40 files changed, 145 insertions, 145 deletions

diff --git a/src/lib/libc/net/getaddrinfo.3 b/src/lib/libc/net/getaddrinfo.3
index de46e70182..035db2780b 100644
--- a/src/lib/libc/net/getaddrinfo.3
+++ b/src/lib/libc/net/getaddrinfo.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: getaddrinfo.3,v 1.59 2019/08/30 20:20:50 jmc Exp $
+.\"     $OpenBSD: getaddrinfo.3,v 1.60 2022/03/31 17:27:16 naddy Exp $
 .\"     $KAME: getaddrinfo.3,v 1.36 2005/01/05 03:23:05 itojun Exp $
 .\"
 .\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
@@ -16,7 +16,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 30 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt GETADDRINFO 3
 .Os
 .Sh NAME
@@ -105,7 +105,7 @@ or
 .Dv SOCK_RAW .
 When
 .Fa ai_socktype
-is zero the caller will accept any socket type.
+is zero, the caller will accept any socket type.
 .It Fa ai_protocol
 Indicates which transport protocol is desired,
 .Dv IPPROTO_UDP
@@ -113,7 +113,7 @@ or
 .Dv IPPROTO_TCP .
 If
 .Fa ai_protocol
-is zero the caller will accept any protocol.
+is zero, the caller will accept any protocol.
 .It Fa ai_flags
 .Fa ai_flags
 is formed by
@@ -180,7 +180,7 @@ and no service name resolution should be attempted.
 .It Dv AI_PASSIVE
 If the
 .Dv AI_PASSIVE
-bit is set it indicates that the returned socket address structure
+bit is set, it indicates that the returned socket address structure
 is intended for use in a call to
 .Xr bind 2 .
 In this case, if the
diff --git a/src/lib/libc/net/inet6_opt_init.3 b/src/lib/libc/net/inet6_opt_init.3
index fb4253aa2c..41ba842166 100644
--- a/src/lib/libc/net/inet6_opt_init.3
+++ b/src/lib/libc/net/inet6_opt_init.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: inet6_opt_init.3,v 1.7 2022/03/29 18:15:52 naddy Exp $
+.\"     $OpenBSD: inet6_opt_init.3,v 1.8 2022/03/31 17:27:16 naddy Exp $
 .\"     $KAME: inet6_opt_init.3,v 1.7 2004/12/27 05:08:23 itojun Exp $
 .\"
 .\" Copyright (C) 2004 WIDE Project.
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt INET6_OPT_INIT 3
 .Os
 .\"
@@ -97,7 +97,7 @@ The
 function can perform different jobs.
 When a valid
 .Fa extbuf
-argument is supplied it appends an option to the extension buffer and
+argument is supplied, it appends an option to the extension buffer and
 returns the updated total length as well as a pointer to the newly
 created option in
 .Fa databufp .
@@ -173,7 +173,7 @@ or
 When
 .Fa extbuf
 is not
-.Dv NULL
+.Dv NULL ,
 the function also sets up the appropriate padding bytes by inserting a
 Pad1 or PadN option of the proper length.
 .Pp
@@ -238,7 +238,7 @@ and
 point to the 8-bit option type, the 8-bit option length and the option
 data respectively.
 This function does not return any PAD1 or PADN options.
-When an error occurs or there are no more options the return
+When an error occurs or there are no more options, the return
 value is \-1.
 .\"
 .Ss inet6_opt_find
diff --git a/src/lib/libc/net/inet6_rth_space.3 b/src/lib/libc/net/inet6_rth_space.3
index fd69da2455..c40b45057e 100644
--- a/src/lib/libc/net/inet6_rth_space.3
+++ b/src/lib/libc/net/inet6_rth_space.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: inet6_rth_space.3,v 1.7 2014/06/11 16:59:47 chrisz Exp $
+.\"     $OpenBSD: inet6_rth_space.3,v 1.8 2022/03/31 17:27:16 naddy Exp $
 .\"     $KAME: inet6_rth_space.3,v 1.7 2005/01/05 03:00:44 itojun Exp $
 .\"
 .\" Copyright (C) 2004 WIDE Project.
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 11 2014 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt INET6_RTH_SPACE 3
 .Os
 .\"
@@ -85,7 +85,7 @@ argument and containing the number of addresses specified in the
 .Fa segments
 argument.
 When the type is
-.Dv IPV6_RTHDR_TYPE_0
+.Dv IPV6_RTHDR_TYPE_0 ,
 the number of segments must be from 0 through 127.
 The return value from this function is the number of bytes required to
 store the routing header.
diff --git a/src/lib/libc/net/inet_net_ntop.3 b/src/lib/libc/net/inet_net_ntop.3
index 816e87bf98..cac234be42 100644
--- a/src/lib/libc/net/inet_net_ntop.3
+++ b/src/lib/libc/net/inet_net_ntop.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: inet_net_ntop.3,v 1.2 2021/09/01 15:59:22 claudio Exp $
+.\"     $OpenBSD: inet_net_ntop.3,v 1.3 2022/03/31 17:27:16 naddy Exp $
 .\"     $NetBSD: inet_net.3,v 1.1 1997/06/18 02:25:27 lukem Exp $
 .\"
 .\" Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -28,7 +28,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 1 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt INET_NET_NTOP 3
 .Os
 .Sh NAME
@@ -110,7 +110,7 @@ is in the range
 and is used to explicitly specify the number of bits in the network address.
 When
 .Dq Li /bits
-is not specified the number of bits in the network address is calculated
+is not specified, the number of bits in the network address is calculated
 as the larger of the number of bits in the class to which the address
 belongs and the number of bits provided rounded up modulo 8.
 Examples:
@@ -176,7 +176,7 @@ is in the range
 and is used to explicitly specify the number of bits in the network address.
 When
 .Dq Li /bits
-is not specified 128 is used.
+is not specified, 128 is used.
 Note that when the number of bits is specified using
 .Dq Li /bits
 notation, the value of the address still includes all bits supplied
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index dc3e691ece..9bd498ab50 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -30,9 +30,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: malloc.3,v 1.128 2021/04/09 06:04:15 otto Exp $
+.\"     $OpenBSD: malloc.3,v 1.129 2022/03/31 17:27:16 naddy Exp $
 .\"
-.Dd $Mdocdate: April 9 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt MALLOC 3
 .Os
 .Sh NAME
@@ -423,7 +423,7 @@ and multiplying
 .Fa oldnmemb
 and
 .Fa size
-results in integer overflow
+results in integer overflow,
 .Fn recallocarray
 returns
 .Dv NULL
@@ -610,7 +610,7 @@ Here is a brief description of the error messages and what they mean:
 .It Dq out of memory
 If the
 .Cm X
-option is specified it is an error for the allocation functions
+option is specified, it is an error for the allocation functions
 to return
 .Dv NULL .
 .It Dq bogus pointer (double free?)
diff --git a/src/lib/libc/stdlib/tsearch.3 b/src/lib/libc/stdlib/tsearch.3
index cd90435614..a7ab985013 100644
--- a/src/lib/libc/stdlib/tsearch.3
+++ b/src/lib/libc/stdlib/tsearch.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tsearch.3,v 1.21 2019/01/25 00:19:25 millert Exp $
+.\" $OpenBSD: tsearch.3,v 1.22 2022/03/31 17:27:16 naddy Exp $
 .\"
 .\" Copyright (c) 1997 Todd C. Miller <millert@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 25 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt TSEARCH 3
 .Os
 .Sh NAME
@@ -63,7 +63,7 @@ except that if no match is found,
 is inserted into the tree and a pointer to it is returned.
 If
 .Fa rootp
-points to a null value a new binary search tree is created.
+points to a null value, a new binary search tree is created.
 .Pp
 .Fn tdelete
 deletes a node from the specified binary search tree and returns
diff --git a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
index a53723fbfd..15156ffca3 100644
--- a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
+++ b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $
+.\"     $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.6 2022/03/31 17:27:16 naddy Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ACCESS_DESCRIPTION_NEW 3
 .Os
 .Sh NAME
@@ -94,7 +94,7 @@ object, which is a
 and represents an ASN.1
 .Vt AuthorityInfoAccessSyntax
 structure defined in RFC 5280 section 4.2.2.1.
-If can be used for the authority information access extension of
+It can be used for the authority information access extension of
 certificates and certificate revocation lists and for the subject
 information access extension of certificates.
 .Fn AUTHORITY_INFO_ACCESS_free
diff --git a/src/lib/libcrypto/man/ASN1_TIME_set.3 b/src/lib/libcrypto/man/ASN1_TIME_set.3
index b966165fb2..cd6ab937d0 100644
--- a/src/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/src/lib/libcrypto/man/ASN1_TIME_set.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_TIME_set.3,v 1.16 2021/11/21 17:35:53 schwarze Exp $
+.\" $OpenBSD: ASN1_TIME_set.3,v 1.17 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 21 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ASN1_TIME_SET 3
 .Os
 .Sh NAME
@@ -321,7 +321,7 @@ If both
 .Pf * Fa pday
 and
 .Pf * Fa psec
-are nonzero they will always have the same sign.
+are nonzero, they will always have the same sign.
 The value of
 .Pf * Fa psec
 will always be less than the number of seconds in a day.
diff --git a/src/lib/libcrypto/man/BIO_f_buffer.3 b/src/lib/libcrypto/man/BIO_f_buffer.3
index 21a6e9a5fe..27baf7270c 100644
--- a/src/lib/libcrypto/man/BIO_f_buffer.3
+++ b/src/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_f_buffer.3,v 1.10 2018/05/01 17:05:05 schwarze Exp $
+.\"     $OpenBSD: BIO_f_buffer.3,v 1.11 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 9b86974e Mar 19 12:32:14 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_F_BUFFER 3
 .Os
 .Sh NAME
@@ -132,7 +132,7 @@ bytes of
 .Fa buf .
 If
 .Fa num
-is larger than the current buffer size the buffer is expanded.
+is larger than the current buffer size, the buffer is expanded.
 .Pp
 Except
 .Fn BIO_f_buffer ,
diff --git a/src/lib/libcrypto/man/BIO_s_accept.3 b/src/lib/libcrypto/man/BIO_s_accept.3
index 4ead28b62f..c33abee901 100644
--- a/src/lib/libcrypto/man/BIO_s_accept.3
+++ b/src/lib/libcrypto/man/BIO_s_accept.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_accept.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $
+.\"     $OpenBSD: BIO_s_accept.3,v 1.12 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL c03726ca Thu Aug 27 12:28:08 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 12 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_ACCEPT 3
 .Os
 .Sh NAME
@@ -223,7 +223,7 @@ incoming connection before processing I/O calls.
 When an accept BIO is not at then end of a chain,
 it passes I/O calls to the next BIO in the chain.
 .Pp
-When a connection is established a new socket BIO is created
+When a connection is established, a new socket BIO is created
 for the connection and appended to the chain.
 That is the chain is now accept->socket.
 This effectively means that attempting I/O on an initial accept
diff --git a/src/lib/libcrypto/man/BIO_s_bio.3 b/src/lib/libcrypto/man/BIO_s_bio.3
index 171207dfe1..bf4e8738b5 100644
--- a/src/lib/libcrypto/man/BIO_s_bio.3
+++ b/src/lib/libcrypto/man/BIO_s_bio.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_bio.3,v 1.13 2018/05/01 17:05:05 schwarze Exp $
+.\"     $OpenBSD: BIO_s_bio.3,v 1.14 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL c03726ca Aug 27 12:28:08 2015 -0400
 .\"
 .\" This file was written by
@@ -53,7 +53,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_BIO 3
 .Os
 .Sh NAME
@@ -182,7 +182,7 @@ sets the write buffer size of BIO
 .Fa b
 to
 .Fa size .
-If the size is not initialized a default value is used.
+If the size is not initialized, a default value is used.
 This is currently 17K, sufficient for a maximum size TLS record.
 .Pp
 .Fn BIO_get_write_buf_size
@@ -255,7 +255,7 @@ or
 .Xr SSL_free 3
 call, the other half still needs to be freed.
 .Pp
-When used in bidirectional applications (such as TLS/SSL)
+When used in bidirectional applications (such as TLS/SSL),
 care should be taken to flush any data in the write buffer.
 This can be done by calling
 .Xr BIO_pending 3
diff --git a/src/lib/libcrypto/man/BIO_s_connect.3 b/src/lib/libcrypto/man/BIO_s_connect.3
index 7ddde85f53..2732e9bc9c 100644
--- a/src/lib/libcrypto/man/BIO_s_connect.3
+++ b/src/lib/libcrypto/man/BIO_s_connect.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_connect.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $
+.\"     $OpenBSD: BIO_s_connect.3,v 1.12 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 12 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_CONNECT 3
 .Os
 .Sh NAME
@@ -159,7 +159,7 @@ and also returns the socket.
 If
 .Fa c
 is not
-.Dv NULL
+.Dv NULL ,
 it should be of type
 .Vt "int *" .
 .Pp
diff --git a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index e431b2cb36..094d6ec487 100644
--- a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $
+.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.8 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 2 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt CMS_GET0_RECIPIENTINFOS 3
 .Os
 .Sh NAME
@@ -255,7 +255,7 @@ Depending on the type, the
 structure can be ignored or its key identifier data retrieved using
 an appropriate function.
 If the corresponding secret or private key can be obtained by any
-appropriate means it can then be associated with the structure and
+appropriate means, it can then be associated with the structure and
 .Fn CMS_RecipientInfo_decrypt
 called.
 If successful,
diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
index c78076b8a8..9d72b85642 100644
--- a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.12 2019/08/16 12:16:22 schwarze Exp $
+.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.13 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL CRYPTO_get_ex_new_index 9e183d22 Mar 11 08:56:44 2017 -0500
 .\" selective merge up to: 72a7a702 Feb 26 14:05:09 2019 +0000
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 16 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt CRYPTO_SET_EX_DATA 3
 .Os
 .Sh NAME
@@ -156,7 +156,7 @@ header file.
 .Pp
 The API described here is used by OpenSSL to manipulate exdata for
 specific structures.
-Since the application data can be anything at all it is passed and
+Since the application data can be anything at all, it is passed and
 retrieved as a
 .Vt void *
 type.
diff --git a/src/lib/libcrypto/man/DES_set_key.3 b/src/lib/libcrypto/man/DES_set_key.3
index da58957d36..e74c7c5e48 100644
--- a/src/lib/libcrypto/man/DES_set_key.3
+++ b/src/lib/libcrypto/man/DES_set_key.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: DES_set_key.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400
 .\"
@@ -115,7 +115,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt DES_SET_KEY 3
 .Os
 .Sh NAME
@@ -747,7 +747,7 @@ If set to
 .Dv DES_PCBC_MODE
 (the default), DES_pcbc_encrypt is used.
 If set to
-.Dv DES_CBC_MODE
+.Dv DES_CBC_MODE ,
 DES_cbc_encrypt is used.
 .Sh RETURN VALUES
 .Fn DES_set_key ,
diff --git a/src/lib/libcrypto/man/EC_GROUP_new.3 b/src/lib/libcrypto/man/EC_GROUP_new.3
index a02104f967..ef7251fa3d 100644
--- a/src/lib/libcrypto/man/EC_GROUP_new.3
+++ b/src/lib/libcrypto/man/EC_GROUP_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EC_GROUP_new.3,v 1.13 2021/05/11 04:22:32 tb Exp $
+.\"     $OpenBSD: EC_GROUP_new.3,v 1.14 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 11 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EC_GROUP_NEW 3
 .Os
 .Sh NAME
@@ -288,7 +288,7 @@ item has a unique integer ID
 .Pq Fa nid
 and a human readable comment string describing the curve.
 .Pp
-In order to construct a builtin curve use the function
+In order to construct a builtin curve, use the function
 .Fn EC_GROUP_new_by_curve_name
 and provide the
 .Fa nid
diff --git a/src/lib/libcrypto/man/ERR_put_error.3 b/src/lib/libcrypto/man/ERR_put_error.3
index 142d2eb2bd..7eac5e415c 100644
--- a/src/lib/libcrypto/man/ERR_put_error.3
+++ b/src/lib/libcrypto/man/ERR_put_error.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ERR_put_error.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $
+.\"     $OpenBSD: ERR_put_error.3,v 1.10 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ERR_PUT_ERROR 3
 .Os
 .Sh NAME
@@ -128,7 +128,7 @@ Function and reason codes should consist of upper case characters,
 numbers and underscores only.
 The error file generation script translates function codes into function
 names by looking in the header files for an appropriate function name.
-If none is found it just uses the capitalized form such as "SSL23_READ"
+If none is found, it just uses the capitalized form such as "SSL23_READ"
 in the above example.
 .Pp
 The trailing section of a reason code (after the "_R_") is translated
diff --git a/src/lib/libcrypto/man/EVP_DigestInit.3 b/src/lib/libcrypto/man/EVP_DigestInit.3
index 9b2ee4e09f..b9aacf9e9f 100644
--- a/src/lib/libcrypto/man/EVP_DigestInit.3
+++ b/src/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.22 2022/01/15 09:08:51 tb Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.23 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL a95d7574 Jul 2 12:16:38 2017 -0400
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -457,7 +457,7 @@ For example
 .Fn EVP_sha1
 is associated with RSA so this will return
 .Dv NID_sha1WithRSAEncryption .
-Since digests and signature algorithms are no longer linked this
+Since digests and signature algorithms are no longer linked, this
 function is only retained for compatibility reasons.
 .Pp
 .Fn EVP_md5 ,
diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 58d18346e1..47527925ba 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.42 2021/10/14 00:45:02 tb Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.43 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -71,7 +71,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 14 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -535,7 +535,7 @@ The encrypted final data is written to
 which should have sufficient space for one cipher block.
 The number of bytes written is placed in
 .Fa outl .
-After this function is called the encryption operation is finished and
+After this function is called, the encryption operation is finished and
 no further calls to
 .Fn EVP_EncryptUpdate
 should be made.
@@ -754,7 +754,7 @@ This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it
 ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the
 same NID.
 If the cipher does not have an object identifier or does not
-have ASN.1 support this function will return
+have ASN.1 support, this function will return
 .Dv NID_undef .
 .Pp
 .Fn EVP_CIPHER_CTX_cipher
@@ -842,7 +842,7 @@ block size n will equal the block size.
 For example if the block size is 8 and 11 bytes are to be encrypted then
 5 padding bytes of value 5 will be added.
 .Pp
-When decrypting the final block is checked to see if it has the correct
+When decrypting, the final block is checked to see if it has the correct
 form.
 .Pp
 Although the decryption operation can produce an error if padding is
@@ -1374,7 +1374,7 @@ first appeared in LibreSSL 2.8.1 and has been available since
 and
 .Dv EVP_MAX_IV_LENGTH
 only refer to the internal ciphers with default key lengths.
-If custom ciphers exceed these values the results are unpredictable.
+If custom ciphers exceed these values, the results are unpredictable.
 This is because it has become standard practice to define a generic key
 as a fixed unsigned char array containing
 .Dv EVP_MAX_KEY_LENGTH
diff --git a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
index cdae726c42..af5ed93fba 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_DECRYPT 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa out
 buffer.
-If the call is successful the decrypted data is written to
+If the call is successful, the decrypted data is written to
 .Fa out
 and the amount of data written to
 .Fa outlen .
diff --git a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
index a627c2abb6..210c43d6d8 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_encrypt.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_encrypt.3,v 1.7 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_ENCRYPT 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa out
 buffer.
-If the call is successful the encrypted data is written to
+If the call is successful, the encrypted data is written to
 .Fa out
 and the amount of data written to
 .Fa outlen .
diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3
index efbea950c9..fbd8e66376 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_SIGN 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa sig
 buffer.
-If the call is successful the signature is written to
+If the call is successful, the signature is written to
 .Fa sig
 and the amount of data written to
 .Fa siglen .
diff --git a/src/lib/libcrypto/man/EVP_SignInit.3 b/src/lib/libcrypto/man/EVP_SignInit.3
index a53d059b46..06aeb2f141 100644
--- a/src/lib/libcrypto/man/EVP_SignInit.3
+++ b/src/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_SignInit.3,v 1.14 2019/06/10 14:58:48 schwarze Exp $
+.\" $OpenBSD: EVP_SignInit.3,v 1.15 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_SIGNINIT 3
 .Os
 .Sh NAME
@@ -217,7 +217,7 @@ could not be made after calling
 .Fn EVP_SignFinal .
 .Pp
 Since the private key is passed in the call to
-.Fn EVP_SignFinal
+.Fn EVP_SignFinal ,
 any error relating to the private key (for example an unsuitable key and
 digest combination) will not be indicated until after potentially large
 amounts of data have been passed through
diff --git a/src/lib/libcrypto/man/OBJ_nid2obj.3 b/src/lib/libcrypto/man/OBJ_nid2obj.3
index 511bf8567a..4b35762dcf 100644
--- a/src/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/src/lib/libcrypto/man/OBJ_nid2obj.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_nid2obj.3,v 1.18 2021/12/18 17:47:45 schwarze Exp $
+.\" $OpenBSD: OBJ_nid2obj.3,v 1.19 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000
 .\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 18 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OBJ_NID2OBJ 3
 .Os
 .Sh NAME
@@ -206,7 +206,7 @@ is 0 then long names and short names will be interpreted as well as
 numerical forms.
 If
 .Fa no_name
-is 1 only the numerical form is acceptable.
+is 1, only the numerical form is acceptable.
 .Pp
 .Fn OBJ_obj2txt
 converts the
diff --git a/src/lib/libcrypto/man/OCSP_cert_to_id.3 b/src/lib/libcrypto/man/OCSP_cert_to_id.3
index f2ed8b1154..73a21867b9 100644
--- a/src/lib/libcrypto/man/OCSP_cert_to_id.3
+++ b/src/lib/libcrypto/man/OCSP_cert_to_id.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.11 2021/08/06 21:45:55 schwarze Exp $
+.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.12 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 6 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_CERT_TO_ID 3
 .Os
 .Sh NAME
@@ -180,7 +180,7 @@ and
 returns the issuer name hash, hash OID, issuer key hash and serial
 number contained in
 .Fa cid .
-If any of the values are not required the corresponding parameter can be
+If any of the values are not required, the corresponding parameter can be
 set to
 .Dv NULL .
 The values returned by
diff --git a/src/lib/libcrypto/man/OCSP_resp_find_status.3 b/src/lib/libcrypto/man/OCSP_resp_find_status.3
index bcfefb5754..06d0354bd6 100644
--- a/src/lib/libcrypto/man/OCSP_resp_find_status.3
+++ b/src/lib/libcrypto/man/OCSP_resp_find_status.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OCSP_resp_find_status.3,v 1.10 2019/08/27 10:00:41 schwarze Exp $
+.\" $OpenBSD: OCSP_resp_find_status.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL c952780c Jun 21 07:03:34 2016 -0400
 .\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 27 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_RESP_FIND_STATUS 3
 .Os
 .Sh NAME
@@ -295,11 +295,11 @@ or
 .Fn OCSP_single_get0_status .
 If
 .Fa sec
-is non-zero it indicates how many seconds leeway should be allowed in
+is non-zero, it indicates how many seconds leeway should be allowed in
 the check.
 If
 .Fa maxsec
-is positive it indicates the maximum age of
+is positive, it indicates the maximum age of
 .Fa thisupd
 in seconds.
 .Pp
diff --git a/src/lib/libcrypto/man/OCSP_sendreq_new.3 b/src/lib/libcrypto/man/OCSP_sendreq_new.3
index c8107c4d58..300f719525 100644
--- a/src/lib/libcrypto/man/OCSP_sendreq_new.3
+++ b/src/lib/libcrypto/man/OCSP_sendreq_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OCSP_sendreq_new.3,v 1.9 2019/08/27 10:48:41 schwarze Exp $
+.\" $OpenBSD: OCSP_sendreq_new.3,v 1.10 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 27 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_SENDREQ_NEW 3
 .Os
 .Sh NAME
@@ -159,7 +159,7 @@ should be set to
 .Fn OCSP_sendreq_nbio
 performs non-blocking I/O on the OCSP request context
 .Fa rctx .
-When the operation is complete it returns the response in
+When the operation is complete, it returns the response in
 .Pf * Fa presp .
 If
 .Fn OCSP_sendreq_nbio
diff --git a/src/lib/libcrypto/man/PKCS12_create.3 b/src/lib/libcrypto/man/PKCS12_create.3
index d19a6f3e44..bc00d3df78 100644
--- a/src/lib/libcrypto/man/PKCS12_create.3
+++ b/src/lib/libcrypto/man/PKCS12_create.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS12_create.3,v 1.11 2021/10/22 15:50:19 schwarze Exp $
+.\" $OpenBSD: PKCS12_create.3,v 1.12 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 22 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt PKCS12_CREATE 3
 .Os
 .Sh NAME
@@ -137,10 +137,10 @@ should be set to PKCS12_DEFAULT_ITER.
 adds a flag to the store private key.
 This is a non-standard extension that is only currently interpreted by
 MSIE.
-If set to zero the flag is omitted; if set to
-.Dv KEY_SIG
+If set to zero, the flag is omitted; if set to
+.Dv KEY_SIG ,
 the key can be used for signing only; and if set to
-.Dv KEY_EX
+.Dv KEY_EX ,
 it can be used for signing and encryption.
 This option was useful for old export grade software which could use
 signing only keys of arbitrary size but had restrictions on the
diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3
index 2895da16d8..d091c03dfd 100644
--- a/src/lib/libcrypto/man/PKCS7_verify.3
+++ b/src/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: PKCS7_verify.3,v 1.10 2022/01/19 20:28:06 tb Exp $
+.\"     $OpenBSD: PKCS7_verify.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 19 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt PKCS7_VERIFY 3
 .Os
 .Sh NAME
@@ -133,13 +133,13 @@ parameter (if it is not
 and then looking in any certificates contained in the
 .Fa p7
 structure itself.
-If any signer's certificates cannot be located the operation fails.
+If any signer's certificates cannot be located, the operation fails.
 .Pp
 Each signer's certificate is chain verified using the
 .Sy smimesign
 purpose and the supplied trusted certificate store.
 Any internal certificates in the message are used as untrusted CAs.
-If any chain verify fails an error code is returned.
+If any chain verify fails, an error code is returned.
 .Pp
 Finally, the signed content is read (and written to
 .Fa out
diff --git a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 b/src/lib/libcrypto/man/RSA_get_ex_new_index.3
index cf3d3f6fd7..ee1e0e82f7 100644
--- a/src/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/src/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: RSA_get_ex_new_index.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $
+.\"     $OpenBSD: RSA_get_ex_new_index.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org> and
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt RSA_GET_EX_NEW_INDEX 3
 .Os
 .Sh NAME
@@ -117,7 +117,7 @@ with a structure (for example the hash of some part of the structure) or
 some additional data (for example a handle to the data in an external
 library).
 .Pp
-Since the application data can be anything at all it is passed and
+Since the application data can be anything at all, it is passed and
 retrieved as a
 .Vt void *
 type.
diff --git a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index cd7e94d4e1..3c1237d20e 100644
--- a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.15 2021/12/09 19:01:52 schwarze Exp $
+.\"     $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.16 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 9 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_NAME_ADD_ENTRY_BY_TXT 3
 .Os
 .Sh NAME
@@ -205,11 +205,11 @@ if it is -1 it is appended.
 .Pp
 .Fa set
 determines how the new type is added.
-If it is zero a new RDN is created.
+If it is zero, a new RDN is created.
 .Pp
 If
 .Fa set
-is -1 or 1 it is added to the previous or next RDN structure
+is -1 or 1, it is added to the previous or next RDN structure
 respectively.
 This will then be a multivalued RDN: since multivalue RDNs are very
 seldom used,
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 8964d612b2..fdcfd4834e 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.24 2022/03/29 14:27:59 naddy Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.25 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -493,7 +493,7 @@ enables CRL checking for the entire certificate chain.
 disables critical extension checking.
 By default any unhandled critical extensions in certificates or (if
 checked) CRLs results in a fatal error.
-If this flag is set unhandled critical extensions are ignored.
+If this flag is set, unhandled critical extensions are ignored.
 .Sy WARNING :
 setting this option for anything other than debugging purposes can be a
 security risk.
@@ -539,7 +539,7 @@ By default some additional features such as indirect CRLs and CRLs
 signed by different keys are disabled.
 If
 .Dv X509_V_FLAG_EXTENDED_CRL_SUPPORT
-is set they are enabled.
+is set, they are enabled.
 .Pp
 If
 .Dv X509_V_FLAG_USE_DELTAS
diff --git a/src/lib/libcrypto/man/X509_get_pubkey.3 b/src/lib/libcrypto/man/X509_get_pubkey.3
index 506404d9ac..0829397982 100644
--- a/src/lib/libcrypto/man/X509_get_pubkey.3
+++ b/src/lib/libcrypto/man/X509_get_pubkey.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_pubkey.3,v 1.12 2021/10/26 18:05:07 tb Exp $
+.\" $OpenBSD: X509_get_pubkey.3,v 1.13 2022/03/31 17:27:17 naddy Exp $
 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 26 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_GET_PUBKEY 3
 .Os
 .Sh NAME
@@ -128,7 +128,7 @@
 .Fn X509_get_pubkey
 attempts to decode the public key for certificate
 .Fa x .
-If successful it returns the public key as an
+If successful, it returns the public key as an
 .Vt EVP_PKEY
 pointer with its reference count incremented: this means the returned
 key must be freed up after use.
diff --git a/src/lib/libcrypto/man/lh_new.3 b/src/lib/libcrypto/man/lh_new.3
index a9ac283a90..c848eed825 100644
--- a/src/lib/libcrypto/man/lh_new.3
+++ b/src/lib/libcrypto/man/lh_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: lh_new.3,v 1.8 2021/12/17 16:32:07 schwarze Exp $
+.\" $OpenBSD: lh_new.3,v 1.9 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400
 .\" selective merge up to:
@@ -118,7 +118,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: December 17 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt LH_NEW 3
 .Os
 .Sh NAME
@@ -488,7 +488,7 @@ The load is the number of items in the hash table divided by the size of
 the hash table.
 The default values are as follows.
 If (hash->up_load < load) => expand.
-if (hash->down_load > load) => contract.
+If (hash->down_load > load) => contract.
 The
 .Fa up_load
 has a default value of 1 and
@@ -503,12 +503,12 @@ variables.
 The 'load' is kept in a form which is multiplied by 256.
 So hash->up_load=8*256 will cause a load of 8 to be set.
 .Pp
-If you are interested in performance the field to watch is
+If you are interested in performance, the field to watch is
 .Fa num_comp_calls .
 The hash library keeps track of the 'hash' value for each item so when a
 lookup is done, the 'hashes' are compared, if there is a match, then a
 full compare is done, and hash->num_comp_calls is incremented.
-If num_comp_calls is not equal to num_delete plus num_retrieve it means
+If num_comp_calls is not equal to num_delete plus num_retrieve, it means
 that your hash function is generating hashes that are the same for
 different values.
 It is probably worth changing your hash function if this is the case
diff --git a/src/lib/libcrypto/man/openssl.cnf.5 b/src/lib/libcrypto/man/openssl.cnf.5
index ae56869b8b..48ca66cf4b 100644
--- a/src/lib/libcrypto/man/openssl.cnf.5
+++ b/src/lib/libcrypto/man/openssl.cnf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.cnf.5,v 1.7 2020/02/17 12:52:42 inoguchi Exp $
+.\" $OpenBSD: openssl.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100
 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 17 2020 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OPENSSL.CNF 5
 .Os
 .Sh NAME
@@ -265,7 +265,7 @@ bar = bar_section
 The command
 .Ic engine_id
 is used to give the ENGINE name.
-If used this command must be first.
+If used, this command must be first.
 For example:
 .Bd -literal -offset indent
 [engine_section]
@@ -305,7 +305,7 @@ The command
 sets the default algorithms an ENGINE will supply using the functions
 .Xr ENGINE_set_default_string 3 .
 .Pp
-If the name matches none of the above command names it is assumed
+If the name matches none of the above command names, it is assumed
 to be a ctrl command which is sent to the ENGINE.
 The value of the command is the argument to the ctrl command.
 If the value is the string
diff --git a/src/lib/libcrypto/man/x509v3.cnf.5 b/src/lib/libcrypto/man/x509v3.cnf.5
index 392c44d456..89f52d6a01 100644
--- a/src/lib/libcrypto/man/x509v3.cnf.5
+++ b/src/lib/libcrypto/man/x509v3.cnf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: x509v3.cnf.5,v 1.7 2020/06/11 18:03:19 jmc Exp $
+.\" $OpenBSD: x509v3.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL man5/x509v3_config a41815f0 Mar 17 18:43:53 2017 -0700
 .\" selective merge up to: OpenSSL 36cf10cf Oct 4 02:11:08 2017 -0400
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 11 2020 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509V3.CNF 5
 .Os
 .Sh NAME
@@ -163,7 +163,7 @@ parameter indicates the maximum number of CAs that can appear below
 this one in a chain.
 So if you have a CA with a
 .Ic pathlen
-of zero it can only be used to sign end user certificates and not
+of zero, it can only be used to sign end user certificates and not
 further CAs.
 .Ss Key usage
 Key usage is a multi-valued extension consisting of a list of names of
diff --git a/src/lib/libssl/man/BIO_f_ssl.3 b/src/lib/libssl/man/BIO_f_ssl.3
index 8643200285..5e18a85bd1 100644
--- a/src/lib/libssl/man/BIO_f_ssl.3
+++ b/src/lib/libssl/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_f_ssl.3,v 1.11 2019/06/12 09:36:30 schwarze Exp $
+.\" $OpenBSD: BIO_f_ssl.3,v 1.12 2022/03/31 17:27:18 naddy Exp $
 .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 12 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_F_SSL 3
 .Os
 .Sh NAME
@@ -147,7 +147,7 @@ is appended to an
 .Vt SSL
 .Vt BIO
 using
-.Xr BIO_push 3
+.Xr BIO_push 3 ,
 it is automatically used as the
 .Vt SSL
 .Vt BIO Ns 's read and write
@@ -213,7 +213,7 @@ is 0, server mode is set.
 .Fn BIO_set_ssl_renegotiate_bytes
 sets the renegotiate byte count to
 .Fa num .
-When set after every
+When set, after every
 .Fa num
 bytes of I/O (read and write) the SSL session is automatically renegotiated.
 .Fa num
@@ -222,7 +222,7 @@ must be at least 512 bytes.
 .Fn BIO_set_ssl_renegotiate_timeout
 sets the renegotiate timeout to
 .Fa seconds .
-When the renegotiate timeout elapses the session is automatically renegotiated.
+When the renegotiate timeout elapses, the session is automatically renegotiated.
 .Pp
 .Fn BIO_get_num_renegotiates
 returns the total number of session renegotiations due to I/O or timeout.
@@ -303,7 +303,7 @@ established; the call
 should be used for non blocking connect
 .Vt BIO Ns s
 to determine if the call should be retried.
-If an SSL connection has already been established this call has no effect.
+If an SSL connection has already been established, this call has no effect.
 .Pp
 .Vt SSL
 .Vt BIO Ns s
@@ -325,7 +325,7 @@ using a blocking transport will never request a retry.
 Since unknown
 .Xr BIO_ctrl 3
 operations are sent through filter
-.Vt BIO Ns s
+.Vt BIO Ns s ,
 the server name and port can be set using
 .Xr BIO_set_conn_hostname 3
 and
diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3
index 34c3a1adfd..5df0b07785 100644
--- a/src/lib/libssl/man/SSL_CTX_set_options.3
+++ b/src/lib/libssl/man/SSL_CTX_set_options.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_options.3,v 1.15 2021/06/12 11:02:20 tb Exp $
+.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $
 .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100
 .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000
 .\"
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 12 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_CTX_SET_OPTIONS 3
 .Os
 .Sh NAME
@@ -206,7 +206,7 @@ Normally clients and servers using TLSv1.2 and earlier will, where possible,
 transparently make use of
 RFC 5077 tickets for stateless session resumption.
 .Pp
-If this option is set this functionality is disabled and tickets will not be
+If this option is set, this functionality is disabled and tickets will not be
 used by clients or servers.
 .It Dv SSL_OP_NO_TLSv1
 Do not use the TLSv1.0 protocol.
@@ -273,7 +273,7 @@ server with a
 .Em no_renegotiation
 warning alert.
 .Pp
-If the patched OpenSSL server attempts to renegotiate a fatal
+If the patched OpenSSL server attempts to renegotiate, a fatal
 .Em handshake_failure
 alert is sent.
 This is because the server code may be unaware of the unpatched nature of the
@@ -306,7 +306,7 @@ them initially) and this is clearly not acceptable.
 Renegotiation is permitted because this does not add any additional security
 issues: during an attack clients do not see any renegotiations anyway.
 .Pp
-As more servers become patched the option
+As more servers become patched, the option
 .Dv SSL_OP_LEGACY_SERVER_CONNECT
 will
 .Em not
diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index ae0349584a..8be504d3b3 100644
--- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.9 2022/02/18 23:17:15 jsg Exp $
+.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 18 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
 .Os
 .Sh NAME
@@ -117,7 +117,7 @@ when the application is left, it becomes impossible for attackers to decrypt
 past sessions, even if they get hold of the normal (certified) key,
 as this key was only used for signing.
 .Pp
-In order to perform a DH key exchange the server must use a DH group
+In order to perform a DH key exchange, the server must use a DH group
 (DH parameters) and generate a DH key.
 The server will always generate a new DH key during the negotiation.
 .Pp
diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3
index 4cde129bc2..2ab43fdd3e 100644
--- a/src/lib/libssl/man/SSL_get_session.3
+++ b/src/lib/libssl/man/SSL_get_session.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_get_session.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $
+.\"     $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt SSL_GET_SESSION 3
 .Os
 .Sh NAME
@@ -109,7 +109,7 @@ If the data is to be kept,
 .Fn SSL_get1_session
 will increment the reference count, so that the session will not be implicitly
 removed by other operations but stays in memory.
-In order to remove the session
+In order to remove the session,
 .Xr SSL_SESSION_free 3
 must be explicitly called once to decrement the reference count again.
 .Pp