Remove trailing whitespace.

fine jmc@
author: jim <> 2014-05-04 21:46:36 +0000
committer: jim <> 2014-05-04 21:46:36 +0000
commit: adc2a0a37a306f738da40a5a46f14e7fc9f1f571 (patch)
tree: a8892de8fd6e54fc93e929516a1ed1c754ef77fd
parent: c247b29180fe4c94ba872da4fd237eab43c0df48 (diff)
download: openbsd-adc2a0a37a306f738da40a5a46f14e7fc9f1f571.tar.gz
openbsd-adc2a0a37a306f738da40a5a46f14e7fc9f1f571.tar.bz2
openbsd-adc2a0a37a306f738da40a5a46f14e7fc9f1f571.zip
140 files changed, 345 insertions, 345 deletions
diff --git a/src/lib/libcrypto/doc/DES_set_key.pod b/src/lib/libcrypto/doc/DES_set_key.pod
index 6f0cf1cc5e..b49545877a 100644
--- a/src/lib/libcrypto/doc/DES_set_key.pod
+++ b/src/lib/libcrypto/doc/DES_set_key.pod
@@ -28,16 +28,16 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
 void DES_set_odd_parity(DES_cblock *key);
 int DES_is_weak_key(const_DES_cblock *key);
- void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, 
+ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
        DES_key_schedule *ks, int enc);
- void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, 
+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
        DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
- void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, 
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-        DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        DES_key_schedule *ks1, DES_key_schedule *ks2,
        DES_key_schedule *ks3, int enc);
- void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, 
+ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        int enc);
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
        int numbits, long length, DES_key_schedule *schedule,
@@ -45,8 +45,8 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
 void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
        int numbits, long length, DES_key_schedule *schedule,
        DES_cblock *ivec);
- void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, 
+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        int enc);
 void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
        long length, DES_key_schedule *schedule, DES_cblock *ivec,
@@ -55,8 +55,8 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        int *num);
- void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, 
+ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        const_DES_cblock *inw, const_DES_cblock *outw, int enc);
 void DES_ede2_cbc_encrypt(const unsigned char *input,
@@ -73,22 +73,22 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
        unsigned char *output, long length, DES_key_schedule *ks1,
        DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
        int enc);
- void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 
+ void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-        long length, DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
-        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, 
+        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
        int enc);
- void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 
+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
        DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
- void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-        long length, DES_key_schedule *ks1, 
+        long length, DES_key_schedule *ks1,
-        DES_key_schedule *ks2, DES_key_schedule *ks3, 
+        DES_key_schedule *ks2, DES_key_schedule *ks3,
        DES_cblock *ivec, int *num);
- DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, 
+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
-        long length, DES_key_schedule *schedule, 
+        long length, DES_key_schedule *schedule,
        const_DES_cblock *ivec);
- DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], 
+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
        long length, int out_count, DES_cblock *seed);
 void DES_string_to_key(const char *str, DES_cblock *key);
 void DES_string_to_2keys(const char *str, DES_cblock *key1,
diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod
index 9081e9ea7c..862aa0c39a 100644
--- a/src/lib/libcrypto/doc/DH_generate_parameters.pod
+++ b/src/lib/libcrypto/doc/DH_generate_parameters.pod
@@ -21,7 +21,7 @@ allocated B<DH> structure. The pseudo-random number generator must be
 seeded prior to calling DH_generate_parameters().
 B<prime_len> is the length in bits of the safe prime to be generated.
-B<generator> is a small number E<gt> 1, typically 2 or 5. 
+B<generator> is a small number E<gt> 1, typically 2 or 5.
 A callback function may be used to provide feedback about the progress
 of the key generation. If B<callback> is not B<NULL>, it will be
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
index 9c1434bd8d..5ad7362f58 100644
--- a/src/lib/libcrypto/doc/DSA_set_method.pod
+++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -37,7 +37,7 @@ been set as a default for DSA, so this function is no longer recommended.
 DSA_get_default_method() returns a pointer to the current default
 DSA_METHOD. However, the meaningfulness of this result is dependent on
-whether the ENGINE API is being used, so this function is no longer 
+whether the ENGINE API is being used, so this function is no longer
 recommended.
 DSA_set_method() selects B<meth> to perform all operations using the key
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
index 828ecf529b..1a765f7aff 100644
--- a/src/lib/libcrypto/doc/ERR_get_error.pod
+++ b/src/lib/libcrypto/doc/ERR_get_error.pod
@@ -52,7 +52,7 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and
 ERR_get_last_error_line_data() store additional data and flags
 associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING> is true. 
+if *B<flags>&B<ERR_TXT_STRING> is true.
 An application B<MUST NOT> free the *B<data> pointer (or any other pointers
 returned by these functions) with OPENSSL_free() as freeing is handled
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 367691cc7a..dcc5d73f69 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -26,18 +26,18 @@ EVP digest routines
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
- int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
        unsigned int *s);
- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
 #define EVP_MAX_MD_SIZE 64     /* SHA512 */
 int EVP_MD_type(const EVP_MD *md);
- int EVP_MD_pkey_type(const EVP_MD *md);        
+ int EVP_MD_pkey_type(const EVP_MD *md);
 int EVP_MD_size(const EVP_MD *md);
 int EVP_MD_block_size(const EVP_MD *md);
@@ -136,10 +136,10 @@ reasons.
 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
 EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
 structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
-and RIPEMD160 digest algorithms respectively. 
+and RIPEMD160 digest algorithms respectively.
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
+algorithms but using DSS (DSA) for the signature algorithm. Note: there is
 no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
 however retained for compatibility.
@@ -178,21 +178,21 @@ The B<EVP> interface to message digests should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
-New applications should use the SHA2 digest algorithms such as SHA256. 
+New applications should use the SHA2 digest algorithms such as SHA256.
 The other digest algorithms are still in common use.
 For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
 set to NULL to use the default digest implementation.
-The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 
+The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are
 obsolete but are retained to maintain compatibility with existing code. New
-applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 
+applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and
 EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
 instead of initializing and cleaning it up on each call and allow non default
 implementations of digests to be specified.
 In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
-memory leaks will occur. 
+memory leaks will occur.
 Stack allocation of EVP_MD_CTX structures is common, for example:
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
index 37d960e3b2..11e8f6f937 100644
--- a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 For some key types and parameters the random number generator must be seeded
-or the operation will fail. 
+or the operation will fail.
 The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
@@ -81,7 +81,7 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 =head1 HISTORY
-EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() 
+EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
 were first added to OpenSSL 1.0.0.
 =cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
index f224488978..819e0d4b9f 100644
--- a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 For some key types and parameters the random number generator must be seeded
-or the operation will fail. 
+or the operation will fail.
 The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
@@ -76,7 +76,7 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 =head1 HISTORY
-EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() 
+EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
 were first added to OpenSSL 1.0.0.
 =cut
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
index 1c4bf184a1..84875e0fe0 100644
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -128,7 +128,7 @@ calls to EVP_EncryptUpdate() should be made.
 If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
 data and it will return an error if any data remains in a partial block:
-that is if the total data length is not a multiple of the block size. 
+that is if the total data length is not a multiple of the block size.
 EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
 corresponding decryption operations. EVP_DecryptFinal() will return an
@@ -157,7 +157,7 @@ initialized and they always use the default cipher implementation.
 EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
 similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
-EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up 
+EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up
 after the call.
 EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
@@ -268,7 +268,7 @@ OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
 EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
-EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for
 success or zero for failure.
 =head1 CIPHER LISTING
@@ -283,7 +283,7 @@ Null cipher: does nothing.
 =item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
-DES in CBC, ECB, CFB and OFB modes respectively. 
+DES in CBC, ECB, CFB and OFB modes respectively.
 =item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),  EVP_des_ede_cfb(void)
@@ -346,7 +346,7 @@ Where possible the B<EVP> interface to symmetric ciphers should be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the cipher used and much more flexible.
-PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
 length of the encrypted data a multiple of the block size. Padding is always
 added so if the data is already a multiple of the block size B<n> will equal
 the block size. For example if the block size is 8 and 11 bytes are to be
@@ -376,7 +376,7 @@ a limitation of the current RC5 code rather than the EVP interface.
 EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
 default key lengths. If custom ciphers exceed these values the results are
-unpredictable. This is because it has become standard practice to define a 
+unpredictable. This is because it has become standard practice to define a
 generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
 The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
@@ -449,7 +449,7 @@ Encrypt a string using blowfish:
 The ciphertext from the above example can be decrypted using the B<openssl>
 utility with the command line:
- 
 S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
 General encryption, decryption function example using FILE I/O and RC2 with an
@@ -472,7 +472,7 @@ General encryption, decryption function example using FILE I/O and RC2 with an
        /* We finished modifying parameters so now we can set key and IV */
        EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
-        for(;;) 
+        for(;;)
                {
                inlen = fread(inbuf, 1, 1024, in);
                if(inlen <= 0) break;
diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod
index 2e710da945..1aa2a9cd6e 100644
--- a/src/lib/libcrypto/doc/EVP_OpenInit.pod
+++ b/src/lib/libcrypto/doc/EVP_OpenInit.pod
@@ -27,7 +27,7 @@ B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
 The IV is supplied in the B<iv> parameter.
 EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
-as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
 documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
 page.
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
index 13b91f1e6e..e8d1ddda75 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
@@ -62,7 +62,7 @@ The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
 The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
 RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
 RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
-RSA_X931_PADDING for X9.31 padding (signature operations only) and 
+RSA_X931_PADDING for X9.31 padding (signature operations only) and
 RSA_PKCS1_PSS_PADDING (sign and verify only).
 Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
@@ -87,7 +87,7 @@ RSA key genration to B<bits>. If not specified 1024 bits is used.
 The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
 for RSA key generation to B<pubexp> currently it should be an odd integer. The
-B<pubexp> pointer is used internally by this function so it should not be 
+B<pubexp> pointer is used internally by this function so it should not be
 modified or free after the call. If this macro is not called then 65537 is used.
 The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
@@ -118,8 +118,8 @@ L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
-L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
index 4f8185e36c..4145245299 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
@@ -56,6 +56,6 @@ keys match, 0 if they don't match, -1 if the key types are different and
 =head1 SEE ALSO
 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
 =cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
index 847983237b..197878eff7 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
@@ -50,7 +50,7 @@ Decrypt data using OAEP (for RSA keys):
 EVP_PKEY_CTX *ctx;
 unsigned char *out, *in;
- size_t outlen, inlen; 
+ size_t outlen, inlen;
 EVP_PKEY *key;
 /* NB: assumes key in, inlen are already set up
  * and that key is an RSA private key
@@ -71,7 +71,7 @@ Decrypt data using OAEP (for RSA keys):
 if (!out)
        /* malloc failure */
- 
 if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
        /* Error */
@@ -84,7 +84,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_derive.pod b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
index 27464be571..de877ead1a 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
@@ -71,7 +71,7 @@ Derive shared secret (for example DH or EC keys):
 if (!skey)
        /* malloc failure */
- 
 if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
        /* Error */
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
index e495a81242..f7969c296f 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
@@ -50,7 +50,7 @@ Encrypt data using OAEP (for RSA keys):
 EVP_PKEY_CTX *ctx;
 unsigned char *out, *in;
- size_t outlen, inlen; 
+ size_t outlen, inlen;
 EVP_PKEY *key;
 /* NB: assumes key in, inlen are already set up
  * and that key is an RSA public key
@@ -71,7 +71,7 @@ Encrypt data using OAEP (for RSA keys):
 if (!out)
        /* malloc failure */
- 
 if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
        /* Error */
@@ -84,7 +84,7 @@ L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
index fd431ace6d..b6102da036 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
@@ -28,7 +28,7 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen
 The EVP_PKEY_keygen_init() function initializes a public key algorithm
 context using key B<pkey> for a key genration operation.
-The EVP_PKEY_keygen() function performs a key generation operation, the 
+The EVP_PKEY_keygen() function performs a key generation operation, the
 generated key is written to B<ppkey>.
 The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
@@ -152,7 +152,7 @@ L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_new.pod b/src/lib/libcrypto/doc/EVP_PKEY_new.pod
index 10687e458d..11512249e4 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_new.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_new.pod
@@ -14,7 +14,7 @@ EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
 =head1 DESCRIPTION
-The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> 
+The EVP_PKEY_new() function allocates an empty B<EVP_PKEY>
 structure which is used by OpenSSL to store private keys.
 EVP_PKEY_free() frees up the private key B<key>.
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
index ce9d70d7a7..c9b7a89821 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
@@ -28,7 +28,7 @@ be used.
 =head1 NOTES
-Currently no public key algorithms include any options in the B<pctx> parameter 
+Currently no public key algorithms include any options in the B<pctx> parameter
 parameter.
 If the key does not include all the components indicated by the function then
@@ -44,7 +44,7 @@ the public key algorithm.
 =head1 SEE ALSO
 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod b/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
index 2db692e271..8afb1b22e1 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
@@ -63,7 +63,7 @@ EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
 EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if 
+EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
 an error occurred.
 EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_sign.pod b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
index a044f2c131..fb8e61cf29 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
@@ -50,7 +50,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
 EVP_PKEY_CTX *ctx;
 unsigned char *md, *sig;
- size_t mdlen, siglen; 
+ size_t mdlen, siglen;
 EVP_PKEY *signing_key;
 /* NB: assumes signing_key, md and mdlen are already set up
  * and that signing_key is an RSA private key
@@ -73,7 +73,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
 if (!sig)
        /* malloc failure */
- 
 if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
        /* Error */
@@ -87,7 +87,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
index 90612ba2f0..f7ae4f9ebe 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
@@ -53,7 +53,7 @@ Verify signature using PKCS#1 and SHA256 digest:
 EVP_PKEY_CTX *ctx;
 unsigned char *md, *sig;
- size_t mdlen, siglen; 
+ size_t mdlen, siglen;
 EVP_PKEY *verify_key;
 /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
  * and that verify_key is an RSA public key
@@ -82,7 +82,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
index 23a28a9c43..00d53db783 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
@@ -29,7 +29,7 @@ B<rout> and the amount of data written to B<routlen>.
 =head1 NOTES
 Normally an application is only interested in whether a signature verification
-operation is successful in those cases the EVP_verify() function should be 
+operation is successful in those cases the EVP_verify() function should be
 used.
 Sometimes however it is useful to obtain the data originally signed using a
@@ -58,7 +58,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
 EVP_PKEY_CTX *ctx;
 unsigned char *rout, *sig;
- size_t routlen, siglen; 
+ size_t routlen, siglen;
 EVP_PKEY *verify_key;
 /* NB: assumes verify_key, sig and siglen are already set up
  * and that verify_key is an RSA public key
@@ -81,7 +81,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
 if (!rout)
        /* malloc failure */
- 
 if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
        /* Error */
@@ -94,7 +94,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
index 7d793e19ef..172f210c64 100644
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -42,9 +42,9 @@ If the cipher does not require an IV then the B<iv> parameter is ignored
 and can be B<NULL>.
 EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
-as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
 documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page. 
+page.
 =head1 RETURN VALUES
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 620a623ab6..682724b157 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -32,7 +32,7 @@ same B<ctx> to include additional data.
 EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
 places the signature in B<sig>. The number of bytes of data written (i.e. the
 length of the signature) will be written to the integer at B<s>, at most
-EVP_PKEY_size(pkey) bytes will be written. 
+EVP_PKEY_size(pkey) bytes will be written.
 EVP_SignInit() initializes a signing context B<ctx> to use the default
 implementation of digest B<type>.
@@ -57,7 +57,7 @@ transparent to the algorithm used and much more flexible.
 Due to the link between message digests and public key algorithms the correct
 digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
+algorithms and associated public key algorithms appears in
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
 When signing with DSA private keys the random number generator must be seeded
@@ -74,7 +74,7 @@ will occur.
 =head1 BUGS
-Older versions of this documentation wrongly stated that calls to 
+Older versions of this documentation wrongly stated that calls to
 EVP_SignUpdate() could not be made after calling EVP_SignFinal().
 Since the private key is passed in the call to EVP_SignFinal() any error
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
index 9097f09410..0ffb0a8077 100644
--- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -51,7 +51,7 @@ transparent to the algorithm used and much more flexible.
 Due to the link between message digests and public key algorithms the correct
 digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
+algorithms and associated public key algorithms appears in
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
 The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
@@ -64,7 +64,7 @@ will occur.
 =head1 BUGS
-Older versions of this documentation wrongly stated that calls to 
+Older versions of this documentation wrongly stated that calls to
 EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
 Since the public key is passed in the call to EVP_SignFinal() any error
diff --git a/src/lib/libcrypto/doc/MD5.pod b/src/lib/libcrypto/doc/MD5.pod
index d11d5c32cb..b0edd5416f 100644
--- a/src/lib/libcrypto/doc/MD5.pod
+++ b/src/lib/libcrypto/doc/MD5.pod
@@ -75,7 +75,7 @@ preferred.
 =head1 RETURN VALUES
-MD2(), MD4(), and MD5() return pointers to the hash value. 
+MD2(), MD4(), and MD5() return pointers to the hash value.
 MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
 MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
diff --git a/src/lib/libcrypto/doc/OBJ_nid2obj.pod b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
index 1e45dd40f6..458ef025f0 100644
--- a/src/lib/libcrypto/doc/OBJ_nid2obj.pod
+++ b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
@@ -34,7 +34,7 @@ functions
 The ASN1 object utility functions process ASN1_OBJECT structures which are
 a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
-OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to 
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
 an ASN1_OBJECT structure, its long name and its short name respectively,
 or B<NULL> is an error occurred.
@@ -62,7 +62,7 @@ OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
 OBJ_dup() returns a copy of B<o>.
-OBJ_create() adds a new object to the internal table. B<oid> is the 
+OBJ_create() adds a new object to the internal table. B<oid> is the
 numerical form of the object, B<sn> the short name and B<ln> the
 long name. A new NID is returned for the created object.
@@ -115,14 +115,14 @@ Create a new NID and initialize an object from it:
 new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
 obj = OBJ_nid2obj(new_nid);
- 
 Create a new object directly:
 obj = OBJ_txt2obj("1.2.3.4", 1);
 =head1 BUGS
-OBJ_obj2txt() is awkward and messy to use: it doesn't follow the 
+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the
 convention of other OpenSSL functions where the buffer can be set
 to B<NULL> to determine the amount of data that should be written.
 Instead B<buf> must point to a valid buffer and B<buf_len> should
diff --git a/src/lib/libcrypto/doc/OPENSSL_config.pod b/src/lib/libcrypto/doc/OPENSSL_config.pod
index e7bba2aaca..552ed956ab 100644
--- a/src/lib/libcrypto/doc/OPENSSL_config.pod
+++ b/src/lib/libcrypto/doc/OPENSSL_config.pod
@@ -37,7 +37,7 @@ can be added without source changes.
 The environment variable B<OPENSSL_CONF> can be set to specify the location
 of the configuration file.
- 
 Currently ASN1 OBJECTs and ENGINE configuration can be performed future
 versions of OpenSSL will add new configuration options.
diff --git a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
index f14dfaf005..6c99170197 100644
--- a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
+++ b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
@@ -24,15 +24,15 @@ ENGINE_add_conf_module() adds just the ENGINE configuration module.
 =head1 NOTES
-If the simple configuration function OPENSSL_config() is called then 
+If the simple configuration function OPENSSL_config() is called then
 OPENSSL_load_builtin_modules() is called automatically.
 Applications which use the configuration functions directly will need to
-call OPENSSL_load_builtin_modules() themselves I<before> any other 
+call OPENSSL_load_builtin_modules() themselves I<before> any other
 configuration code.
 Applications should call OPENSSL_load_builtin_modules() to load all
-configuration modules instead of adding modules selectively: otherwise 
+configuration modules instead of adding modules selectively: otherwise
 functionality may be missing from the application if an when new
 modules are added.
diff --git a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod b/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
index 54414a3f6f..e196bf1498 100644
--- a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
+++ b/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
@@ -250,7 +250,7 @@ structure. They will also process a trusted X509 certificate but
 any trust settings are discarded.
 The B<X509_AUX> functions process a trusted X509 certificate using
-an X509 structure. 
+an X509 structure.
 The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
 certificate request using an X509_REQ structure. The B<X509_REQ>
@@ -435,7 +435,7 @@ which is an uninitialised pointer.
 This old B<PrivateKey> routines use a non standard technique for encryption.
-The private key (or other data) takes the following form: 
+The private key (or other data) takes the following form:
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
@@ -461,7 +461,7 @@ an existing structure. Therefore the following:
 PEM_read_bio_X509(bp, &x, 0, NULL);
-where B<x> already contains a valid certificate, may not work, whereas: 
+where B<x> already contains a valid certificate, may not work, whereas:
 X509_free(x);
 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
diff --git a/src/lib/libcrypto/doc/PKCS12_create.pod b/src/lib/libcrypto/doc/PKCS12_create.pod
index de7cab2bdf..0a1e460cf1 100644
--- a/src/lib/libcrypto/doc/PKCS12_create.pod
+++ b/src/lib/libcrypto/doc/PKCS12_create.pod
@@ -60,7 +60,7 @@ certficate is required. In previous versions both had to be present or
 a fatal error is returned.
 B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
-should be used. 
+should be used.
 B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
index 2cd925a7e0..e206684384 100644
--- a/src/lib/libcrypto/doc/PKCS7_encrypt.pod
+++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -30,7 +30,7 @@ bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
 respectively.
 The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
-its parameters. 
+its parameters.
 Many browsers implement a "sign and encrypt" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
@@ -55,7 +55,7 @@ suitable for streaming I/O: no data is read from the BIO B<in>.
 If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
 complete and outputting its contents via a function that does not
-properly finalize the B<PKCS7> structure will give unpredictable 
+properly finalize the B<PKCS7> structure will give unpredictable
 results.
 Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
diff --git a/src/lib/libcrypto/doc/PKCS7_sign.pod b/src/lib/libcrypto/doc/PKCS7_sign.pod
index 64a35144f8..9a4f5b173e 100644
--- a/src/lib/libcrypto/doc/PKCS7_sign.pod
+++ b/src/lib/libcrypto/doc/PKCS7_sign.pod
@@ -15,7 +15,7 @@ PKCS7_sign - create a PKCS#7 signedData structure
 PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
 the certificate to sign with, B<pkey> is the corresponsding private key.
 B<certs> is an optional additional set of certificates to include in the PKCS#7
-structure (for example any intermediate CAs in the chain). 
+structure (for example any intermediate CAs in the chain).
 The data to be signed is read from BIO B<data>.
diff --git a/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
index ebec4d57de..afe8ad97cd 100644
--- a/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
+++ b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
@@ -44,7 +44,7 @@ digest value from the PKCS7 struture: to add a signer to an existing structure.
 An error occurs if a matching digest value cannot be found to copy. The
 returned PKCS7 structure will be valid and finalized when this flag is set.
-If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the 
+If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the
 B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
 can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
 needed to finalize it.
@@ -67,7 +67,7 @@ these algorithms is disabled then it will not be included.
 PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
-structure just added, this can be used to set additional attributes 
+structure just added, this can be used to set additional attributes
 before it is finalized.
 =head1 RETURN VALUES
diff --git a/src/lib/libcrypto/doc/PKCS7_verify.pod b/src/lib/libcrypto/doc/PKCS7_verify.pod
index 7c10a4cc3c..51ada03f2d 100644
--- a/src/lib/libcrypto/doc/PKCS7_verify.pod
+++ b/src/lib/libcrypto/doc/PKCS7_verify.pod
@@ -54,7 +54,7 @@ Any of the following flags (ored together) can be passed in the B<flags> paramet
 to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
 meaningful to PKCS7_get0_signers().
-If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 
+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
 searched when locating the signer's certificate. This means that all the signers
 certificates must be in the B<certs> parameter.
@@ -79,7 +79,7 @@ certificates supplied in B<certs> then the verify will fail because the
 signer cannot be found.
 Care should be taken when modifying the default verify behaviour, for example
-setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification 
+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
 and any signed message will be considered valid. This combination is however
 useful if one merely wishes to write the content to B<out> and its validity
 is not considered important.
diff --git a/src/lib/libcrypto/doc/RAND.pod b/src/lib/libcrypto/doc/RAND.pod
index e460c1653e..8f803f33eb 100644
--- a/src/lib/libcrypto/doc/RAND.pod
+++ b/src/lib/libcrypto/doc/RAND.pod
@@ -54,7 +54,7 @@ described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
 seeding process whenever the application is started.
 L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
-PRNG. 
+PRNG.
 =head1 INTERNALS
@@ -67,6 +67,6 @@ L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
 L<RAND_load_file(3)|RAND_load_file(3)>,
 L<RAND_bytes(3)|RAND_bytes(3)>,
 L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)> 
+L<RAND_cleanup(3)|RAND_cleanup(3)>
 =cut
diff --git a/src/lib/libcrypto/doc/RIPEMD160.pod b/src/lib/libcrypto/doc/RIPEMD160.pod
index 264bb99ae7..f66fb02ed2 100644
--- a/src/lib/libcrypto/doc/RIPEMD160.pod
+++ b/src/lib/libcrypto/doc/RIPEMD160.pod
@@ -45,7 +45,7 @@ hash functions directly.
 =head1 RETURN VALUES
-RIPEMD160() returns a pointer to the hash value. 
+RIPEMD160() returns a pointer to the hash value.
 RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
 success, 0 otherwise.
diff --git a/src/lib/libcrypto/doc/RSA_private_encrypt.pod b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
index 746a80c79e..4c4d131172 100644
--- a/src/lib/libcrypto/doc/RSA_private_encrypt.pod
+++ b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
@@ -11,7 +11,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
 int RSA_private_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
+ int RSA_public_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
index 2c963d7e5b..eb0913c106 100644
--- a/src/lib/libcrypto/doc/RSA_set_method.pod
+++ b/src/lib/libcrypto/doc/RSA_set_method.pod
@@ -43,7 +43,7 @@ been set as a default for RSA, so this function is no longer recommended.
 RSA_get_default_method() returns a pointer to the current default
 RSA_METHOD. However, the meaningfulness of this result is dependent on
-whether the ENGINE API is being used, so this function is no longer 
+whether the ENGINE API is being used, so this function is no longer
 recommended.
 RSA_set_method() selects B<meth> to perform all operations using the key
diff --git a/src/lib/libcrypto/doc/RSA_sign.pod b/src/lib/libcrypto/doc/RSA_sign.pod
index 8553be8e99..061c0e2437 100644
--- a/src/lib/libcrypto/doc/RSA_sign.pod
+++ b/src/lib/libcrypto/doc/RSA_sign.pod
@@ -52,7 +52,7 @@ SSL, PKCS #1 v2.0
 L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
 L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/SHA1.pod b/src/lib/libcrypto/doc/SHA1.pod
index 94ab7bc724..232af9227e 100644
--- a/src/lib/libcrypto/doc/SHA1.pod
+++ b/src/lib/libcrypto/doc/SHA1.pod
@@ -46,7 +46,7 @@ used only when backward compatibility is required.
 =head1 RETURN VALUES
-SHA1() returns a pointer to the hash value. 
+SHA1() returns a pointer to the hash value.
 SHA1_Init(), SHA1_Update() and SHA1_Final() return 1 for success, 0 otherwise.
diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
index 41902c0d45..ad0d796535 100644
--- a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
@@ -35,17 +35,17 @@ X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
 B<type> and value determined by B<bytes> and B<len>.
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
-and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+and X509_NAME_ENTRY_create_by_OBJ() create and return an
 B<X509_NAME_ENTRY> structure.
 =head1 NOTES
 X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
-used to examine an B<X509_NAME_ENTRY> function as returned by 
+used to examine an B<X509_NAME_ENTRY> function as returned by
 X509_NAME_get_entry() for example.
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+and X509_NAME_ENTRY_create_by_OBJ() create and return an
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
 X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
index 1afd008cb3..5b9e81b922 100644
--- a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
@@ -61,7 +61,7 @@ to 0. This adds a new entry to the end of B<name> as a single valued
 RelativeDistinguishedName (RDN).
 B<loc> actually determines the index where the new entry is inserted:
-if it is -1 it is appended. 
+if it is -1 it is appended.
 B<set> determines how the new type is added. If it is zero a
 new RDN is created.
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
index 3b1f9ff43b..7da92617fb 100644
--- a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
@@ -43,7 +43,7 @@ B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
 will be written and the text written to B<buf> will be null
 terminated. The length of the output string written is returned
 excluding the terminating null. If B<buf> is <NULL> then the amount
-of space needed in B<buf> (excluding the final null) is returned. 
+of space needed in B<buf> (excluding the final null) is returned.
 =head1 NOTES
diff --git a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
index 2579a5dc9d..b2d86d4ddb 100644
--- a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
@@ -27,7 +27,7 @@ X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
 bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
 and returned, otherwise B<buf> is returned.
-X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> 
+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
 characters. Multiple lines are used if the output (including indent) exceeds
 80 characters.
@@ -76,7 +76,7 @@ printed instead of the values.
 If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
 is only of use for multiline format.
-Additionally all the options supported by ASN1_STRING_print_ex() can be used to 
+Additionally all the options supported by ASN1_STRING_print_ex() can be used to
 control how each field value is displayed.
 In addition a number options can be set for commonly used formats.
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
index 8d6b9dda47..1b75967ccd 100644
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
@@ -27,7 +27,7 @@ and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>.
 This mechanism is used internally by the B<ssl> library to store the B<SSL>
 structure associated with a verification operation in an B<X509_STORE_CTX>
-structure. 
+structure.
 =head1 SEE ALSO
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
index b17888f149..1c55236aa2 100644
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
@@ -45,7 +45,7 @@ will be untrusted but may be used to build the chain) in B<chain>. Any or
 all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
 X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
-to B<sk>. This is an alternative way of specifying trusted certificates 
+to B<sk>. This is an alternative way of specifying trusted certificates
 instead of using an B<X509_STORE>.
 X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
index b9787a6ca6..86d988eee0 100644
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
@@ -94,7 +94,7 @@ expired just one specific case:
 Full featured logging callback. In this case the B<bio_err> is assumed to be
 a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
 B<ex_data>.
-        
 int verify_callback(int ok, X509_STORE_CTX *ctx)
        {
        X509 *err_cert;
diff --git a/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
index 29e3bbe3bc..012f2d2c75 100644
--- a/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
+++ b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
@@ -24,14 +24,14 @@ is implemented as a macro.
 =head1 NOTES
-The verification callback from an B<X509_STORE> is inherited by 
+The verification callback from an B<X509_STORE> is inherited by
 the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
-be used to set the verification callback when the B<X509_STORE_CTX> is 
+be used to set the verification callback when the B<X509_STORE_CTX> is
 otherwise inaccessible (for example during S/MIME verification).
 =head1 BUGS
-The macro version of this function was the only one available before 
+The macro version of this function was the only one available before
 OpenSSL 1.0.0.
 =head1 RETURN VALUES
diff --git a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
index 46cac2bea2..e5da5bec08 100644
--- a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
+++ b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
@@ -2,7 +2,7 @@
 =head1 NAME
-X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters 
+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters
 =head1 SYNOPSIS
@@ -20,7 +20,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                                ASN1_OBJECT *policy);
- int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
                                        STACK_OF(ASN1_OBJECT) *policies);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
@@ -29,7 +29,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
 =head1 DESCRIPTION
 These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
-a certificate verification operation. 
+a certificate verification operation.
 The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
 it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
@@ -43,7 +43,7 @@ X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
 to B<purpose>. This determines the acceptable purpose of the certificate
 chain, for example SSL client or SSL server.
-X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to 
+X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
 B<trust>.
 X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
@@ -63,10 +63,10 @@ chain.
 =head1 RETURN VALUES
-X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), 
+X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(),
 X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
 X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1
-for success and 0 for failure. 
+for success and 0 for failure.
 X509_VERIFY_PARAM_get_flags() returns the current verification flags.
@@ -81,7 +81,7 @@ The verification flags consists of zero or more of the following flags
 ored together.
 B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
-certificate. An error occurs if a suitable CRL cannot be found. 
+certificate. An error occurs if a suitable CRL cannot be found.
 B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
 chain.
@@ -99,7 +99,7 @@ certificates and makes the verification strictly apply B<X509> rules.
 B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification.
 B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default
-no policy checking is peformed. Additional information is sent to the 
+no policy checking is peformed. Additional information is sent to the
 verification callback relating to policy checking.
 B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and
@@ -142,7 +142,7 @@ X509_STORE_CTX_set_flags().
 =head1 BUGS
 Delta CRL checking is currently primitive. Only a single delta can be used and
-(partly due to limitations of B<X509_STORE>) constructed CRLs are not 
+(partly due to limitations of B<X509_STORE>) constructed CRLs are not
 maintained.
 If CRLs checking is enable CRLs are expected to be available in the
@@ -151,7 +151,7 @@ CRLs from the CRL distribution points extension.
 =head1 EXAMPLE
-Enable CRL checking when performing certificate verification during SSL 
+Enable CRL checking when performing certificate verification during SSL
 connections associated with an B<SSL_CTX> structure B<ctx>:
  X509_VERIFY_PARAM *param;
diff --git a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
index 22c1b50f22..c80e311d04 100644
--- a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
+++ b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
@@ -56,7 +56,7 @@ i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
 The B<DSA> structure passed to the private key encoding functions should have
 all the private key components present.
-The data encoded by the private key functions is unencrypted and therefore 
+The data encoded by the private key functions is unencrypted and therefore
 offers no private key security.
 The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
index aa6078bcf6..1711dc038f 100644
--- a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
+++ b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
@@ -49,8 +49,8 @@ i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
 The B<RSA> structure passed to the private key encoding functions should have
 all the PKCS#1 private key components present.
-The data encoded by the private key functions is unencrypted and therefore 
+The data encoded by the private key functions is unencrypted and therefore
-offers no private key security. 
+offers no private key security.
 The NET format functions are present to provide compatibility with certain very
 old software. This format has some severe security weaknesses and should be
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod
index 298ec54a4c..e212014ac8 100644
--- a/src/lib/libcrypto/doc/d2i_X509.pod
+++ b/src/lib/libcrypto/doc/d2i_X509.pod
@@ -23,7 +23,7 @@ i2d_X509_fp - X509 encode and decode functions
 The X509 encode and decode routines encode and parse an
 B<X509> structure, which represents an X509 certificate.
-d2i_X509() attempts to decode B<len> bytes at B<*in>. If 
+d2i_X509() attempts to decode B<len> bytes at B<*in>. If
 successful a pointer to the B<X509> structure is returned. If an error
 occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
 returned structure is written to B<*px>. If B<*px> is not B<NULL>
@@ -36,7 +36,7 @@ i2d_X509() encodes the structure pointed to by B<x> into DER format.
 If B<out> is not B<NULL> is writes the DER encoded data to the buffer
 at B<*out>, and increments it to point after the data just written.
 If the return value is negative an error occurred, otherwise it
-returns the length of the encoded data. 
+returns the length of the encoded data.
 For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
 allocated for a buffer and the encoded data written to it. In this
@@ -194,7 +194,7 @@ happen.
 =head1 BUGS
-In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when 
+In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
 B<*px> is valid is broken and some parts of the reused structure may
 persist if they are not present in the new one. As a result the use
 of this "reuse" behaviour is strongly discouraged.
@@ -210,14 +210,14 @@ always succeed.
 d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
 or B<NULL> if an error occurs. The error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. 
+L<ERR_get_error(3)|ERR_get_error(3)>.
 i2d_X509() returns the number of bytes successfully encoded or a negative
 value if an error occurs. The error code can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. 
+L<ERR_get_error(3)|ERR_get_error(3)>.
-i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error 
+i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
-occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 =head1 SEE ALSO
diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod
index c3ccd06207..97aaa75731 100644
--- a/src/lib/libcrypto/doc/dh.pod
+++ b/src/lib/libcrypto/doc/dh.pod
@@ -73,6 +73,6 @@ L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
 L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
 L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
 L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
-L<RSA_print(3)|RSA_print(3)> 
+L<RSA_print(3)|RSA_print(3)>
 =cut
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
index 9faa349243..33ce7cb6d6 100644
--- a/src/lib/libcrypto/doc/evp.pod
+++ b/src/lib/libcrypto/doc/evp.pod
@@ -37,7 +37,7 @@ implementations. For more information, consult the engine(3) man page.
 Although low level algorithm specific functions exist for many algorithms
 their use is discouraged. They cannot be used with an ENGINE and ENGINE
 versions of new algorithms cannot be accessed using the low level functions.
-Also makes code harder to adapt to new algorithms and some options are not 
+Also makes code harder to adapt to new algorithms and some options are not
 cleanly supported at the low level and some operations are more efficient
 using the high level interface.
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod
index 45ac53ffc1..829ce24701 100644
--- a/src/lib/libcrypto/doc/rsa.pod
+++ b/src/lib/libcrypto/doc/rsa.pod
@@ -18,7 +18,7 @@ rsa - RSA public key cryptosystem
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
+ int RSA_public_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa,int padding);
 int RSA_sign(int type, unsigned char *m, unsigned int m_len,
@@ -118,6 +118,6 @@ L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
 L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
 L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
 L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
-L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod b/src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
index 3891b88791..70ac9b8488 100644
--- a/src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
+++ b/src/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
@@ -30,7 +30,7 @@ with '.'.
 ASN1_STRING_print() is a legacy function which should be avoided in new applications.
-Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is 
+Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is
 suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>.
 The complete set of supported options for B<flags> is listed below.
@@ -75,7 +75,7 @@ Normally non character string types (such as OCTET STRING) are assumed to be
 one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will
 be dumped instead.
-When a type is dumped normally just the content octets are printed, if 
+When a type is dumped normally just the content octets are printed, if
 B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
 instead (including tag and length octets).
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod b/src/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod
index 542fd1579a..fee7398bd4 100644
--- a/src/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod
+++ b/src/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod
@@ -52,7 +52,7 @@ only the B<ASCII> format is permissible.
 This encodes a boolean type. The B<value> string is mandatory and
 should be B<TRUE> or B<FALSE>. Additionally B<TRUE>, B<true>, B<Y>,
 B<y>, B<YES>, B<yes>, B<FALSE>, B<false>, B<N>, B<n>, B<NO> and B<no>
-are acceptable. 
+are acceptable.
 =item B<NULL>
@@ -78,12 +78,12 @@ a short name, a long name or numerical format.
 =item B<UTCTIME>, B<UTC>
 Encodes an ASN1 B<UTCTime> structure, the value should be in
-the format B<YYMMDDHHMMSSZ>. 
+the format B<YYMMDDHHMMSSZ>.
 =item B<GENERALIZEDTIME>, B<GENTIME>
 Encodes an ASN1 B<GeneralizedTime> structure, the value should be in
-the format B<YYYYMMDDHHMMSSZ>. 
+the format B<YYYYMMDDHHMMSSZ>.
 =item B<OCTETSTRING>, B<OCT>
diff --git a/src/lib/libssl/src/doc/crypto/BF_set_key.pod b/src/lib/libssl/src/doc/crypto/BF_set_key.pod
index 5b2d274c15..08cba3e25c 100644
--- a/src/lib/libssl/src/doc/crypto/BF_set_key.pod
+++ b/src/lib/libssl/src/doc/crypto/BF_set_key.pod
@@ -52,7 +52,7 @@ everything after the first 64 bits is ignored.
 The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
 all operate on variable length data.  They all take an initialization vector
-B<ivec> which needs to be passed along into the next call of the same function 
+B<ivec> which needs to be passed along into the next call of the same function
 for the same message.  B<ivec> may be initialized with anything, but the
 recipient needs to know what it was initialized with, or it won't be able
 to decrypt.  Some programs and protocols simplify this, like SSH, where
diff --git a/src/lib/libssl/src/doc/crypto/BIO_ctrl.pod b/src/lib/libssl/src/doc/crypto/BIO_ctrl.pod
index 722e8b8f46..cf203eeb96 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_ctrl.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_ctrl.pod
@@ -94,7 +94,7 @@ return the amount of pending data.
 =head1 NOTES
 BIO_flush(), because it can write data may return 0 or -1 indicating
-that the call should be retried later in a similar manner to BIO_write(). 
+that the call should be retried later in a similar manner to BIO_write().
 The BIO_should_retry() call should be used and appropriate action taken
 is the call fails.
@@ -121,7 +121,7 @@ operation.
 Some of the return values are ambiguous and care should be taken. In
 particular a return value of 0 can be returned if an operation is not
 supported, if an error occurred, if EOF has not been reached and in
-the case of BIO_seek() on a file BIO for a successful operation. 
+the case of BIO_seek() on a file BIO for a successful operation.
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
index 438af3b6b6..aee09bae58 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod
@@ -17,7 +17,7 @@ BIO_f_base64() returns the base64 BIO method. This is a filter
 BIO that base64 encodes any data written through it and decodes
 any data read through it.
-Base64 BIOs do not support BIO_gets() or BIO_puts(). 
+Base64 BIOs do not support BIO_gets() or BIO_puts().
 BIO_flush() on a base64 BIO that is being written through is
 used to signal that no more data is to be encoded: this is used
@@ -63,7 +63,7 @@ data to standard output:
 bio = BIO_new_fp(stdin, BIO_NOCLOSE);
 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
 bio = BIO_push(b64, bio);
- while((inlen = BIO_read(bio, inbuf, 512)) > 0) 
+ while((inlen = BIO_read(bio, inbuf, 512)) > 0)
        BIO_write(bio_out, inbuf, inlen);
 BIO_free_all(bio);
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod b/src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod
index 02439cea94..c0b23c680c 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_cipher.pod
@@ -22,7 +22,7 @@ BIO that encrypts any data written through it, and decrypts any data
 read from it. It is a BIO wrapper for the cipher routines
 EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
-Cipher BIOs do not support BIO_gets() or BIO_puts(). 
+Cipher BIOs do not support BIO_gets() or BIO_puts().
 BIO_flush() on an encryption BIO that is being written through is
 used to signal that no more data is to be encrypted: this is used
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod b/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
index 7b63e4621b..2414559372 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
@@ -74,7 +74,7 @@ BIO_set_nbio_accept() sets the accept socket to blocking mode
 BIO_set_accept_bios() can be used to set a chain of BIOs which
 will be duplicated and prepended to the chain when an incoming
-connection is received. This is useful if, for example, a 
+connection is received. This is useful if, for example, a
 buffering or SSL BIO is required for each connection. The
 chain of BIOs must not be freed after this call, they will
 be automatically freed when the accept BIO is freed.
@@ -158,14 +158,14 @@ down each and finally closes both down.
 if(BIO_do_accept(abio) <= 0) {
        fprintf(stderr, "Error setting up accept\n");
        ERR_print_errors_fp(stderr);
-        exit(0);                
+        exit(0);
 }
 /* Wait for incoming connection */
 if(BIO_do_accept(abio) <= 0) {
        fprintf(stderr, "Error accepting connection\n");
        ERR_print_errors_fp(stderr);
-        exit(0);                
+        exit(0);
 }
 fprintf(stderr, "Connection 1 established\n");
 /* Retrieve BIO for connection */
@@ -176,7 +176,7 @@ down each and finally closes both down.
 if(BIO_do_accept(abio) <= 0) {
        fprintf(stderr, "Error accepting connection\n");
        ERR_print_errors_fp(stderr);
-        exit(0);                
+        exit(0);
 }
 fprintf(stderr, "Connection 2 established\n");
 /* Close accept BIO to refuse further connections */
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_bio.pod b/src/lib/libssl/src/doc/crypto/BIO_s_bio.pod
index 38271f3448..39ae79fd30 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_bio.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_bio.pod
@@ -2,7 +2,7 @@
 =head1 NAME
-BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
 BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
 BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
 BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
@@ -65,7 +65,7 @@ up any half of the pair will automatically destroy the association.
 BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
 writes on BIO B<b> are allowed (they will return an error). Reads on the other
 half of the pair will return any pending data or EOF when all pending data has
-been read. 
+been read.
 BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
 If the size is not initialized a default value is used. This is currently
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod b/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
index bcf7d8dcac..0743c8849f 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
@@ -86,7 +86,7 @@ BIO_get_conn_int_port() returns the port as an int.
 BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
 zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
 is set. Blocking I/O is the default. The call to BIO_set_nbio()
-should be made before the connection is established because 
+should be made before the connection is established because
 non blocking I/O is set during the connect process.
 BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
@@ -178,7 +178,7 @@ to retrieve a page and copy the result to standard output.
        /* whatever ... */
        }
 BIO_puts(cbio, "GET / HTTP/1.0\n\n");
- for(;;) {      
+ for(;;) {
        len = BIO_read(cbio, tmpbuf, 1024);
        if(len <= 0) break;
        BIO_write(out, tmpbuf, len);
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_fd.pod b/src/lib/libssl/src/doc/crypto/BIO_s_fd.pod
index b1de1d1015..9bbac29f10 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_fd.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_fd.pod
@@ -46,7 +46,7 @@ BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
 =head1 NOTES
 The behaviour of BIO_read() and BIO_write() depends on the behavior of the
-platforms read() and write() calls on the descriptor. If the underlying 
+platforms read() and write() calls on the descriptor. If the underlying
 file descriptor is in a non blocking mode then the BIO will behave in the
 manner described in the L<BIO_read(3)|BIO_read(3)> and L<BIO_should_retry(3)|BIO_should_retry(3)>
 manual pages.
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod b/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
index 8f85e0dcee..76f244caf1 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
@@ -20,7 +20,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
 =head1 DESCRIPTION
-BIO_s_mem() return the memory BIO method function. 
+BIO_s_mem() return the memory BIO method function.
 A memory BIO is a source/sink BIO which uses memory for its I/O. Data
 written to a memory BIO is stored in a BUF_MEM structure which is extended
@@ -94,7 +94,7 @@ to improve efficiency.
 Create a memory BIO and write some data to it:
 BIO *mem = BIO_new(BIO_s_mem());
- BIO_puts(mem, "Hello World\n"); 
+ BIO_puts(mem, "Hello World\n");
 Create a read only memory BIO:
@@ -108,7 +108,7 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
 BIO_get_mem_ptr(mem, &bptr);
 BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
 BIO_free(mem);
- 
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod b/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
index b6d51f719d..143221ad33 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
@@ -51,7 +51,7 @@ B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
 these.
 BIO_get_retry_BIO() determines the precise reason for the special
-condition, it returns the BIO that caused this condition and if 
+condition, it returns the BIO that caused this condition and if
 B<reason> is not NULL it contains the reason code. The meaning of
 the reason code and the action that should be taken depends on
 the type of BIO that resulted in this condition.
@@ -94,7 +94,7 @@ available and then retry the BIO operation. By combining the retry
 conditions of several non blocking BIOs in a single select() call
 it is possible to service several BIOs in a single thread, though
 the performance may be poor if SSL BIOs are present because long delays
-can occur during the initial handshake process. 
+can occur during the initial handshake process.
 It is possible for a BIO to block indefinitely if the underlying I/O
 structure cannot process or return any data. This depends on the behaviour of
diff --git a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod b/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
index da06e44461..3e783ff8ac 100644
--- a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
@@ -2,8 +2,8 @@
 =head1 NAME
-BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, 
+BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
-BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, 
+BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
 BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags,
 BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM
 functions.
@@ -92,7 +92,7 @@ within a B<BN_BLINDING> object.
 BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
 (a B<unsigned long> value).
-BN_BLINDING_create_param() returns the newly created B<BN_BLINDING> 
+BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
 parameters or NULL on error.
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod b/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
index 7dccacbc1e..6f28a63517 100644
--- a/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
@@ -11,7 +11,7 @@ BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test
 BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
     BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
- int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, 
+ int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
     void *), BN_CTX *ctx, void *cb_arg);
 int BN_is_prime_fasttest(const BIGNUM *a, int checks,
diff --git a/src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod b/src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod
index 9c13f488f6..78095948b9 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_add0_cert.pod
@@ -20,7 +20,7 @@
 =head1 DESCRIPTION
 CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
-must be of type signed data or enveloped data. 
+must be of type signed data or enveloped data.
 CMS_get1_certs() returns all certificates in B<cms>.
@@ -46,7 +46,7 @@ than once.
 =head1 RETURN VALUES
 CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return
-1 for success and 0 for failure. 
+1 for success and 0 for failure.
 CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
 or NULL if there are none or an error occurs. The only error which will occur
diff --git a/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod b/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod
index 1ee5b275ec..01100a6df6 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_encrypt.pod
@@ -26,7 +26,7 @@ EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
 because most clients will support it.
 The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
-its parameters. 
+its parameters.
 Many browsers implement a "sign and encrypt" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
diff --git a/src/lib/libssl/src/doc/crypto/CMS_final.pod b/src/lib/libssl/src/doc/crypto/CMS_final.pod
index 36cf96b8a0..beacc531ee 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_final.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_final.pod
@@ -14,7 +14,7 @@
 CMS_final() finalises the structure B<cms>. It's purpose is to perform any
 operations necessary on B<cms> (digest computation for example) and set the
-appropriate fields. The parameter B<data> contains the content to be 
+appropriate fields. The parameter B<data> contains the content to be
 processed. The B<dcont> parameter contains a BIO to write content to after
 processing: this is only used with detached data and will usually be set to
 NULL.
diff --git a/src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod b/src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod
index e0355423e6..ba16e97b55 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod
@@ -33,7 +33,7 @@ CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.
 CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient
 identifier associated with a specific CMS_RecipientInfo structure B<ri>, which
 must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in
-B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>. 
+B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
 CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the
 CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS.
diff --git a/src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod b/src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod
index f546376a1e..50c2b9b9ab 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod
@@ -45,7 +45,7 @@ CMS_verify().
 =head1 RETURN VALUES
-CMS_ReceiptRequest_create0() returns a signed receipt request structure or 
+CMS_ReceiptRequest_create0() returns a signed receipt request structure or
 NULL if an error occurred.
 CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred.
diff --git a/src/lib/libssl/src/doc/crypto/CMS_sign.pod b/src/lib/libssl/src/doc/crypto/CMS_sign.pod
index 2cc72de327..6b58ba3bdd 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_sign.pod
@@ -96,7 +96,7 @@ B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the
 B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
 function CMS_sign_add1_signer(), non default digests can be used and custom
 attributes added. B<CMS_final()> must then be called to finalize the
-structure if streaming is not enabled. 
+structure if streaming is not enabled.
 =head1 BUGS
diff --git a/src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod b/src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod
index bda3ca2adb..215e994b54 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod
@@ -52,7 +52,7 @@ structure.  An error occurs if a matching digest value cannot be found to copy.
 The returned CMS_ContentInfo structure will be valid and finalized when this
 flag is set.
-If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the 
+If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the
 CMS_SignerInfo structure will not be finalized so additional attributes
 can be added. In this case an explicit call to CMS_SignerInfo_sign() is
 needed to finalize it.
@@ -81,7 +81,7 @@ If any of these algorithms is not available then it will not be included: for ex
 not loaded.
 CMS_sign_add1_signer() returns an internal pointer to the CMS_SignerInfo
-structure just added, this can be used to set additional attributes 
+structure just added, this can be used to set additional attributes
 before it is finalized.
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/crypto/CMS_verify.pod b/src/lib/libssl/src/doc/crypto/CMS_verify.pod
index 8f26fdab09..4a6b3bfc97 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_verify.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_verify.pod
@@ -67,7 +67,7 @@ returned.
 If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
 verified.
-If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not 
+If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
 verified.
 If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
@@ -81,13 +81,13 @@ certificates supplied in B<certs> then the verify will fail because the
 signer cannot be found.
 In some cases the standard techniques for looking up and validating
-certificates are not appropriate: for example an application may wish to 
+certificates are not appropriate: for example an application may wish to
 lookup certificates in a database or perform customised verification. This
-can be achieved by setting and verifying the signers certificates manually 
+can be achieved by setting and verifying the signers certificates manually
 using the signed data utility functions.
 Care should be taken when modifying the default verify behaviour, for example
-setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification 
+setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
 and any modified content will be considered valid. This combination is however
 useful if one merely wishes to write the content to B<out> and its validity
 is not considered important.
diff --git a/src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod b/src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod
index 9283e0e04b..573e725ec1 100644
--- a/src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod
+++ b/src/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod
@@ -16,7 +16,7 @@ CMS_verify_receipt() verifies a CMS signed receipt. B<rcms> is the signed
 receipt to verify. B<ocms> is the original SignedData structure containing the
 receipt request. B<certs> is a set of certificates in which to search for the
 signing certificate. B<store> is a trusted certificate store (used for chain
-verification). 
+verification).
 B<flags> is an optional set of flags, which can be used to modify the verify
 operation.
diff --git a/src/lib/libssl/src/doc/crypto/CONF_modules_load_file.pod b/src/lib/libssl/src/doc/crypto/CONF_modules_load_file.pod
index 9965d69bf2..64e8127280 100644
--- a/src/lib/libssl/src/doc/crypto/CONF_modules_load_file.pod
+++ b/src/lib/libssl/src/doc/crypto/CONF_modules_load_file.pod
@@ -22,7 +22,7 @@ NULL the standard OpenSSL application name B<openssl_conf> is used.
 The behaviour can be cutomized using B<flags>.
 CONF_modules_load() is idential to CONF_modules_load_file() except it
-read configuration information from B<cnf>. 
+read configuration information from B<cnf>.
 =head1 NOTES
diff --git a/src/lib/libssl/src/doc/crypto/CRYPTO_set_locking_callback.pod b/src/lib/libssl/src/doc/crypto/CRYPTO_set_locking_callback.pod
index dc0e9391dc..8f4cf4cb2d 100644
--- a/src/lib/libssl/src/doc/crypto/CRYPTO_set_locking_callback.pod
+++ b/src/lib/libssl/src/doc/crypto/CRYPTO_set_locking_callback.pod
@@ -68,7 +68,7 @@ that at least two callback functions are set, locking_function and
 threadid_func.
 locking_function(int mode, int n, const char *file, int line) is
-needed to perform locking on shared data structures. 
+needed to perform locking on shared data structures.
 (Note that OpenSSL uses a number of global data structures that
 will be implicitly shared whenever multiple threads use OpenSSL.)
 Multi-threaded applications will crash at random if it is not set.
diff --git a/src/lib/libssl/src/doc/crypto/DES_set_key.pod b/src/lib/libssl/src/doc/crypto/DES_set_key.pod
index 6f0cf1cc5e..b49545877a 100644
--- a/src/lib/libssl/src/doc/crypto/DES_set_key.pod
+++ b/src/lib/libssl/src/doc/crypto/DES_set_key.pod
@@ -28,16 +28,16 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
 void DES_set_odd_parity(DES_cblock *key);
 int DES_is_weak_key(const_DES_cblock *key);
- void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, 
+ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
        DES_key_schedule *ks, int enc);
- void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, 
+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
        DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
- void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, 
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-        DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        DES_key_schedule *ks1, DES_key_schedule *ks2,
        DES_key_schedule *ks3, int enc);
- void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, 
+ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        int enc);
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
        int numbits, long length, DES_key_schedule *schedule,
@@ -45,8 +45,8 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
 void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
        int numbits, long length, DES_key_schedule *schedule,
        DES_cblock *ivec);
- void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, 
+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        int enc);
 void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
        long length, DES_key_schedule *schedule, DES_cblock *ivec,
@@ -55,8 +55,8 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        int *num);
- void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, 
+ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
        const_DES_cblock *inw, const_DES_cblock *outw, int enc);
 void DES_ede2_cbc_encrypt(const unsigned char *input,
@@ -73,22 +73,22 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
        unsigned char *output, long length, DES_key_schedule *ks1,
        DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
        int enc);
- void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 
+ void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-        long length, DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
-        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, 
+        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
        int enc);
- void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 
+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
        DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
- void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-        long length, DES_key_schedule *ks1, 
+        long length, DES_key_schedule *ks1,
-        DES_key_schedule *ks2, DES_key_schedule *ks3, 
+        DES_key_schedule *ks2, DES_key_schedule *ks3,
        DES_cblock *ivec, int *num);
- DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, 
+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
-        long length, DES_key_schedule *schedule, 
+        long length, DES_key_schedule *schedule,
        const_DES_cblock *ivec);
- DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], 
+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
        long length, int out_count, DES_cblock *seed);
 void DES_string_to_key(const char *str, DES_cblock *key);
 void DES_string_to_2keys(const char *str, DES_cblock *key1,
diff --git a/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod b/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
index 9081e9ea7c..862aa0c39a 100644
--- a/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
+++ b/src/lib/libssl/src/doc/crypto/DH_generate_parameters.pod
@@ -21,7 +21,7 @@ allocated B<DH> structure. The pseudo-random number generator must be
 seeded prior to calling DH_generate_parameters().
 B<prime_len> is the length in bits of the safe prime to be generated.
-B<generator> is a small number E<gt> 1, typically 2 or 5. 
+B<generator> is a small number E<gt> 1, typically 2 or 5.
 A callback function may be used to provide feedback about the progress
 of the key generation. If B<callback> is not B<NULL>, it will be
diff --git a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
index 9c1434bd8d..5ad7362f58 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
@@ -37,7 +37,7 @@ been set as a default for DSA, so this function is no longer recommended.
 DSA_get_default_method() returns a pointer to the current default
 DSA_METHOD. However, the meaningfulness of this result is dependent on
-whether the ENGINE API is being used, so this function is no longer 
+whether the ENGINE API is being used, so this function is no longer
 recommended.
 DSA_set_method() selects B<meth> to perform all operations using the key
diff --git a/src/lib/libssl/src/doc/crypto/ERR_get_error.pod b/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
index 828ecf529b..1a765f7aff 100644
--- a/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
+++ b/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
@@ -52,7 +52,7 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and
 ERR_get_last_error_line_data() store additional data and flags
 associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING> is true. 
+if *B<flags>&B<ERR_TXT_STRING> is true.
 An application B<MUST NOT> free the *B<data> pointer (or any other pointers
 returned by these functions) with OPENSSL_free() as freeing is handled
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 367691cc7a..dcc5d73f69 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -26,18 +26,18 @@ EVP digest routines
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
- int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
        unsigned int *s);
- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
 #define EVP_MAX_MD_SIZE 64     /* SHA512 */
 int EVP_MD_type(const EVP_MD *md);
- int EVP_MD_pkey_type(const EVP_MD *md);        
+ int EVP_MD_pkey_type(const EVP_MD *md);
 int EVP_MD_size(const EVP_MD *md);
 int EVP_MD_block_size(const EVP_MD *md);
@@ -136,10 +136,10 @@ reasons.
 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
 EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
 structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
-and RIPEMD160 digest algorithms respectively. 
+and RIPEMD160 digest algorithms respectively.
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
+algorithms but using DSS (DSA) for the signature algorithm. Note: there is
 no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
 however retained for compatibility.
@@ -178,21 +178,21 @@ The B<EVP> interface to message digests should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
-New applications should use the SHA2 digest algorithms such as SHA256. 
+New applications should use the SHA2 digest algorithms such as SHA256.
 The other digest algorithms are still in common use.
 For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
 set to NULL to use the default digest implementation.
-The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 
+The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are
 obsolete but are retained to maintain compatibility with existing code. New
-applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 
+applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and
 EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
 instead of initializing and cleaning it up on each call and allow non default
 implementations of digests to be specified.
 In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
-memory leaks will occur. 
+memory leaks will occur.
 Stack allocation of EVP_MD_CTX structures is common, for example:
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
index 37d960e3b2..11e8f6f937 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod
@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 For some key types and parameters the random number generator must be seeded
-or the operation will fail. 
+or the operation will fail.
 The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
@@ -81,7 +81,7 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 =head1 HISTORY
-EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() 
+EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
 were first added to OpenSSL 1.0.0.
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
index f224488978..819e0d4b9f 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod
@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
 the use of clone digest is now discouraged.
 For some key types and parameters the random number generator must be seeded
-or the operation will fail. 
+or the operation will fail.
 The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
@@ -76,7 +76,7 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 =head1 HISTORY
-EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() 
+EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
 were first added to OpenSSL 1.0.0.
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index 1c4bf184a1..84875e0fe0 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -128,7 +128,7 @@ calls to EVP_EncryptUpdate() should be made.
 If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
 data and it will return an error if any data remains in a partial block:
-that is if the total data length is not a multiple of the block size. 
+that is if the total data length is not a multiple of the block size.
 EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
 corresponding decryption operations. EVP_DecryptFinal() will return an
@@ -157,7 +157,7 @@ initialized and they always use the default cipher implementation.
 EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
 similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
-EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up 
+EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up
 after the call.
 EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
@@ -268,7 +268,7 @@ OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
 EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
-EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for
 success or zero for failure.
 =head1 CIPHER LISTING
@@ -283,7 +283,7 @@ Null cipher: does nothing.
 =item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
-DES in CBC, ECB, CFB and OFB modes respectively. 
+DES in CBC, ECB, CFB and OFB modes respectively.
 =item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),  EVP_des_ede_cfb(void)
@@ -346,7 +346,7 @@ Where possible the B<EVP> interface to symmetric ciphers should be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the cipher used and much more flexible.
-PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
 length of the encrypted data a multiple of the block size. Padding is always
 added so if the data is already a multiple of the block size B<n> will equal
 the block size. For example if the block size is 8 and 11 bytes are to be
@@ -376,7 +376,7 @@ a limitation of the current RC5 code rather than the EVP interface.
 EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
 default key lengths. If custom ciphers exceed these values the results are
-unpredictable. This is because it has become standard practice to define a 
+unpredictable. This is because it has become standard practice to define a
 generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
 The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
@@ -449,7 +449,7 @@ Encrypt a string using blowfish:
 The ciphertext from the above example can be decrypted using the B<openssl>
 utility with the command line:
- 
 S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
 General encryption, decryption function example using FILE I/O and RC2 with an
@@ -472,7 +472,7 @@ General encryption, decryption function example using FILE I/O and RC2 with an
        /* We finished modifying parameters so now we can set key and IV */
        EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
-        for(;;) 
+        for(;;)
                {
                inlen = fread(inbuf, 1, 1024, in);
                if(inlen <= 0) break;
diff --git a/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod b/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod
index 2e710da945..1aa2a9cd6e 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_OpenInit.pod
@@ -27,7 +27,7 @@ B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
 The IV is supplied in the B<iv> parameter.
 EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
-as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
 documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
 page.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod
index 13b91f1e6e..e8d1ddda75 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod
@@ -62,7 +62,7 @@ The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
 The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
 RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
 RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
-RSA_X931_PADDING for X9.31 padding (signature operations only) and 
+RSA_X931_PADDING for X9.31 padding (signature operations only) and
 RSA_PKCS1_PSS_PADDING (sign and verify only).
 Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
@@ -87,7 +87,7 @@ RSA key genration to B<bits>. If not specified 1024 bits is used.
 The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
 for RSA key generation to B<pubexp> currently it should be an odd integer. The
-B<pubexp> pointer is used internally by this function so it should not be 
+B<pubexp> pointer is used internally by this function so it should not be
 modified or free after the call. If this macro is not called then 65537 is used.
 The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
@@ -118,8 +118,8 @@ L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
-L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_cmp.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_cmp.pod
index 4f8185e36c..4145245299 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_cmp.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_cmp.pod
@@ -56,6 +56,6 @@ keys match, 0 if they don't match, -1 if the key types are different and
 =head1 SEE ALSO
 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod
index 847983237b..197878eff7 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod
@@ -50,7 +50,7 @@ Decrypt data using OAEP (for RSA keys):
 EVP_PKEY_CTX *ctx;
 unsigned char *out, *in;
- size_t outlen, inlen; 
+ size_t outlen, inlen;
 EVP_PKEY *key;
 /* NB: assumes key in, inlen are already set up
  * and that key is an RSA private key
@@ -71,7 +71,7 @@ Decrypt data using OAEP (for RSA keys):
 if (!out)
        /* malloc failure */
- 
 if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
        /* Error */
@@ -84,7 +84,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod
index 27464be571..de877ead1a 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod
@@ -71,7 +71,7 @@ Derive shared secret (for example DH or EC keys):
 if (!skey)
        /* malloc failure */
- 
 if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
        /* Error */
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod
index e495a81242..f7969c296f 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod
@@ -50,7 +50,7 @@ Encrypt data using OAEP (for RSA keys):
 EVP_PKEY_CTX *ctx;
 unsigned char *out, *in;
- size_t outlen, inlen; 
+ size_t outlen, inlen;
 EVP_PKEY *key;
 /* NB: assumes key in, inlen are already set up
  * and that key is an RSA public key
@@ -71,7 +71,7 @@ Encrypt data using OAEP (for RSA keys):
 if (!out)
        /* malloc failure */
- 
 if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
        /* Error */
@@ -84,7 +84,7 @@ L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
index fd431ace6d..b6102da036 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
@@ -28,7 +28,7 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen
 The EVP_PKEY_keygen_init() function initializes a public key algorithm
 context using key B<pkey> for a key genration operation.
-The EVP_PKEY_keygen() function performs a key generation operation, the 
+The EVP_PKEY_keygen() function performs a key generation operation, the
 generated key is written to B<ppkey>.
 The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
@@ -152,7 +152,7 @@ L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod
index 10687e458d..11512249e4 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_new.pod
@@ -14,7 +14,7 @@ EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
 =head1 DESCRIPTION
-The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> 
+The EVP_PKEY_new() function allocates an empty B<EVP_PKEY>
 structure which is used by OpenSSL to store private keys.
 EVP_PKEY_free() frees up the private key B<key>.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_print_private.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_print_private.pod
index ce9d70d7a7..c9b7a89821 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_print_private.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_print_private.pod
@@ -28,7 +28,7 @@ be used.
 =head1 NOTES
-Currently no public key algorithms include any options in the B<pctx> parameter 
+Currently no public key algorithms include any options in the B<pctx> parameter
 parameter.
 If the key does not include all the components indicated by the function then
@@ -44,7 +44,7 @@ the public key algorithm.
 =head1 SEE ALSO
 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod
index 2db692e271..8afb1b22e1 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -63,7 +63,7 @@ EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
 EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
 EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if 
+EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
 an error occurred.
 EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod
index a044f2c131..fb8e61cf29 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod
@@ -50,7 +50,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
 EVP_PKEY_CTX *ctx;
 unsigned char *md, *sig;
- size_t mdlen, siglen; 
+ size_t mdlen, siglen;
 EVP_PKEY *signing_key;
 /* NB: assumes signing_key, md and mdlen are already set up
  * and that signing_key is an RSA private key
@@ -73,7 +73,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
 if (!sig)
        /* malloc failure */
- 
 if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
        /* Error */
@@ -87,7 +87,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
index 90612ba2f0..f7ae4f9ebe 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
@@ -53,7 +53,7 @@ Verify signature using PKCS#1 and SHA256 digest:
 EVP_PKEY_CTX *ctx;
 unsigned char *md, *sig;
- size_t mdlen, siglen; 
+ size_t mdlen, siglen;
 EVP_PKEY *verify_key;
 /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
  * and that verify_key is an RSA public key
@@ -82,7 +82,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod
index 23a28a9c43..00d53db783 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod
@@ -29,7 +29,7 @@ B<rout> and the amount of data written to B<routlen>.
 =head1 NOTES
 Normally an application is only interested in whether a signature verification
-operation is successful in those cases the EVP_verify() function should be 
+operation is successful in those cases the EVP_verify() function should be
 used.
 Sometimes however it is useful to obtain the data originally signed using a
@@ -58,7 +58,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
 EVP_PKEY_CTX *ctx;
 unsigned char *rout, *sig;
- size_t routlen, siglen; 
+ size_t routlen, siglen;
 EVP_PKEY *verify_key;
 /* NB: assumes verify_key, sig and siglen are already set up
  * and that verify_key is an RSA public key
@@ -81,7 +81,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
 if (!rout)
        /* malloc failure */
- 
 if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
        /* Error */
@@ -94,7 +94,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index 7d793e19ef..172f210c64 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -42,9 +42,9 @@ If the cipher does not require an IV then the B<iv> parameter is ignored
 and can be B<NULL>.
 EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
-as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
 documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page. 
+page.
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index 620a623ab6..682724b157 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -32,7 +32,7 @@ same B<ctx> to include additional data.
 EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
 places the signature in B<sig>. The number of bytes of data written (i.e. the
 length of the signature) will be written to the integer at B<s>, at most
-EVP_PKEY_size(pkey) bytes will be written. 
+EVP_PKEY_size(pkey) bytes will be written.
 EVP_SignInit() initializes a signing context B<ctx> to use the default
 implementation of digest B<type>.
@@ -57,7 +57,7 @@ transparent to the algorithm used and much more flexible.
 Due to the link between message digests and public key algorithms the correct
 digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
+algorithms and associated public key algorithms appears in
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
 When signing with DSA private keys the random number generator must be seeded
@@ -74,7 +74,7 @@ will occur.
 =head1 BUGS
-Older versions of this documentation wrongly stated that calls to 
+Older versions of this documentation wrongly stated that calls to
 EVP_SignUpdate() could not be made after calling EVP_SignFinal().
 Since the private key is passed in the call to EVP_SignFinal() any error
diff --git a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
index 9097f09410..0ffb0a8077 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
@@ -51,7 +51,7 @@ transparent to the algorithm used and much more flexible.
 Due to the link between message digests and public key algorithms the correct
 digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
+algorithms and associated public key algorithms appears in
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
 The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
@@ -64,7 +64,7 @@ will occur.
 =head1 BUGS
-Older versions of this documentation wrongly stated that calls to 
+Older versions of this documentation wrongly stated that calls to
 EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
 Since the public key is passed in the call to EVP_SignFinal() any error
diff --git a/src/lib/libssl/src/doc/crypto/MD5.pod b/src/lib/libssl/src/doc/crypto/MD5.pod
index d11d5c32cb..b0edd5416f 100644
--- a/src/lib/libssl/src/doc/crypto/MD5.pod
+++ b/src/lib/libssl/src/doc/crypto/MD5.pod
@@ -75,7 +75,7 @@ preferred.
 =head1 RETURN VALUES
-MD2(), MD4(), and MD5() return pointers to the hash value. 
+MD2(), MD4(), and MD5() return pointers to the hash value.
 MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
 MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
diff --git a/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod b/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
index 1e45dd40f6..458ef025f0 100644
--- a/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
+++ b/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
@@ -34,7 +34,7 @@ functions
 The ASN1 object utility functions process ASN1_OBJECT structures which are
 a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
-OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to 
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
 an ASN1_OBJECT structure, its long name and its short name respectively,
 or B<NULL> is an error occurred.
@@ -62,7 +62,7 @@ OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
 OBJ_dup() returns a copy of B<o>.
-OBJ_create() adds a new object to the internal table. B<oid> is the 
+OBJ_create() adds a new object to the internal table. B<oid> is the
 numerical form of the object, B<sn> the short name and B<ln> the
 long name. A new NID is returned for the created object.
@@ -115,14 +115,14 @@ Create a new NID and initialize an object from it:
 new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
 obj = OBJ_nid2obj(new_nid);
- 
 Create a new object directly:
 obj = OBJ_txt2obj("1.2.3.4", 1);
 =head1 BUGS
-OBJ_obj2txt() is awkward and messy to use: it doesn't follow the 
+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the
 convention of other OpenSSL functions where the buffer can be set
 to B<NULL> to determine the amount of data that should be written.
 Instead B<buf> must point to a valid buffer and B<buf_len> should
diff --git a/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod b/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod
index e7bba2aaca..552ed956ab 100644
--- a/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod
+++ b/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod
@@ -37,7 +37,7 @@ can be added without source changes.
 The environment variable B<OPENSSL_CONF> can be set to specify the location
 of the configuration file.
- 
 Currently ASN1 OBJECTs and ENGINE configuration can be performed future
 versions of OpenSSL will add new configuration options.
diff --git a/src/lib/libssl/src/doc/crypto/OPENSSL_load_builtin_modules.pod b/src/lib/libssl/src/doc/crypto/OPENSSL_load_builtin_modules.pod
index f14dfaf005..6c99170197 100644
--- a/src/lib/libssl/src/doc/crypto/OPENSSL_load_builtin_modules.pod
+++ b/src/lib/libssl/src/doc/crypto/OPENSSL_load_builtin_modules.pod
@@ -24,15 +24,15 @@ ENGINE_add_conf_module() adds just the ENGINE configuration module.
 =head1 NOTES
-If the simple configuration function OPENSSL_config() is called then 
+If the simple configuration function OPENSSL_config() is called then
 OPENSSL_load_builtin_modules() is called automatically.
 Applications which use the configuration functions directly will need to
-call OPENSSL_load_builtin_modules() themselves I<before> any other 
+call OPENSSL_load_builtin_modules() themselves I<before> any other
 configuration code.
 Applications should call OPENSSL_load_builtin_modules() to load all
-configuration modules instead of adding modules selectively: otherwise 
+configuration modules instead of adding modules selectively: otherwise
 functionality may be missing from the application if an when new
 modules are added.
diff --git a/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod b/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod
index 54414a3f6f..e196bf1498 100644
--- a/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod
+++ b/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod
@@ -250,7 +250,7 @@ structure. They will also process a trusted X509 certificate but
 any trust settings are discarded.
 The B<X509_AUX> functions process a trusted X509 certificate using
-an X509 structure. 
+an X509 structure.
 The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
 certificate request using an X509_REQ structure. The B<X509_REQ>
@@ -435,7 +435,7 @@ which is an uninitialised pointer.
 This old B<PrivateKey> routines use a non standard technique for encryption.
-The private key (or other data) takes the following form: 
+The private key (or other data) takes the following form:
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
@@ -461,7 +461,7 @@ an existing structure. Therefore the following:
 PEM_read_bio_X509(bp, &x, 0, NULL);
-where B<x> already contains a valid certificate, may not work, whereas: 
+where B<x> already contains a valid certificate, may not work, whereas:
 X509_free(x);
 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
diff --git a/src/lib/libssl/src/doc/crypto/PKCS12_create.pod b/src/lib/libssl/src/doc/crypto/PKCS12_create.pod
index de7cab2bdf..0a1e460cf1 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS12_create.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS12_create.pod
@@ -60,7 +60,7 @@ certficate is required. In previous versions both had to be present or
 a fatal error is returned.
 B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
-should be used. 
+should be used.
 B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
index 2cd925a7e0..e206684384 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
@@ -30,7 +30,7 @@ bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
 respectively.
 The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
-its parameters. 
+its parameters.
 Many browsers implement a "sign and encrypt" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
@@ -55,7 +55,7 @@ suitable for streaming I/O: no data is read from the BIO B<in>.
 If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
 complete and outputting its contents via a function that does not
-properly finalize the B<PKCS7> structure will give unpredictable 
+properly finalize the B<PKCS7> structure will give unpredictable
 results.
 Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod b/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
index 64a35144f8..9a4f5b173e 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
@@ -15,7 +15,7 @@ PKCS7_sign - create a PKCS#7 signedData structure
 PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
 the certificate to sign with, B<pkey> is the corresponsding private key.
 B<certs> is an optional additional set of certificates to include in the PKCS#7
-structure (for example any intermediate CAs in the chain). 
+structure (for example any intermediate CAs in the chain).
 The data to be signed is read from BIO B<data>.
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_sign_add_signer.pod b/src/lib/libssl/src/doc/crypto/PKCS7_sign_add_signer.pod
index ebec4d57de..afe8ad97cd 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_sign_add_signer.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_sign_add_signer.pod
@@ -44,7 +44,7 @@ digest value from the PKCS7 struture: to add a signer to an existing structure.
 An error occurs if a matching digest value cannot be found to copy. The
 returned PKCS7 structure will be valid and finalized when this flag is set.
-If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the 
+If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the
 B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
 can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
 needed to finalize it.
@@ -67,7 +67,7 @@ these algorithms is disabled then it will not be included.
 PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
-structure just added, this can be used to set additional attributes 
+structure just added, this can be used to set additional attributes
 before it is finalized.
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
index 7c10a4cc3c..51ada03f2d 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
@@ -54,7 +54,7 @@ Any of the following flags (ored together) can be passed in the B<flags> paramet
 to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
 meaningful to PKCS7_get0_signers().
-If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 
+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
 searched when locating the signer's certificate. This means that all the signers
 certificates must be in the B<certs> parameter.
@@ -79,7 +79,7 @@ certificates supplied in B<certs> then the verify will fail because the
 signer cannot be found.
 Care should be taken when modifying the default verify behaviour, for example
-setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification 
+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
 and any signed message will be considered valid. This combination is however
 useful if one merely wishes to write the content to B<out> and its validity
 is not considered important.
diff --git a/src/lib/libssl/src/doc/crypto/RAND.pod b/src/lib/libssl/src/doc/crypto/RAND.pod
index e460c1653e..8f803f33eb 100644
--- a/src/lib/libssl/src/doc/crypto/RAND.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND.pod
@@ -54,7 +54,7 @@ described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
 seeding process whenever the application is started.
 L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
-PRNG. 
+PRNG.
 =head1 INTERNALS
@@ -67,6 +67,6 @@ L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
 L<RAND_load_file(3)|RAND_load_file(3)>,
 L<RAND_bytes(3)|RAND_bytes(3)>,
 L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)> 
+L<RAND_cleanup(3)|RAND_cleanup(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/RIPEMD160.pod b/src/lib/libssl/src/doc/crypto/RIPEMD160.pod
index 264bb99ae7..f66fb02ed2 100644
--- a/src/lib/libssl/src/doc/crypto/RIPEMD160.pod
+++ b/src/lib/libssl/src/doc/crypto/RIPEMD160.pod
@@ -45,7 +45,7 @@ hash functions directly.
 =head1 RETURN VALUES
-RIPEMD160() returns a pointer to the hash value. 
+RIPEMD160() returns a pointer to the hash value.
 RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
 success, 0 otherwise.
diff --git a/src/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod b/src/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod
index 746a80c79e..4c4d131172 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_private_encrypt.pod
@@ -11,7 +11,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
 int RSA_private_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
+ int RSA_public_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
index 2c963d7e5b..eb0913c106 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
@@ -43,7 +43,7 @@ been set as a default for RSA, so this function is no longer recommended.
 RSA_get_default_method() returns a pointer to the current default
 RSA_METHOD. However, the meaningfulness of this result is dependent on
-whether the ENGINE API is being used, so this function is no longer 
+whether the ENGINE API is being used, so this function is no longer
 recommended.
 RSA_set_method() selects B<meth> to perform all operations using the key
diff --git a/src/lib/libssl/src/doc/crypto/RSA_sign.pod b/src/lib/libssl/src/doc/crypto/RSA_sign.pod
index 8553be8e99..061c0e2437 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_sign.pod
@@ -52,7 +52,7 @@ SSL, PKCS #1 v2.0
 L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
 L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/SHA1.pod b/src/lib/libssl/src/doc/crypto/SHA1.pod
index 94ab7bc724..232af9227e 100644
--- a/src/lib/libssl/src/doc/crypto/SHA1.pod
+++ b/src/lib/libssl/src/doc/crypto/SHA1.pod
@@ -46,7 +46,7 @@ used only when backward compatibility is required.
 =head1 RETURN VALUES
-SHA1() returns a pointer to the hash value. 
+SHA1() returns a pointer to the hash value.
 SHA1_Init(), SHA1_Update() and SHA1_Final() return 1 for success, 0 otherwise.
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
index 41902c0d45..ad0d796535 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -35,17 +35,17 @@ X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
 B<type> and value determined by B<bytes> and B<len>.
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
-and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+and X509_NAME_ENTRY_create_by_OBJ() create and return an
 B<X509_NAME_ENTRY> structure.
 =head1 NOTES
 X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
-used to examine an B<X509_NAME_ENTRY> function as returned by 
+used to examine an B<X509_NAME_ENTRY> function as returned by
 X509_NAME_get_entry() for example.
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+and X509_NAME_ENTRY_create_by_OBJ() create and return an
 X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
 X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
index 1afd008cb3..5b9e81b922 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -61,7 +61,7 @@ to 0. This adds a new entry to the end of B<name> as a single valued
 RelativeDistinguishedName (RDN).
 B<loc> actually determines the index where the new entry is inserted:
-if it is -1 it is appended. 
+if it is -1 it is appended.
 B<set> determines how the new type is added. If it is zero a
 new RDN is created.
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
index 3b1f9ff43b..7da92617fb 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -43,7 +43,7 @@ B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
 will be written and the text written to B<buf> will be null
 terminated. The length of the output string written is returned
 excluding the terminating null. If B<buf> is <NULL> then the amount
-of space needed in B<buf> (excluding the final null) is returned. 
+of space needed in B<buf> (excluding the final null) is returned.
 =head1 NOTES
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
index 2579a5dc9d..b2d86d4ddb 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
@@ -27,7 +27,7 @@ X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
 bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
 and returned, otherwise B<buf> is returned.
-X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> 
+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
 characters. Multiple lines are used if the output (including indent) exceeds
 80 characters.
@@ -76,7 +76,7 @@ printed instead of the values.
 If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
 is only of use for multiline format.
-Additionally all the options supported by ASN1_STRING_print_ex() can be used to 
+Additionally all the options supported by ASN1_STRING_print_ex() can be used to
 control how each field value is displayed.
 In addition a number options can be set for commonly used formats.
diff --git a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
index 8d6b9dda47..1b75967ccd 100644
--- a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
@@ -27,7 +27,7 @@ and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>.
 This mechanism is used internally by the B<ssl> library to store the B<SSL>
 structure associated with a verification operation in an B<X509_STORE_CTX>
-structure. 
+structure.
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_new.pod b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_new.pod
index b17888f149..1c55236aa2 100644
--- a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_new.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_new.pod
@@ -45,7 +45,7 @@ will be untrusted but may be used to build the chain) in B<chain>. Any or
 all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
 X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
-to B<sk>. This is an alternative way of specifying trusted certificates 
+to B<sk>. This is an alternative way of specifying trusted certificates
 instead of using an B<X509_STORE>.
 X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to
diff --git a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
index b9787a6ca6..86d988eee0 100644
--- a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
@@ -94,7 +94,7 @@ expired just one specific case:
 Full featured logging callback. In this case the B<bio_err> is assumed to be
 a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
 B<ex_data>.
-        
 int verify_callback(int ok, X509_STORE_CTX *ctx)
        {
        X509 *err_cert;
diff --git a/src/lib/libssl/src/doc/crypto/X509_STORE_set_verify_cb_func.pod b/src/lib/libssl/src/doc/crypto/X509_STORE_set_verify_cb_func.pod
index 29e3bbe3bc..012f2d2c75 100644
--- a/src/lib/libssl/src/doc/crypto/X509_STORE_set_verify_cb_func.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_STORE_set_verify_cb_func.pod
@@ -24,14 +24,14 @@ is implemented as a macro.
 =head1 NOTES
-The verification callback from an B<X509_STORE> is inherited by 
+The verification callback from an B<X509_STORE> is inherited by
 the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
-be used to set the verification callback when the B<X509_STORE_CTX> is 
+be used to set the verification callback when the B<X509_STORE_CTX> is
 otherwise inaccessible (for example during S/MIME verification).
 =head1 BUGS
-The macro version of this function was the only one available before 
+The macro version of this function was the only one available before
 OpenSSL 1.0.0.
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 46cac2bea2..e5da5bec08 100644
--- a/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -2,7 +2,7 @@
 =head1 NAME
-X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters 
+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters
 =head1 SYNOPSIS
@@ -20,7 +20,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                                ASN1_OBJECT *policy);
- int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
                                        STACK_OF(ASN1_OBJECT) *policies);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
@@ -29,7 +29,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
 =head1 DESCRIPTION
 These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
-a certificate verification operation. 
+a certificate verification operation.
 The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
 it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
@@ -43,7 +43,7 @@ X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
 to B<purpose>. This determines the acceptable purpose of the certificate
 chain, for example SSL client or SSL server.
-X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to 
+X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
 B<trust>.
 X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
@@ -63,10 +63,10 @@ chain.
 =head1 RETURN VALUES
-X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), 
+X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(),
 X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
 X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1
-for success and 0 for failure. 
+for success and 0 for failure.
 X509_VERIFY_PARAM_get_flags() returns the current verification flags.
@@ -81,7 +81,7 @@ The verification flags consists of zero or more of the following flags
 ored together.
 B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
-certificate. An error occurs if a suitable CRL cannot be found. 
+certificate. An error occurs if a suitable CRL cannot be found.
 B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
 chain.
@@ -99,7 +99,7 @@ certificates and makes the verification strictly apply B<X509> rules.
 B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification.
 B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default
-no policy checking is peformed. Additional information is sent to the 
+no policy checking is peformed. Additional information is sent to the
 verification callback relating to policy checking.
 B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and
@@ -142,7 +142,7 @@ X509_STORE_CTX_set_flags().
 =head1 BUGS
 Delta CRL checking is currently primitive. Only a single delta can be used and
-(partly due to limitations of B<X509_STORE>) constructed CRLs are not 
+(partly due to limitations of B<X509_STORE>) constructed CRLs are not
 maintained.
 If CRLs checking is enable CRLs are expected to be available in the
@@ -151,7 +151,7 @@ CRLs from the CRL distribution points extension.
 =head1 EXAMPLE
-Enable CRL checking when performing certificate verification during SSL 
+Enable CRL checking when performing certificate verification during SSL
 connections associated with an B<SSL_CTX> structure B<ctx>:
  X509_VERIFY_PARAM *param;
diff --git a/src/lib/libssl/src/doc/crypto/bn_internal.pod b/src/lib/libssl/src/doc/crypto/bn_internal.pod
index 91840b0f0d..7d4dac9ccf 100644
--- a/src/lib/libssl/src/doc/crypto/bn_internal.pod
+++ b/src/lib/libssl/src/doc/crypto/bn_internal.pod
@@ -95,8 +95,8 @@ is the number of words being used, so for a value of 4, bn.d[0]=4 and
 bn.top=1.  B<neg> is 1 if the number is negative.  When a B<BIGNUM> is
 B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
-B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The 
+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
-flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and 
+flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and
 BN_get_flags(b,n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
 structure B<b>.
diff --git a/src/lib/libssl/src/doc/crypto/crypto.pod b/src/lib/libssl/src/doc/crypto/crypto.pod
index 7a527992bb..3c4a07d906 100644
--- a/src/lib/libssl/src/doc/crypto/crypto.pod
+++ b/src/lib/libssl/src/doc/crypto/crypto.pod
@@ -28,7 +28,7 @@ hash functions and a cryptographic pseudo-random number generator.
 =item SYMMETRIC CIPHERS
 L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>,
-L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)> 
+L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)>
 =item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
@@ -52,13 +52,13 @@ L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)>
 =item INPUT/OUTPUT, DATA ENCODING
 L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>,
-L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)> 
+L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)>
 =item INTERNAL FUNCTIONS
 L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>,
 L<objects(3)|objects(3)>, L<stack(3)|stack(3)>,
-L<txt_db(3)|txt_db(3)> 
+L<txt_db(3)|txt_db(3)>
 =back
diff --git a/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod b/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod
index 22c1b50f22..c80e311d04 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod
@@ -56,7 +56,7 @@ i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
 The B<DSA> structure passed to the private key encoding functions should have
 all the private key components present.
-The data encoded by the private key functions is unencrypted and therefore 
+The data encoded by the private key functions is unencrypted and therefore
 offers no private key security.
 The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
diff --git a/src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod b/src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod
index a54b779088..466f99ab42 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_PKCS8PrivateKey.pod
@@ -41,7 +41,7 @@ corresponding B<PEM> function as described in the L<pem(3)|pem(3)> manual page.
 Before using these functions L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
 should be called to initialize the internal algorithm lookup tables otherwise errors about
-unknown algorithms will occur if an attempt is made to decrypt a private key. 
+unknown algorithms will occur if an attempt is made to decrypt a private key.
 These functions are currently the only way to store encrypted private keys using DER format.
diff --git a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
index aa6078bcf6..1711dc038f 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
@@ -49,8 +49,8 @@ i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
 The B<RSA> structure passed to the private key encoding functions should have
 all the PKCS#1 private key components present.
-The data encoded by the private key functions is unencrypted and therefore 
+The data encoded by the private key functions is unencrypted and therefore
-offers no private key security. 
+offers no private key security.
 The NET format functions are present to provide compatibility with certain very
 old software. This format has some severe security weaknesses and should be
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509.pod b/src/lib/libssl/src/doc/crypto/d2i_X509.pod
index 298ec54a4c..e212014ac8 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_X509.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509.pod
@@ -23,7 +23,7 @@ i2d_X509_fp - X509 encode and decode functions
 The X509 encode and decode routines encode and parse an
 B<X509> structure, which represents an X509 certificate.
-d2i_X509() attempts to decode B<len> bytes at B<*in>. If 
+d2i_X509() attempts to decode B<len> bytes at B<*in>. If
 successful a pointer to the B<X509> structure is returned. If an error
 occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
 returned structure is written to B<*px>. If B<*px> is not B<NULL>
@@ -36,7 +36,7 @@ i2d_X509() encodes the structure pointed to by B<x> into DER format.
 If B<out> is not B<NULL> is writes the DER encoded data to the buffer
 at B<*out>, and increments it to point after the data just written.
 If the return value is negative an error occurred, otherwise it
-returns the length of the encoded data. 
+returns the length of the encoded data.
 For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
 allocated for a buffer and the encoded data written to it. In this
@@ -194,7 +194,7 @@ happen.
 =head1 BUGS
-In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when 
+In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
 B<*px> is valid is broken and some parts of the reused structure may
 persist if they are not present in the new one. As a result the use
 of this "reuse" behaviour is strongly discouraged.
@@ -210,14 +210,14 @@ always succeed.
 d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
 or B<NULL> if an error occurs. The error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. 
+L<ERR_get_error(3)|ERR_get_error(3)>.
 i2d_X509() returns the number of bytes successfully encoded or a negative
 value if an error occurs. The error code can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. 
+L<ERR_get_error(3)|ERR_get_error(3)>.
-i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error 
+i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
-occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/dh.pod b/src/lib/libssl/src/doc/crypto/dh.pod
index c3ccd06207..97aaa75731 100644
--- a/src/lib/libssl/src/doc/crypto/dh.pod
+++ b/src/lib/libssl/src/doc/crypto/dh.pod
@@ -73,6 +73,6 @@ L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
 L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
 L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
 L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
-L<RSA_print(3)|RSA_print(3)> 
+L<RSA_print(3)|RSA_print(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/ecdsa.pod b/src/lib/libssl/src/doc/crypto/ecdsa.pod
index 59a5916de1..92c3f4fa04 100644
--- a/src/lib/libssl/src/doc/crypto/ecdsa.pod
+++ b/src/lib/libssl/src/doc/crypto/ecdsa.pod
@@ -11,12 +11,12 @@ ecdsa - Elliptic Curve Digital Signature Algorithm
 ECDSA_SIG*     ECDSA_SIG_new(void);
 void           ECDSA_SIG_free(ECDSA_SIG *sig);
 int            i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
- ECDSA_SIG*     d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, 
+ ECDSA_SIG*     d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp,
                long len);
 ECDSA_SIG*     ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
                        EC_KEY *eckey);
- ECDSA_SIG*     ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
+ ECDSA_SIG*     ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
                        const BIGNUM *kinv, const BIGNUM *rp,
                        EC_KEY *eckey);
 int            ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
@@ -28,7 +28,7 @@ ecdsa - Elliptic Curve Digital Signature Algorithm
                        unsigned int *siglen, EC_KEY *eckey);
 int            ECDSA_sign_ex(int type, const unsigned char *dgst,
                        int dgstlen, unsigned char *sig,
-                        unsigned int *siglen, const BIGNUM *kinv, 
+                        unsigned int *siglen, const BIGNUM *kinv,
                        const BIGNUM *rp, EC_KEY *eckey);
 int            ECDSA_verify(int type, const unsigned char *dgst,
                        int dgstlen, const unsigned char *sig,
@@ -65,7 +65,7 @@ ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
 i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature
 B<sig> and writes the encoded signature to B<*pp> (note: if B<pp>
-is NULL B<i2d_ECDSA_SIG> returns the expected length in bytes of 
+is NULL B<i2d_ECDSA_SIG> returns the expected length in bytes of
 the DER encoded signature). B<i2d_ECDSA_SIG> returns the length
 of the DER encoded signature (or 0 on error).
@@ -142,8 +142,8 @@ specific)
        /* error */
        }
-Second step: compute the ECDSA signature of a SHA-1 hash value 
+Second step: compute the ECDSA signature of a SHA-1 hash value
-using B<ECDSA_do_sign> 
+using B<ECDSA_do_sign>
 sig = ECDSA_do_sign(digest, 20, eckey);
 if (sig == NULL)
diff --git a/src/lib/libssl/src/doc/crypto/evp.pod b/src/lib/libssl/src/doc/crypto/evp.pod
index 9faa349243..33ce7cb6d6 100644
--- a/src/lib/libssl/src/doc/crypto/evp.pod
+++ b/src/lib/libssl/src/doc/crypto/evp.pod
@@ -37,7 +37,7 @@ implementations. For more information, consult the engine(3) man page.
 Although low level algorithm specific functions exist for many algorithms
 their use is discouraged. They cannot be used with an ENGINE and ENGINE
 versions of new algorithms cannot be accessed using the low level functions.
-Also makes code harder to adapt to new algorithms and some options are not 
+Also makes code harder to adapt to new algorithms and some options are not
 cleanly supported at the low level and some operations are more efficient
 using the high level interface.
diff --git a/src/lib/libssl/src/doc/crypto/lhash.pod b/src/lib/libssl/src/doc/crypto/lhash.pod
index 73a19b6c7e..b5c8a10282 100644
--- a/src/lib/libssl/src/doc/crypto/lhash.pod
+++ b/src/lib/libssl/src/doc/crypto/lhash.pod
@@ -168,7 +168,7 @@ that is provided by the caller):
 /* Print out the entire hashtable to a particular BIO */
 lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
                    logging_bio);
- 
 lh_<type>_error() can be used to determine if an error occurred in the last
 operation. lh_<type>_error() is a macro.
@@ -293,7 +293,7 @@ This manpage is derived from the SSLeay documentation.
 In OpenSSL 0.9.7, all lhash functions that were passed function pointers
 were changed for better type safety, and the function types LHASH_COMP_FN_TYPE,
-LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE 
+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE
 became available.
 In OpenSSL 1.0.0, the lhash interface was revamped for even better
diff --git a/src/lib/libssl/src/doc/crypto/rsa.pod b/src/lib/libssl/src/doc/crypto/rsa.pod
index 45ac53ffc1..829ce24701 100644
--- a/src/lib/libssl/src/doc/crypto/rsa.pod
+++ b/src/lib/libssl/src/doc/crypto/rsa.pod
@@ -18,7 +18,7 @@ rsa - RSA public key cryptosystem
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
+ int RSA_public_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa,int padding);
 int RSA_sign(int type, unsigned char *m, unsigned int m_len,
@@ -118,6 +118,6 @@ L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
 L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
 L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
 L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
-L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)>
 =cut
author	jim <>	2014-05-04 21:46:36 +0000
committer	jim <>	2014-05-04 21:46:36 +0000
commit	adc2a0a37a306f738da40a5a46f14e7fc9f1f571 (patch)
tree	a8892de8fd6e54fc93e929516a1ed1c754ef77fd
parent	c247b29180fe4c94ba872da4fd237eab43c0df48 (diff)
download	openbsd-adc2a0a37a306f738da40a5a46f14e7fc9f1f571.tar.gz openbsd-adc2a0a37a306f738da40a5a46f14e7fc9f1f571.tar.bz2 openbsd-adc2a0a37a306f738da40a5a46f14e7fc9f1f571.zip