Try and fix the horrible coding style of the example code snippets.

19 files changed, 445 insertions, 398 deletions

diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 2ff01b9c7c..f2c1cfdbf0 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -215,39 +215,40 @@ digest name passed on the command line.
  #include <stdio.h>
  #include <openssl/evp.h>
 
+ int
  main(int argc, char *argv[])
  {
- EVP_MD_CTX *mdctx;
- const EVP_MD *md;
- char mess1[] = "Test Message\n";
- char mess2[] = "Hello World\n";
- unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
-
- OpenSSL_add_all_digests();
-
- if(!argv[1]) {
-        printf("Usage: mdtest digestname\n");
-        exit(1);
- }
-
- md = EVP_get_digestbyname(argv[1]);
-
- if(!md) {
-        printf("Unknown message digest %s\n", argv[1]);
-        exit(1);
- }
-
- mdctx = EVP_MD_CTX_create();
- EVP_DigestInit_ex(mdctx, md, NULL);
- EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
- EVP_DigestFinal_ex(mdctx, md_value, &md_len);
- EVP_MD_CTX_destroy(mdctx);
-
- printf("Digest is: ");
- for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
- printf("\n");
+        EVP_MD_CTX *mdctx;
+        const EVP_MD *md;
+        const char mess1[] = "Test Message\n";
+        const char mess2[] = "Hello World\n";
+        unsigned char md_value[EVP_MAX_MD_SIZE];
+        int md_len, i;
+
+        OpenSSL_add_all_digests();
+
+        if (argc <= 1) {
+                printf("Usage: mdtest digestname\n");
+                exit(1);
+        }
+
+        md = EVP_get_digestbyname(argv[1]);
+        if (md == NULL) {
+                printf("Unknown message digest %s\n", argv[1]);
+                exit(1);
+        }
+
+        mdctx = EVP_MD_CTX_create();
+        EVP_DigestInit_ex(mdctx, md, NULL);
+        EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+        EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+        EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+        EVP_MD_CTX_destroy(mdctx);
+
+        printf("Digest is: ");
+        for(i = 0; i < md_len; i++)
+                printf("%02x", md_value[i]);
+        printf("\n");
  }
 
 =head1 SEE ALSO
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
index a876ac789c..b2211ea6d3 100644
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -427,46 +427,49 @@ Set the effective key length used in RC2:
 
 Encrypt a string using blowfish:
 
- int do_crypt(char *outfile)
-        {
+ int
+ do_crypt(char *outfile)
+ {
         unsigned char outbuf[1024];
         int outlen, tmplen;
-        /* Bogus key and IV: we'd normally set these from
+        /*
+         * Bogus key and IV: we'd normally set these from
          * another source.
          */
         unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
         unsigned char iv[] = {1,2,3,4,5,6,7,8};
-        char intext[] = "Some Crypto Text";
+        const char intext[] = "Some Crypto Text";
         EVP_CIPHER_CTX ctx;
         FILE *out;
         EVP_CIPHER_CTX_init(&ctx);
         EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
 
-        if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
-                {
+        if (!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext,
+            strlen(intext))) {
                 /* Error */
                 return 0;
-                }
-        /* Buffer passed to EVP_EncryptFinal() must be after data just
+        }
+        /*
+         * Buffer passed to EVP_EncryptFinal() must be after data just
          * encrypted to avoid overwriting it.
          */
-        if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
-                {
+        if (!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) {
                 /* Error */
                 return 0;
-                }
+        }
         outlen += tmplen;
         EVP_CIPHER_CTX_cleanup(&ctx);
-        /* Need binary mode for fopen because encrypted data is
+        /*
+         * Need binary mode for fopen because encrypted data is
          * binary data. Also cannot use strlen() on it because
-         * it wont be null terminated and may contain embedded
-         * nulls.
+         * it won't be NUL terminated and may contain embedded
+         * NULs.
          */
         out = fopen(outfile, "wb");
         fwrite(outbuf, 1, outlen, out);
         fclose(out);
         return 1;
-        }
+ }
 
 The ciphertext from the above example can be decrypted using the B<openssl>
 utility with the command line:
@@ -476,16 +479,19 @@ utility with the command line:
 General encryption, decryption function example using FILE I/O and RC2 with an
 80 bit key:
 
- int do_crypt(FILE *in, FILE *out, int do_encrypt)
-        {
+ int
+ do_crypt(FILE *in, FILE *out, int do_encrypt)
+ {
         /* Allow enough space in output buffer for additional block */
         inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
         int inlen, outlen;
-        /* Bogus key and IV: we'd normally set these from
+        /*
+         * Bogus key and IV: we'd normally set these from
          * another source.
          */
         unsigned char key[] = "0123456789";
         unsigned char iv[] = "12345678";
+
         /* Don't set key or IV because we will modify the parameters */
         EVP_CIPHER_CTX_init(&ctx);
         EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
@@ -493,30 +499,28 @@ General encryption, decryption function example using FILE I/O and RC2 with an
         /* We finished modifying parameters so now we can set key and IV */
         EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
 
-        for(;;)
-                {
+        for(;;) {
                 inlen = fread(inbuf, 1, 1024, in);
-                if(inlen <= 0) break;
-                if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
-                        {
+                if (inlen <= 0)
+                        break;
+                if (!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf,
+                    inlen)) {
                         /* Error */
                         EVP_CIPHER_CTX_cleanup(&ctx);
                         return 0;
-                        }
-                fwrite(outbuf, 1, outlen, out);
                 }
-        if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
-                {
+                fwrite(outbuf, 1, outlen, out);
+        }
+        if (!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) {
                 /* Error */
                 EVP_CIPHER_CTX_cleanup(&ctx);
                 return 0;
-                }
+        }
         fwrite(outbuf, 1, outlen, out);
 
         EVP_CIPHER_CTX_cleanup(&ctx);
         return 1;
-        }
-
+ }
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
index 378fb310ff..05ea04be11 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
@@ -132,20 +132,26 @@ Example of generation callback for OpenSSL public key implementations:
 
  EVP_PKEY_CTX_set_app_data(ctx, status_bio);
 
- static int genpkey_cb(EVP_PKEY_CTX *ctx)
-        {
-        char c='*';
+ static int
+ genpkey_cb(EVP_PKEY_CTX *ctx)
+ {
+        char c = '*';
         BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
         int p;
+
         p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-        if (p == 0) c='.';
-        if (p == 1) c='+';
-        if (p == 2) c='*';
-        if (p == 3) c='\n';
+        if (p == 0)
+                c='.';
+        if (p == 1)
+                c='+';
+        if (p == 2)
+                c='*';
+        if (p == 3)
+                c='\n';
         BIO_write(b,&c,1);
         (void)BIO_flush(b);
         return 1;
-        }
+ }
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod b/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
index 0d9270985a..6d87079a84 100644
--- a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
+++ b/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
@@ -353,71 +353,67 @@ Read a certificate in PEM format from a BIO:
 
  X509 *x;
  x = PEM_read_bio_X509(bp, NULL, 0, NULL);
- if (x == NULL)
-        {
+ if (x == NULL) {
         /* Error */
-        }
+ }
 
 Alternative method:
 
  X509 *x = NULL;
- if (!PEM_read_bio_X509(bp, &x, 0, NULL))
-        {
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
         /* Error */
-        }
+ }
 
 Write a certificate to a BIO:
 
- if (!PEM_write_bio_X509(bp, x))
-        {
+ if (!PEM_write_bio_X509(bp, x)) {
         /* Error */
-        }
+ }
 
 Write an unencrypted private key to a FILE pointer:
 
- if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
-        {
+ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
         /* Error */
-        }
+ }
 
 Write a private key (using traditional format) to a BIO using
 triple DES encryption, the pass phrase is prompted for:
 
- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
-        {
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
+     NULL, 0, 0, NULL)) {
         /* Error */
-        }
+ }
 
 Write a private key (using PKCS#8 format) to a BIO using triple
 DES encryption, using the pass phrase "hello":
 
- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
-        {
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
+     NULL, 0, 0, "hello")) {
         /* Error */
-        }
+ }
 
 Read a private key from a BIO using the pass phrase "hello":
 
  key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
- if (key == NULL)
-        {
+ if (key == NULL) {
         /* Error */
-        }
+ }
 
 Read a private key from a BIO using a pass phrase callback:
 
  key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
- if (key == NULL)
-        {
+ if (key == NULL) {
         /* Error */
-        }
+ }
 
 Skeleton pass phrase callback:
 
- int pass_cb(char *buf, int size, int rwflag, void *u);
-        {
+ int
+ pass_cb(char *buf, int size, int rwflag, void *u)
+ {
         int len;
         char *tmp;
+
         /* We'd probably do something else if 'rwflag' is 1 */
         printf("Enter pass phrase for \"%s\"\n", u);
 
@@ -425,12 +421,14 @@ Skeleton pass phrase callback:
         tmp = "hello";
         len = strlen(tmp);
 
-        if (len <= 0) return 0;
+        if (len == 0)
+                return 0;
         /* if too long, truncate */
-        if (len > size) len = size;
+        if (len > size)
+                len = size;
         memcpy(buf, tmp, len);
         return len;
-        }
+ }
 
 =head1 NOTES
 
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
index 9c694c9867..988fd7bdaf 100644
--- a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
@@ -66,11 +66,10 @@ Process all entries:
  int i;
  X509_NAME_ENTRY *e;
 
- for (i = 0; i < X509_NAME_entry_count(nm); i++)
-        {
+ for (i = 0; i < X509_NAME_entry_count(nm); i++) {
         e = X509_NAME_get_entry(nm, i);
         /* Do something with e */
-        }
+ }
 
 Process all commonName entries:
 
@@ -78,14 +77,13 @@ Process all commonName entries:
  X509_NAME_ENTRY *e;
 
  loc = -1;
- for (;;)
-        {
+ for (;;) {
         lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
         if (lastpos == -1)
                 break;
         e = X509_NAME_get_entry(nm, lastpos);
         /* Do something with e */
-        }
+ }
 
 =head1 RETURN VALUES
 
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
index 86d988eee0..7dfe430c4c 100644
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
@@ -59,44 +59,48 @@ X509_STORE_CTX_set_verify_cb() does not return a value.
 
 Default callback operation:
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         return ok;
-        }
+ }
 
 Simple example, suppose a certificate in the chain is expired and we wish
 to continue after this error:
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         /* Tolerate certificate expiration */
         if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
-                        return 1;
+                return 1;
         /* Otherwise don't override */
         return ok;
-        }
+ }
 
 More complex example, we don't wish to continue after B<any> certificate has
 expired just one specific case:
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         int err = X509_STORE_CTX_get_error(ctx);
         X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
-        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
-                {
+
+        if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
                 if (check_is_acceptable_expired_cert(err_cert)
                         return 1;
-                }
-        return ok;
         }
+        return ok;
+ }
 
 Full featured logging callback. In this case the B<bio_err> is assumed to be
 a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
 B<ex_data>.
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         X509 *err_cert;
         int err,depth;
 
@@ -105,47 +109,47 @@ B<ex_data>.
         depth = X509_STORE_CTX_get_error_depth(ctx);
 
         BIO_printf(bio_err,"depth=%d ",depth);
-        if (err_cert)
-                {
-                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
-                                        0, XN_FLAG_ONELINE);
+        if (err_cert) {
+                X509_NAME_print_ex(bio_err,
+                    X509_get_subject_name(err_cert), 0,
+                    XN_FLAG_ONELINE);
                 BIO_puts(bio_err, "\n");
-                }
-        else
+        } else
                 BIO_puts(bio_err, "<no cert>\n");
         if (!ok)
-                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
-                        X509_verify_cert_error_string(err));
-        switch (err)
-                {
+                BIO_printf(bio_err, "verify error:num=%d:%s\n",
+                    err, X509_verify_cert_error_string(err));
+        switch (err) {
         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-                BIO_puts(bio_err,"issuer= ");
-                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
-                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "issuer= ");
+                X509_NAME_print_ex(bio_err,
+                    X509_get_issuer_name(err_cert), 0,
+                    XN_FLAG_ONELINE);
                 BIO_puts(bio_err, "\n");
                 break;
         case X509_V_ERR_CERT_NOT_YET_VALID:
         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-                BIO_printf(bio_err,"notBefore=");
-                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
-                BIO_printf(bio_err,"\n");
+                BIO_printf(bio_err, "notBefore=");
+                ASN1_TIME_print(bio_err,
+                    X509_get_notBefore(err_cert));
+                BIO_printf(bio_err, "\n");
                 break;
         case X509_V_ERR_CERT_HAS_EXPIRED:
         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-                BIO_printf(bio_err,"notAfter=");
-                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
-                BIO_printf(bio_err,"\n");
+                BIO_printf(bio_err, "notAfter=");
+                ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+                BIO_printf(bio_err, "\n");
                 break;
         case X509_V_ERR_NO_EXPLICIT_POLICY:
                 policies_print(bio_err, ctx);
                 break;
-                }
+        }
         if (err == X509_V_OK && ok == 2)
                 /* print out policies */
 
         BIO_printf(bio_err,"verify return:%d\n",ok);
         return(ok);
-        }
+ }
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod
index 4648af7543..4a6ee59138 100644
--- a/src/lib/libcrypto/doc/engine.pod
+++ b/src/lib/libcrypto/doc/engine.pod
@@ -363,15 +363,15 @@ illustrates how to approach this;
  const char *engine_id = "ACME";
  ENGINE_load_builtin_engines();
  e = ENGINE_by_id(engine_id);
- if(!e)
+ if (!e)
      /* the engine isn't available */
      return;
- if(!ENGINE_init(e)) {
+ if (!ENGINE_init(e)) {
      /* the engine couldn't initialise, release 'e' */
      ENGINE_free(e);
      return;
  }
- if(!ENGINE_set_default_RSA(e))
+ if (!ENGINE_set_default_RSA(e))
      /* This should only happen when 'e' can't initialise, but the previous
       * statement suggests it did. */
      abort();
@@ -445,42 +445,54 @@ cases but the name can not. This function should initialise the ENGINE
 and set it as the default for everything except RAND and then return a
 boolean success or failure.
 
- int generic_load_engine_fn(const char *engine_id,
-                            const char **pre_cmds, int pre_num,
-                            const char **post_cmds, int post_num)
+ int
+ generic_load_engine_fn(const char *engine_id,
+     const char **pre_cmds, int pre_num,
+     const char **post_cmds, int post_num)
  {
-     ENGINE *e = ENGINE_by_id(engine_id);
-     if(!e) return 0;
-     while(pre_num--) {
-         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
-             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
-             ENGINE_free(e);
-             return 0;
-         }
-         pre_cmds += 2;
-     }
-     if(!ENGINE_init(e)) {
-         fprintf(stderr, "Failed initialisation\n");
-         ENGINE_free(e);
-         return 0;
-     }
-     /* ENGINE_init() returned a functional reference, so free the structural
-      * reference from ENGINE_by_id(). */
-     ENGINE_free(e);
-     while(post_num--) {
-         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
-             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
-             ENGINE_finish(e);
-             return 0;
-         }
-         post_cmds += 2;
-     }
-     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
-     /* Success */
-     return 1;
- }
+        ENGINE *e = ENGINE_by_id(engine_id);
+
+        if (!e)
+                return 0;
+        while (pre_num--) {
+                if (!ENGINE_ctrl_cmd_string(e,
+                    pre_cmds[0], pre_cmds[1], 0)) {
+                        fprintf(stderr,
+                            "Failed command (%s - %s:%s)\n",
+                            engine_id, pre_cmds[0],
+                            pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+                        ENGINE_free(e);
+                        return 0;
+                }
+                pre_cmds += 2;
+        }
+        if (!ENGINE_init(e)) {
+                fprintf(stderr, "Failed initialisation\n");
+                ENGINE_free(e);
+                return 0;
+        }
+        /*
+         * ENGINE_init() returned a functional reference,
+         * so free the structural reference from
+         * ENGINE_by_id().
+         */
+        ENGINE_free(e);
+        while (post_num--) {
+                if (!ENGINE_ctrl_cmd_string(e,
+                    post_cmds[0], post_cmds[1], 0)) {
+                        fprintf(stderr,
+                            "Failed command (%s - %s:%s)\n",
+                            engine_id, post_cmds[0],
+                            post_cmds[1] ? post_cmds[1] : "(NULL)");
+                        ENGINE_finish(e);
+                        return 0;
+                }
+                post_cmds += 2;
+        }
+        ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+        /* Success */
+        return 1;
+}
 
 Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
 relax the semantics of the function - if set non-zero it will only return
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_md.pod b/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
index cb83fb0993..37041d9206 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
@@ -78,11 +78,12 @@ digest BIO and passes the string "Hello World" through it. Error
 checking has been omitted for clarity.
 
  BIO *bio, *mdtmp;
- char message[] = "Hello World";
+ const char message[] = "Hello World";
  bio = BIO_new(BIO_s_null());
  mdtmp = BIO_new(BIO_f_md());
  BIO_set_md(mdtmp, EVP_sha1());
- /* For BIO_push() we want to append the sink BIO and keep a note of
+ /*
+  * For BIO_push() we want to append the sink BIO and keep a note of
   * the start of the chain.
   */
  bio = BIO_push(mdtmp, bio);
@@ -97,6 +98,7 @@ The next example digests data by reading through a chain instead:
  BIO *bio, *mdtmp;
  char buf[1024];
  int rdlen;
+
  bio = BIO_new_file(file, "rb");
  mdtmp = BIO_new(BIO_f_md());
  BIO_set_md(mdtmp, EVP_sha1());
@@ -105,9 +107,9 @@ The next example digests data by reading through a chain instead:
  BIO_set_md(mdtmp, EVP_md5());
  bio = BIO_push(mdtmp, bio);
  do {
-        rdlen = BIO_read(bio, buf, sizeof(buf));
-        /* Might want to do something with the data here */
- } while(rdlen > 0);
+        rdlen = BIO_read(bio, buf, sizeof(buf));
+        /* Might want to do something with the data here */
+ } while (rdlen > 0);
 
 This next example retrieves the message digests from a BIO chain and
 outputs them. This could be used with the examples above.
@@ -116,19 +118,21 @@ outputs them. This could be used with the examples above.
  unsigned char mdbuf[EVP_MAX_MD_SIZE];
  int mdlen;
  int i;
+
  mdtmp = bio;   /* Assume bio has previously been set up */
  do {
         EVP_MD *md;
-        mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
-        if(!mdtmp) break;
+        mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+        if (!mdtmp)
+                break;
         BIO_get_md(mdtmp, &md);
-        printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+        printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
         mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
-        for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+        for(i = 0; i < mdlen; i++)
+                printf(":%02X", mdbuf[i]);
         printf("\n");
         mdtmp = BIO_next(mdtmp);
  } while(mdtmp);
-
  BIO_free_all(bio);
 
 =head1 BUGS
diff --git a/src/lib/libssl/src/doc/crypto/BIO_find_type.pod b/src/lib/libssl/src/doc/crypto/BIO_find_type.pod
index 40eedb8a86..03200a1b6b 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_find_type.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_find_type.pod
@@ -86,9 +86,10 @@ Traverse a chain looking for digest BIOs:
 
  do {
         btmp = BIO_find_type(btmp, BIO_TYPE_MD);
-        if(btmp == NULL) break; /* Not found */
+        if (btmp == NULL)
+                break;  /* Not found */
         /* btmp is a digest BIO, do something with it ...*/
-        ...
+        ...
 
         btmp = BIO_next(btmp);
  } while(btmp);
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod b/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
index 058bda1409..935d464748 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_accept.pod
@@ -151,14 +151,14 @@ down each and finally closes both down.
  abio = BIO_new_accept("4444");
 
  /* First call to BIO_accept() sets up accept BIO */
- if(BIO_do_accept(abio) <= 0) {
+ if (BIO_do_accept(abio) <= 0) {
         fprintf(stderr, "Error setting up accept\n");
         ERR_print_errors_fp(stderr);
         exit(0);
  }
 
  /* Wait for incoming connection */
- if(BIO_do_accept(abio) <= 0) {
+ if (BIO_do_accept(abio) <= 0) {
         fprintf(stderr, "Error accepting connection\n");
         ERR_print_errors_fp(stderr);
         exit(0);
@@ -169,7 +169,7 @@ down each and finally closes both down.
  BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
  fprintf(stderr, "Sent out data on connection 1\n");
  /* Wait for another connection */
- if(BIO_do_accept(abio) <= 0) {
+ if (BIO_do_accept(abio) <= 0) {
         fprintf(stderr, "Error accepting connection\n");
         ERR_print_errors_fp(stderr);
         exit(0);
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod b/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
index 92f37d05ff..7cad0e3f0f 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_connect.pod
@@ -169,18 +169,20 @@ to retrieve a page and copy the result to standard output.
  BIO *cbio, *out;
  int len;
  char tmpbuf[1024];
+
  ERR_load_crypto_strings();
  cbio = BIO_new_connect("localhost:http");
  out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if(BIO_do_connect(cbio) <= 0) {
+ if (BIO_do_connect(cbio) <= 0) {
         fprintf(stderr, "Error connecting to server\n");
         ERR_print_errors_fp(stderr);
         /* whatever ... */
-        }
+ }
  BIO_puts(cbio, "GET / HTTP/1.0\n\n");
  for(;;) {
         len = BIO_read(cbio, tmpbuf, 1024);
-        if(len <= 0) break;
+        if (len <= 0)
+                break;
         BIO_write(out, tmpbuf, len);
  }
  BIO_free(cbio);
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 2ff01b9c7c..f2c1cfdbf0 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -215,39 +215,40 @@ digest name passed on the command line.
  #include <stdio.h>
  #include <openssl/evp.h>
 
+ int
  main(int argc, char *argv[])
  {
- EVP_MD_CTX *mdctx;
- const EVP_MD *md;
- char mess1[] = "Test Message\n";
- char mess2[] = "Hello World\n";
- unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
-
- OpenSSL_add_all_digests();
-
- if(!argv[1]) {
-        printf("Usage: mdtest digestname\n");
-        exit(1);
- }
-
- md = EVP_get_digestbyname(argv[1]);
-
- if(!md) {
-        printf("Unknown message digest %s\n", argv[1]);
-        exit(1);
- }
-
- mdctx = EVP_MD_CTX_create();
- EVP_DigestInit_ex(mdctx, md, NULL);
- EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
- EVP_DigestFinal_ex(mdctx, md_value, &md_len);
- EVP_MD_CTX_destroy(mdctx);
-
- printf("Digest is: ");
- for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
- printf("\n");
+        EVP_MD_CTX *mdctx;
+        const EVP_MD *md;
+        const char mess1[] = "Test Message\n";
+        const char mess2[] = "Hello World\n";
+        unsigned char md_value[EVP_MAX_MD_SIZE];
+        int md_len, i;
+
+        OpenSSL_add_all_digests();
+
+        if (argc <= 1) {
+                printf("Usage: mdtest digestname\n");
+                exit(1);
+        }
+
+        md = EVP_get_digestbyname(argv[1]);
+        if (md == NULL) {
+                printf("Unknown message digest %s\n", argv[1]);
+                exit(1);
+        }
+
+        mdctx = EVP_MD_CTX_create();
+        EVP_DigestInit_ex(mdctx, md, NULL);
+        EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+        EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+        EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+        EVP_MD_CTX_destroy(mdctx);
+
+        printf("Digest is: ");
+        for(i = 0; i < md_len; i++)
+                printf("%02x", md_value[i]);
+        printf("\n");
  }
 
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index a876ac789c..b2211ea6d3 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -427,46 +427,49 @@ Set the effective key length used in RC2:
 
 Encrypt a string using blowfish:
 
- int do_crypt(char *outfile)
-        {
+ int
+ do_crypt(char *outfile)
+ {
         unsigned char outbuf[1024];
         int outlen, tmplen;
-        /* Bogus key and IV: we'd normally set these from
+        /*
+         * Bogus key and IV: we'd normally set these from
          * another source.
          */
         unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
         unsigned char iv[] = {1,2,3,4,5,6,7,8};
-        char intext[] = "Some Crypto Text";
+        const char intext[] = "Some Crypto Text";
         EVP_CIPHER_CTX ctx;
         FILE *out;
         EVP_CIPHER_CTX_init(&ctx);
         EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
 
-        if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
-                {
+        if (!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext,
+            strlen(intext))) {
                 /* Error */
                 return 0;
-                }
-        /* Buffer passed to EVP_EncryptFinal() must be after data just
+        }
+        /*
+         * Buffer passed to EVP_EncryptFinal() must be after data just
          * encrypted to avoid overwriting it.
          */
-        if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
-                {
+        if (!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) {
                 /* Error */
                 return 0;
-                }
+        }
         outlen += tmplen;
         EVP_CIPHER_CTX_cleanup(&ctx);
-        /* Need binary mode for fopen because encrypted data is
+        /*
+         * Need binary mode for fopen because encrypted data is
          * binary data. Also cannot use strlen() on it because
-         * it wont be null terminated and may contain embedded
-         * nulls.
+         * it won't be NUL terminated and may contain embedded
+         * NULs.
          */
         out = fopen(outfile, "wb");
         fwrite(outbuf, 1, outlen, out);
         fclose(out);
         return 1;
-        }
+ }
 
 The ciphertext from the above example can be decrypted using the B<openssl>
 utility with the command line:
@@ -476,16 +479,19 @@ utility with the command line:
 General encryption, decryption function example using FILE I/O and RC2 with an
 80 bit key:
 
- int do_crypt(FILE *in, FILE *out, int do_encrypt)
-        {
+ int
+ do_crypt(FILE *in, FILE *out, int do_encrypt)
+ {
         /* Allow enough space in output buffer for additional block */
         inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
         int inlen, outlen;
-        /* Bogus key and IV: we'd normally set these from
+        /*
+         * Bogus key and IV: we'd normally set these from
          * another source.
          */
         unsigned char key[] = "0123456789";
         unsigned char iv[] = "12345678";
+
         /* Don't set key or IV because we will modify the parameters */
         EVP_CIPHER_CTX_init(&ctx);
         EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
@@ -493,30 +499,28 @@ General encryption, decryption function example using FILE I/O and RC2 with an
         /* We finished modifying parameters so now we can set key and IV */
         EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
 
-        for(;;)
-                {
+        for(;;) {
                 inlen = fread(inbuf, 1, 1024, in);
-                if(inlen <= 0) break;
-                if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
-                        {
+                if (inlen <= 0)
+                        break;
+                if (!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf,
+                    inlen)) {
                         /* Error */
                         EVP_CIPHER_CTX_cleanup(&ctx);
                         return 0;
-                        }
-                fwrite(outbuf, 1, outlen, out);
                 }
-        if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
-                {
+                fwrite(outbuf, 1, outlen, out);
+        }
+        if (!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) {
                 /* Error */
                 EVP_CIPHER_CTX_cleanup(&ctx);
                 return 0;
-                }
+        }
         fwrite(outbuf, 1, outlen, out);
 
         EVP_CIPHER_CTX_cleanup(&ctx);
         return 1;
-        }
-
+ }
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
index 378fb310ff..05ea04be11 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
@@ -132,20 +132,26 @@ Example of generation callback for OpenSSL public key implementations:
 
  EVP_PKEY_CTX_set_app_data(ctx, status_bio);
 
- static int genpkey_cb(EVP_PKEY_CTX *ctx)
-        {
-        char c='*';
+ static int
+ genpkey_cb(EVP_PKEY_CTX *ctx)
+ {
+        char c = '*';
         BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
         int p;
+
         p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-        if (p == 0) c='.';
-        if (p == 1) c='+';
-        if (p == 2) c='*';
-        if (p == 3) c='\n';
+        if (p == 0)
+                c='.';
+        if (p == 1)
+                c='+';
+        if (p == 2)
+                c='*';
+        if (p == 3)
+                c='\n';
         BIO_write(b,&c,1);
         (void)BIO_flush(b);
         return 1;
-        }
+ }
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod b/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod
index 0d9270985a..6d87079a84 100644
--- a/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod
+++ b/src/lib/libssl/src/doc/crypto/PEM_read_bio_PrivateKey.pod
@@ -353,71 +353,67 @@ Read a certificate in PEM format from a BIO:
 
  X509 *x;
  x = PEM_read_bio_X509(bp, NULL, 0, NULL);
- if (x == NULL)
-        {
+ if (x == NULL) {
         /* Error */
-        }
+ }
 
 Alternative method:
 
  X509 *x = NULL;
- if (!PEM_read_bio_X509(bp, &x, 0, NULL))
-        {
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
         /* Error */
-        }
+ }
 
 Write a certificate to a BIO:
 
- if (!PEM_write_bio_X509(bp, x))
-        {
+ if (!PEM_write_bio_X509(bp, x)) {
         /* Error */
-        }
+ }
 
 Write an unencrypted private key to a FILE pointer:
 
- if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
-        {
+ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
         /* Error */
-        }
+ }
 
 Write a private key (using traditional format) to a BIO using
 triple DES encryption, the pass phrase is prompted for:
 
- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
-        {
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
+     NULL, 0, 0, NULL)) {
         /* Error */
-        }
+ }
 
 Write a private key (using PKCS#8 format) to a BIO using triple
 DES encryption, using the pass phrase "hello":
 
- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
-        {
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
+     NULL, 0, 0, "hello")) {
         /* Error */
-        }
+ }
 
 Read a private key from a BIO using the pass phrase "hello":
 
  key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
- if (key == NULL)
-        {
+ if (key == NULL) {
         /* Error */
-        }
+ }
 
 Read a private key from a BIO using a pass phrase callback:
 
  key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
- if (key == NULL)
-        {
+ if (key == NULL) {
         /* Error */
-        }
+ }
 
 Skeleton pass phrase callback:
 
- int pass_cb(char *buf, int size, int rwflag, void *u);
-        {
+ int
+ pass_cb(char *buf, int size, int rwflag, void *u)
+ {
         int len;
         char *tmp;
+
         /* We'd probably do something else if 'rwflag' is 1 */
         printf("Enter pass phrase for \"%s\"\n", u);
 
@@ -425,12 +421,14 @@ Skeleton pass phrase callback:
         tmp = "hello";
         len = strlen(tmp);
 
-        if (len <= 0) return 0;
+        if (len == 0)
+                return 0;
         /* if too long, truncate */
-        if (len > size) len = size;
+        if (len > size)
+                len = size;
         memcpy(buf, tmp, len);
         return len;
-        }
+ }
 
 =head1 NOTES
 
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
index 9c694c9867..988fd7bdaf 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -66,11 +66,10 @@ Process all entries:
  int i;
  X509_NAME_ENTRY *e;
 
- for (i = 0; i < X509_NAME_entry_count(nm); i++)
-        {
+ for (i = 0; i < X509_NAME_entry_count(nm); i++) {
         e = X509_NAME_get_entry(nm, i);
         /* Do something with e */
-        }
+ }
 
 Process all commonName entries:
 
@@ -78,14 +77,13 @@ Process all commonName entries:
  X509_NAME_ENTRY *e;
 
  loc = -1;
- for (;;)
-        {
+ for (;;) {
         lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
         if (lastpos == -1)
                 break;
         e = X509_NAME_get_entry(nm, lastpos);
         /* Do something with e */
-        }
+ }
 
 =head1 RETURN VALUES
 
diff --git a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
index 86d988eee0..7dfe430c4c 100644
--- a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
@@ -59,44 +59,48 @@ X509_STORE_CTX_set_verify_cb() does not return a value.
 
 Default callback operation:
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         return ok;
-        }
+ }
 
 Simple example, suppose a certificate in the chain is expired and we wish
 to continue after this error:
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         /* Tolerate certificate expiration */
         if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
-                        return 1;
+                return 1;
         /* Otherwise don't override */
         return ok;
-        }
+ }
 
 More complex example, we don't wish to continue after B<any> certificate has
 expired just one specific case:
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         int err = X509_STORE_CTX_get_error(ctx);
         X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
-        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
-                {
+
+        if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
                 if (check_is_acceptable_expired_cert(err_cert)
                         return 1;
-                }
-        return ok;
         }
+        return ok;
+ }
 
 Full featured logging callback. In this case the B<bio_err> is assumed to be
 a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
 B<ex_data>.
 
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-        {
+ int
+ verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
         X509 *err_cert;
         int err,depth;
 
@@ -105,47 +109,47 @@ B<ex_data>.
         depth = X509_STORE_CTX_get_error_depth(ctx);
 
         BIO_printf(bio_err,"depth=%d ",depth);
-        if (err_cert)
-                {
-                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
-                                        0, XN_FLAG_ONELINE);
+        if (err_cert) {
+                X509_NAME_print_ex(bio_err,
+                    X509_get_subject_name(err_cert), 0,
+                    XN_FLAG_ONELINE);
                 BIO_puts(bio_err, "\n");
-                }
-        else
+        } else
                 BIO_puts(bio_err, "<no cert>\n");
         if (!ok)
-                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
-                        X509_verify_cert_error_string(err));
-        switch (err)
-                {
+                BIO_printf(bio_err, "verify error:num=%d:%s\n",
+                    err, X509_verify_cert_error_string(err));
+        switch (err) {
         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-                BIO_puts(bio_err,"issuer= ");
-                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
-                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "issuer= ");
+                X509_NAME_print_ex(bio_err,
+                    X509_get_issuer_name(err_cert), 0,
+                    XN_FLAG_ONELINE);
                 BIO_puts(bio_err, "\n");
                 break;
         case X509_V_ERR_CERT_NOT_YET_VALID:
         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-                BIO_printf(bio_err,"notBefore=");
-                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
-                BIO_printf(bio_err,"\n");
+                BIO_printf(bio_err, "notBefore=");
+                ASN1_TIME_print(bio_err,
+                    X509_get_notBefore(err_cert));
+                BIO_printf(bio_err, "\n");
                 break;
         case X509_V_ERR_CERT_HAS_EXPIRED:
         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-                BIO_printf(bio_err,"notAfter=");
-                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
-                BIO_printf(bio_err,"\n");
+                BIO_printf(bio_err, "notAfter=");
+                ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+                BIO_printf(bio_err, "\n");
                 break;
         case X509_V_ERR_NO_EXPLICIT_POLICY:
                 policies_print(bio_err, ctx);
                 break;
-                }
+        }
         if (err == X509_V_OK && ok == 2)
                 /* print out policies */
 
         BIO_printf(bio_err,"verify return:%d\n",ok);
         return(ok);
-        }
+ }
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libssl/src/doc/crypto/ecdsa.pod b/src/lib/libssl/src/doc/crypto/ecdsa.pod
index 92c3f4fa04..f54966df33 100644
--- a/src/lib/libssl/src/doc/crypto/ecdsa.pod
+++ b/src/lib/libssl/src/doc/crypto/ecdsa.pod
@@ -129,39 +129,37 @@ named curve secp192k1.
 First step: create a EC_KEY object (note: this part is B<not> ECDSA
 specific)
 
- int        ret;
+ int ret;
  ECDSA_SIG *sig;
- EC_KEY    *eckey;
+ EC_KEY *eckey;
+
  eckey = EC_KEY_new_by_curve_name(NID_secp192k1);
- if (eckey == NULL)
-        {
+ if (eckey == NULL) {
         /* error */
-        }
- if (!EC_KEY_generate_key(eckey))
-        {
+ }
+ if (!EC_KEY_generate_key(eckey)) {
         /* error */
-        }
+ }
 
 Second step: compute the ECDSA signature of a SHA-1 hash value
 using B<ECDSA_do_sign>
 
  sig = ECDSA_do_sign(digest, 20, eckey);
- if (sig == NULL)
-        {
+ if (sig == NULL) {
         /* error */
-        }
+ }
 
 or using B<ECDSA_sign>
 
  unsigned char *buffer, *pp;
- int            buf_len;
+ int buf_len;
+
  buf_len = ECDSA_size(eckey);
  buffer  = OPENSSL_malloc(buf_len);
  pp = buffer;
- if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey);
-        {
+ if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) {
         /* error */
-        }
+ }
 
 Third step: verify the created ECDSA signature using B<ECDSA_do_verify>
 
@@ -173,18 +171,14 @@ or using B<ECDSA_verify>
 
 and finally evaluate the return value:
 
- if (ret == -1)
-        {
+ if (ret == -1) {
         /* error */
-        }
- else if (ret == 0)
-        {
+ } else if (ret == 0) {
         /* incorrect signature */
-        }
- else   /* ret == 1 */
-        {
+ } else {
+        /* ret == 1 */
         /* signature ok */
-        }
+ }
 
 =head1 CONFORMING TO
 
diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod
index 4648af7543..4a6ee59138 100644
--- a/src/lib/libssl/src/doc/crypto/engine.pod
+++ b/src/lib/libssl/src/doc/crypto/engine.pod
@@ -363,15 +363,15 @@ illustrates how to approach this;
  const char *engine_id = "ACME";
  ENGINE_load_builtin_engines();
  e = ENGINE_by_id(engine_id);
- if(!e)
+ if (!e)
      /* the engine isn't available */
      return;
- if(!ENGINE_init(e)) {
+ if (!ENGINE_init(e)) {
      /* the engine couldn't initialise, release 'e' */
      ENGINE_free(e);
      return;
  }
- if(!ENGINE_set_default_RSA(e))
+ if (!ENGINE_set_default_RSA(e))
      /* This should only happen when 'e' can't initialise, but the previous
       * statement suggests it did. */
      abort();
@@ -445,42 +445,54 @@ cases but the name can not. This function should initialise the ENGINE
 and set it as the default for everything except RAND and then return a
 boolean success or failure.
 
- int generic_load_engine_fn(const char *engine_id,
-                            const char **pre_cmds, int pre_num,
-                            const char **post_cmds, int post_num)
+ int
+ generic_load_engine_fn(const char *engine_id,
+     const char **pre_cmds, int pre_num,
+     const char **post_cmds, int post_num)
  {
-     ENGINE *e = ENGINE_by_id(engine_id);
-     if(!e) return 0;
-     while(pre_num--) {
-         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
-             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
-             ENGINE_free(e);
-             return 0;
-         }
-         pre_cmds += 2;
-     }
-     if(!ENGINE_init(e)) {
-         fprintf(stderr, "Failed initialisation\n");
-         ENGINE_free(e);
-         return 0;
-     }
-     /* ENGINE_init() returned a functional reference, so free the structural
-      * reference from ENGINE_by_id(). */
-     ENGINE_free(e);
-     while(post_num--) {
-         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
-             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
-             ENGINE_finish(e);
-             return 0;
-         }
-         post_cmds += 2;
-     }
-     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
-     /* Success */
-     return 1;
- }
+        ENGINE *e = ENGINE_by_id(engine_id);
+
+        if (!e)
+                return 0;
+        while (pre_num--) {
+                if (!ENGINE_ctrl_cmd_string(e,
+                    pre_cmds[0], pre_cmds[1], 0)) {
+                        fprintf(stderr,
+                            "Failed command (%s - %s:%s)\n",
+                            engine_id, pre_cmds[0],
+                            pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+                        ENGINE_free(e);
+                        return 0;
+                }
+                pre_cmds += 2;
+        }
+        if (!ENGINE_init(e)) {
+                fprintf(stderr, "Failed initialisation\n");
+                ENGINE_free(e);
+                return 0;
+        }
+        /*
+         * ENGINE_init() returned a functional reference,
+         * so free the structural reference from
+         * ENGINE_by_id().
+         */
+        ENGINE_free(e);
+        while (post_num--) {
+                if (!ENGINE_ctrl_cmd_string(e,
+                    post_cmds[0], post_cmds[1], 0)) {
+                        fprintf(stderr,
+                            "Failed command (%s - %s:%s)\n",
+                            engine_id, post_cmds[0],
+                            post_cmds[1] ? post_cmds[1] : "(NULL)");
+                        ENGINE_finish(e);
+                        return 0;
+                }
+                post_cmds += 2;
+        }
+        ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+        /* Success */
+        return 1;
+}
 
 Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
 relax the semantics of the function - if set non-zero it will only return