below
 this one in a chain.
 So if you have a CA with a
 .Ic pathlen
-of zero it can only be used to sign end user certificates and not
+of zero, it can only be used to sign end user certificates and not
 further CAs.
 .Ss Key usage
 Key usage is a multi-valued extension consisting of a list of names of
diff --git a/src/lib/libssl/man/BIO_f_ssl.3 b/src/lib/libssl/man/BIO_f_ssl.3
index 8643200285..5e18a85bd1 100644
--- a/src/lib/libssl/man/BIO_f_ssl.3
+++ b/src/lib/libssl/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_f_ssl.3,v 1.11 2019/06/12 09:36:30 schwarze Exp $
+.\" $OpenBSD: BIO_f_ssl.3,v 1.12 2022/03/31 17:27:18 naddy Exp $
 .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 12 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_F_SSL 3
 .Os
 .Sh NAME
@@ -147,7 +147,7 @@ is appended to an
 .Vt SSL
 .Vt BIO
 using
-.Xr BIO_push 3
+.Xr BIO_push 3 ,
 it is automatically used as the
 .Vt SSL
 .Vt BIO Ns 's read and write
@@ -213,7 +213,7 @@ is 0, server mode is set.
 .Fn BIO_set_ssl_renegotiate_bytes
 sets the renegotiate byte count to
 .Fa num .
-When set after every
+When set, after every
 .Fa num
 bytes of I/O (read and write) the SSL session is automatically renegotiated.
 .Fa num
@@ -222,7 +222,7 @@ must be at least 512 bytes.
 .Fn BIO_set_ssl_renegotiate_timeout
 sets the renegotiate timeout to
 .Fa seconds .
-When the renegotiate timeout elapses the session is automatically renegotiated.
+When the renegotiate timeout elapses, the session is automatically renegotiated.
 .Pp
 .Fn BIO_get_num_renegotiates
 returns the total number of session renegotiations due to I/O or timeout.
@@ -303,7 +303,7 @@ established; the call
 should be used for non blocking connect
 .Vt BIO Ns s
 to determine if the call should be retried.
-If an SSL connection has already been established this call has no effect.
+If an SSL connection has already been established, this call has no effect.
 .Pp
 .Vt SSL
 .Vt BIO Ns s
@@ -325,7 +325,7 @@ using a blocking transport will never request a retry.
 Since unknown
 .Xr BIO_ctrl 3
 operations are sent through filter
-.Vt BIO Ns s
+.Vt BIO Ns s ,
 the server name and port can be set using
 .Xr BIO_set_conn_hostname 3
 and
diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3
index 34c3a1adfd..5df0b07785 100644
--- a/src/lib/libssl/man/SSL_CTX_set_options.3
+++ b/src/lib/libssl/man/SSL_CTX_set_options.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_options.3,v 1.15 2021/06/12 11:02:20 tb Exp $
+.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $
 .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100
 .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000
 .\"
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 12 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_CTX_SET_OPTIONS 3
 .Os
 .Sh NAME
@@ -206,7 +206,7 @@ Normally clients and servers using TLSv1.2 and earlier will, where possible,
 transparently make use of
 RFC 5077 tickets for stateless session resumption.
 .Pp
-If this option is set this functionality is disabled and tickets will not be
+If this option is set, this functionality is disabled and tickets will not be
 used by clients or servers.
 .It Dv SSL_OP_NO_TLSv1
 Do not use the TLSv1.0 protocol.
@@ -273,7 +273,7 @@ server with a
 .Em no_renegotiation
 warning alert.
 .Pp
-If the patched OpenSSL server attempts to renegotiate a fatal
+If the patched OpenSSL server attempts to renegotiate, a fatal
 .Em handshake_failure
 alert is sent.
 This is because the server code may be unaware of the unpatched nature of the
@@ -306,7 +306,7 @@ them initially) and this is clearly not acceptable.
 Renegotiation is permitted because this does not add any additional security
 issues: during an attack clients do not see any renegotiations anyway.
 .Pp
-As more servers become patched the option
+As more servers become patched, the option
 .Dv SSL_OP_LEGACY_SERVER_CONNECT
 will
 .Em not
diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index ae0349584a..8be504d3b3 100644
--- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.9 2022/02/18 23:17:15 jsg Exp $
+.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 18 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
 .Os
 .Sh NAME
@@ -117,7 +117,7 @@ when the application is left, it becomes impossible for attackers to decrypt
 past sessions, even if they get hold of the normal (certified) key,
 as this key was only used for signing.
 .Pp
-In order to perform a DH key exchange the server must use a DH group
+In order to perform a DH key exchange, the server must use a DH group
 (DH parameters) and generate a DH key.
 The server will always generate a new DH key during the negotiation.
 .Pp
diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3
index 4cde129bc2..2ab43fdd3e 100644
--- a/src/lib/libssl/man/SSL_get_session.3
+++ b/src/lib/libssl/man/SSL_get_session.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_get_session.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $
+.\"     $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_GET_SESSION 3
 .Os
 .Sh NAME
@@ -109,7 +109,7 @@ If the data is to be kept,
 .Fn SSL_get1_session
 will increment the reference count, so that the session will not be implicitly
 removed by other operations but stays in memory.
-In order to remove the session
+In order to remove the session,
 .Xr SSL_SESSION_free 3
 must be explicitly called once to decrement the reference count again.
 .Pp
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 92c4af720c..6b701609c2 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.136 2022/02/18 10:24:32 jsg Exp $
+.\" $OpenBSD: openssl.1,v 1.137 2022/03/31 17:27:26 naddy Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: February 18 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -272,7 +272,7 @@ If an OID
 .Pq object identifier
 is not part of
 .Nm openssl Ns 's
-internal table it will be represented in
+internal table, it will be represented in
 numerical form
 .Pq for example 1.2.3.4 .
 .Pp
@@ -1146,8 +1146,8 @@ should be linked to each certificate.
 One or more certificates of message recipients: used when encrypting a message.
 .It Fl certfile Ar file
 Allows additional certificates to be specified.
-When signing these will be included with the message.
-When verifying these will be searched for the signer's certificates.
+When signing, these will be included with the message.
+When verifying, these will be searched for the signer's certificates.
 The certificates should be in PEM format.
 .It Fl certsout Ar file
 A file that any certificates contained in the message are written to.
@@ -1198,7 +1198,7 @@ email address matches that specified in the From: address.
 .It Fl econtent_type Ar type
 Set the encapsulated content type, used with
 .Fl sign .
-If not supplied the Data type is used.
+If not supplied, the Data type is used.
 The type argument can be any valid OID name in either text or numerical format.
 .It Fl in Ar file
 The input message to be encrypted or signed or the message to be decrypted or
@@ -1227,7 +1227,7 @@ the certificate file specified with the
 or
 .Fl signer
 file.
-When signing this option can be used multiple times to specify successive keys.
+When signing, this option can be used multiple times to specify successive keys.
 .It Fl keyform Cm der | pem
 Input private key format.
 The default is
@@ -1270,7 +1270,7 @@ the
 .Fl certfile
 option for example).
 .It Fl nodetach
-When signing a message use opaque signing.
+When signing a message, use opaque signing.
 This form is more resistant to translation by mail relays but it cannot be
 read by mail agents that do not support S/MIME.
 Without this option cleartext signing with the MIME type multipart/signed is
@@ -1279,7 +1279,7 @@ used.
 Only the certificates specified in the
 .Fl certfile
 option are used.
-When verifying a message normally certificates (if any) included in the
+When verifying a message, normally certificates (if any) included in the
 message are searched for the signing certificate.
 The supplied certificates can still be used as untrusted CAs however.
 .It Fl nooldmime
@@ -1354,10 +1354,10 @@ operation.
 Add an explicit email address where signed receipts should be sent to.
 This option must be supplied if a signed receipt is requested.
 .It Fl recip Ar file
-When decrypting a message this specifies the recipient's certificate.
+When decrypting a message, this specifies the recipient's certificate.
 The certificate must match one of the recipients of the message or an
 error occurs.
-When encrypting a message this option may be used multiple times to
+When encrypting a message, this option may be used multiple times to
 specify each recipient.
 This form must be used if customised parameters are required (for example to
 specify RSA-OAEP).
@@ -1377,7 +1377,7 @@ operations.
 When used with
 .Fl encrypt
 or
-.Fl decrypt
+.Fl decrypt ,
 the supplied key is used to wrap or unwrap the content encryption key
 using an AES key in the KEKRecipientInfo type.
 .It Fl secretkeyid Ar id
@@ -1418,7 +1418,7 @@ This option currently has no effect.
 .It Fl text
 Add plain text (text/plain) MIME headers to the supplied message if
 encrypting or signing.
-If decrypting or verifying it strips off text headers: if the decrypted
+If decrypting or verifying, it strips off text headers: if the decrypted
 or verified message is not of MIME type text/plain then an error occurs.
 .It Fl verify_retcode
 Set verification error code to exit code to indicate what verification error
@@ -2280,7 +2280,7 @@ to use:
 this must be represented as a string comprised only of hex digits.
 .It Fl salt
 Use a salt in the key derivation routines (the default).
-When the salt is being used
+When the salt is being used,
 the first eight bytes of the encrypted data are reserved for the salt:
 it is randomly generated when encrypting a file and read from the
 encrypted file when it is decrypted.
@@ -2423,7 +2423,7 @@ The output format.
 .It Fl paramfile Ar file
 Some public key algorithms generate a private key based on a set of parameters,
 which can be supplied using this option.
-If this option is used the public key
+If this option is used, the public key
 algorithm used is determined by the parameters.
 This option must precede any
 .Fl pkeyopt
@@ -2710,7 +2710,7 @@ If an OCSP request is being created (using the
 .Fl cert
 and
 .Fl serial
-options)
+options),
 a nonce is automatically added; specifying
 .Fl no_nonce
 overrides this.
@@ -3306,7 +3306,7 @@ The MAC is used to check the file integrity but since it will normally
 have the same password as the keys and certificates it could also be attacked.
 By default, both MAC and encryption iteration counts are set to 2048;
 using these options the MAC and encryption iteration counts can be set to 1.
-Since this reduces the file security you should not use these options
+Since this reduces the file security, you should not use these options
 unless you really have to.
 Most software supports both MAC and key iteration counts.
 .It Fl out Ar file
@@ -3802,7 +3802,7 @@ generates an RSA key
 in size.
 If
 .Ar nbits
-is omitted
+is omitted,
 the default key size is used.
 .Pp
 .No dsa : Ns Ar file
@@ -5327,7 +5327,7 @@ option, for example).
 Do not do chain verification of signers' certificates: that is,
 don't use the certificates in the signed message as untrusted CAs.
 .It Fl nodetach
-When signing a message use opaque signing: this form is more resistant
+When signing a message, use opaque signing: this form is more resistant
 to translation by mail relays but it cannot be read by mail agents that
 do not support S/MIME.
 Without this option cleartext signing with the MIME type
@@ -5664,7 +5664,7 @@ This option does not require a request;
 it is useful, for example,
 to examine the content of a response or token
 or to extract the time stamp token from a response.
-If the input is a token and the output is a time stamp response a default
+If the input is a token and the output is a time stamp response, a default
 .Qq granted
 status info is added to the token.
 .It Fl inkey Ar private.pem
@@ -5685,7 +5685,7 @@ The key password source.
 The default policy to use for the response.
 Either dotted OID notation or OID names defined
 in the config file can be used.
-If no policy is requested the TSA uses its own default policy.
+If no policy is requested, the TSA uses its own default policy.
 .It Fl queryfile Ar request.tsq
 The file containing a DER-encoded time stamp request.
 .It Fl section Ar tsa_section
@@ -5795,7 +5795,7 @@ for a description.
 The file containing the hexadecimal serial number of the
 last time stamp response created.
 This number is incremented by 1 for each response.
-If the file does not exist at the time of response generation
+If the file does not exist at the time of response generation,
 a new file is created with serial number 1.
 This parameter is mandatory.
 .It Cm signer_cert