From 767bff4409ce6a123bd88bf933cd119b0224b542 Mon Sep 17 00:00:00 2001
From: jmc <>
Date: Sat, 3 Dec 2016 13:36:03 +0000
Subject: various cleanup;

---
 src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3   | 18 +++++++++---------
 src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3   | 10 +++++-----
 src/lib/libcrypto/man/X509_NAME_print_ex.3           | 20 ++++++++++----------
 src/lib/libcrypto/man/X509_STORE_CTX_get_error.3     | 20 ++++++++++----------
 src/lib/libcrypto/man/X509_STORE_CTX_new.3           | 12 ++++++------
 .../libcrypto/man/X509_STORE_set_verify_cb_func.3    | 10 +++++-----
 src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3  | 18 +++++++++---------
 src/lib/libcrypto/man/X509_new.3                     |  8 ++++----
 src/lib/libcrypto/man/X509_verify_cert.3             |  9 +++------
 src/lib/libcrypto/man/bn_dump.3                      | 20 ++++++++++----------
 src/lib/libcrypto/man/crypto.3                       | 12 ++++++------
 11 files changed, 77 insertions(+), 80 deletions(-)

diff --git a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index b83ac6d478..3c3348135b 100644
--- a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,6 +1,6 @@
-.\"	$OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_NAME_ADD_ENTRY_BY_TXT 3
 .Os
 .Sh NAME
@@ -81,7 +81,7 @@ which can either be a definition of the type of
 .Fa bytes
 (such as
 .Dv MBSTRING_ASC )
-or a standard ASN1 type (such as
+or a standard ASN.1 type (such as
 .Dv V_ASN1_IA5STRING ) .
 The new entry is added to a position determined by
 .Fa loc
@@ -89,7 +89,7 @@ and
 .Fa set .
 .Pp
 .Fn X509_NAME_add_entry
-adds a copy of a
+adds a copy of an
 .Vt X509_NAME_ENTRY
 structure
 .Fa ne
@@ -124,7 +124,7 @@ field and to apply length checks according to the relevant standards.
 This is done using
 .Xr ASN1_STRING_set_by_NID 3 .
 .Pp
-If instead an ASN1 type is used, no checks are performed and the supplied
+If instead an ASN.1 type is used, no checks are performed and the supplied
 data in
 .Fa bytes
 is used directly.
@@ -162,7 +162,7 @@ If
 .Fa set
 is -1 or 1 it is added to the previous or next RDN structure
 respectively.
-This will then be a multivalued RDN: since multivalues RDNs are very
+This will then be a multivalued RDN: since multivalue RDNs are very
 seldom used,
 .Fa set
 is almost always set to zero.
@@ -184,9 +184,9 @@ if an error occurred.
 Create an
 .Vt X509_NAME
 structure:
-.Pp
-.D1 C=UK, O=Disorganized Organization, CN=Joe Bloggs
-.Bd -literal
+.Bd -literal -offset indent
+C=UK, O=Disorganized Organization, CN=Joe Bloggs
+
 X509_NAME *nm;
 nm = X509_NAME_new();
 if (nm == NULL)
diff --git a/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index efd74f07e9..fdf8bb1a81 100644
--- a/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -1,13 +1,13 @@
-.\"	$OpenBSD: X509_NAME_get_index_by_NID.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_NAME_get_index_by_NID.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_NAME_GET_INDEX_BY_NID 3
 .Os
 .Sh NAME
 .Nm X509_NAME_get_index_by_NID ,
 .Nm X509_NAME_get_index_by_OBJ ,
-.Nm X509_NAME_get_entry ,
 .Nm X509_NAME_entry_count ,
+.Nm X509_NAME_get_entry ,
 .Nm X509_NAME_get_text_by_NID ,
 .Nm X509_NAME_get_text_by_OBJ
 .Nd X509_NAME lookup and enumeration functions
@@ -56,8 +56,8 @@ The
 .Vt X509_NAME
 structure is the same as the
 .Sy Name
-type defined in RFC2459 (and elsewhere) and used for example in
-certificate subject and issuer names.
+type defined in RFC 2459 (and elsewhere) and used, for example,
+in certificate subject and issuer names.
 .Pp
 .Fn X509_NAME_get_index_by_NID
 and
diff --git a/src/lib/libcrypto/man/X509_NAME_print_ex.3 b/src/lib/libcrypto/man/X509_NAME_print_ex.3
index 6692765c99..54f08511f1 100644
--- a/src/lib/libcrypto/man/X509_NAME_print_ex.3
+++ b/src/lib/libcrypto/man/X509_NAME_print_ex.3
@@ -1,13 +1,13 @@
-.\"	$OpenBSD: X509_NAME_print_ex.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_NAME_print_ex.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_NAME_PRINT_EX 3
 .Os
 .Sh NAME
 .Nm X509_NAME_print_ex ,
 .Nm X509_NAME_print_ex_fp ,
-.Nm X509_NAME_print ,
-.Nm X509_NAME_oneline
+.Nm X509_NAME_oneline ,
+.Nm X509_NAME_print
 .Nd X509_NAME printing routines
 .Sh SYNOPSIS
 .In openssl/x509.h
@@ -90,8 +90,8 @@ The functions
 .Fn X509_NAME_oneline
 and
 .Fn X509_NAME_print
-are legacy functions which produce a non standard output form.
-They don't handle multi character fields and have various quirks
+are legacy functions which produce a non-standard output form.
+They don't handle multi-character fields and have various quirks
 and inconsistencies.
 Their use is strongly discouraged in new applications.
 .Pp
@@ -149,9 +149,9 @@ The fields
 and
 .Dv XN_FLAG_FN_NONE
 determine how a field name is displayed.
-It will use the short name (e.g. CN) the long name (e.g. commonName)
+It will use the short name (e.g. CN), the long name (e.g. commonName),
 always use OID numerical form (normally OIDs are only used if the
-field name is not recognised) and no field name respectively.
+field name is not recognised) and no field name, respectively.
 .Pp
 If
 .Dv XN_FLAG_SPC_EQ
@@ -173,10 +173,10 @@ Additionally, all the options supported by
 .Xr ASN1_STRING_print_ex 3
 can be used to control how each field value is displayed.
 .Pp
-In addition a number options can be set for commonly used formats.
+In addition a number of options can be set for commonly used formats.
 .Pp
 .Dv XN_FLAG_RFC2253
-sets options which produce an output compatible with RFC2253.
+sets options which produce an output compatible with RFC 2253.
 It is equivalent to
 .Dv ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV |
 .Dv XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS .
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3
index 85b7ac06f0..36f153af5a 100644
--- a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+++ b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -1,6 +1,6 @@
-.\"	$OpenBSD: X509_STORE_CTX_get_error.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_STORE_CTX_get_error.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_STORE_CTX_GET_ERROR 3
 .Os
 .Sh NAME
@@ -86,7 +86,7 @@ successful, the returned chain may be incomplete or invalid.
 The returned chain persists after the
 .Fa ctx
 structure is freed.
-When it is no longer needed, it should be free up using
+When it is no longer needed, it should be freed up using
 .Fn sk_X509_pop_free chain X509_free .
 .Pp
 .Fn X509_verify_cert_error_string
@@ -144,8 +144,8 @@ The CRL of a certificate could not be found.
  No unable to decrypt certificate's signature
 The certificate signature could not be decrypted.
 This means that the actual signature value could not be determined
-rather than it not matching the expected value, this is only meaningful
-for RSA keys.
+rather than it not matching the expected value.
+This is only meaningful for RSA keys.
 .It Dv X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE : \
  No unable to decrypt CRL's signature
 The CRL signature could not be decrypted: this means that the actual
@@ -219,7 +219,7 @@ The root CA is marked to reject the specified purpose.
 .It Dv X509_V_ERR_SUBJECT_ISSUER_MISMATCH : No subject issuer mismatch
 The current candidate issuer certificate was rejected because its
 subject name did not match the issuer name of the current certificate.
-This is only set if issuer check debugging is enabled it is used for
+This is only set if issuer check debugging is enabled; it is used for
 status notification and is
 .Sy not
 in itself an error.
@@ -228,7 +228,7 @@ in itself an error.
 The current candidate issuer certificate was rejected because its
 subject key identifier was present and did not match the authority key
 identifier current certificate.
-This is only set if issuer check debugging is enabled it is used for
+This is only set if issuer check debugging is enabled; it is used for
 status notification and is
 .Sy not
 in itself an error.
@@ -237,7 +237,7 @@ in itself an error.
 The current candidate issuer certificate was rejected because its issuer
 name and serial number was present and did not match the authority key
 identifier of the current certificate.
-This is only set if issuer check debugging is enabled it is used for
+This is only set if issuer check debugging is enabled; it is used for
 status notification and is
 .Sy not
 in itself an error.
@@ -259,7 +259,7 @@ A certificate policies extension had an invalid value (for example an
 incorrect encoding) or some value inconsistent with other extensions.
 This error only occurs if policy processing is enabled.
 .It Dv X509_V_ERR_NO_EXPLICIT_POLICY : No no explicit policy
-The verification flags were set to require and explicit policy but none
+The verification flags were set to require an explicit policy but none
 was present.
 .It Dv X509_V_ERR_DIFFERENT_CRL_SCOPE : No different CRL scope
 The only CRLs that could be found did not match the scope of the
@@ -284,7 +284,7 @@ types.
 .It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX : \
  No unsupported or invalid name constraint syntax
 The format of the name constraint is not recognised: for example an
-email address format of a form not mentioned in RFC3280.
+email address format of a form not mentioned in RFC 3280.
 This could be caused by a garbage extension or some new feature not
 currently supported.
 .It Dv X509_V_ERR_CRL_PATH_VALIDATION_ERROR : No CRL path validation error
diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
index ffb50b6564..ae88020e77 100644
--- a/src/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/src/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,6 +1,6 @@
-.\"	$OpenBSD: X509_STORE_CTX_new.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_STORE_CTX_new.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_STORE_CTX_NEW 3
 .Os
 .Sh NAME
@@ -84,7 +84,7 @@ structure.
 internally cleans up an
 .Vt X509_STORE_CTX
 structure.
-The context can then be reused with an new call to
+The context can then be reused with a new call to
 .Fn X509_STORE_CTX_init .
 .Pp
 .Fn X509_STORE_CTX_free
@@ -144,7 +144,6 @@ structure.
 This might be used where additional "useful" CRLs are supplied as part
 of a protocol, for example in a PKCS#7 structure.
 .Pp
-X509_VERIFY_PARAM
 .Fn X509_STORE_CTX_get0_param
 retrieves an internal pointer to the verification parameters associated
 with
@@ -180,7 +179,8 @@ X509_STORE_CTX_init(&ctx, store, cert, chain);
 .Pp
 This is
 .Sy not
-recommended in new applications they should instead do:
+recommended in new applications.
+They should instead do:
 .Bd -literal -offset indent
 X509_STORE_CTX *ctx;
 ctx = X509_STORE_CTX_new();
@@ -190,7 +190,7 @@ X509_STORE_CTX_init(ctx, store, cert, chain);
 .Ed
 .Sh RETURN VALUES
 .Fn X509_STORE_CTX_new
-returns an newly allocates context or
+returns a newly allocated context or
 .Dv NULL
 if an error occurred.
 .Pp
diff --git a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
index 32a6d7c329..48a65d82f3 100644
--- a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+++ b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -1,11 +1,11 @@
-.\"	$OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_STORE_SET_VERIFY_CB_FUNC 3
 .Os
 .Sh NAME
-.Nm X509_STORE_set_verify_cb_func ,
-.Nm X509_STORE_set_verify_cb
+.Nm X509_STORE_set_verify_cb ,
+.Nm X509_STORE_set_verify_cb_func
 .Nd set verification callback
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
@@ -24,7 +24,7 @@
 sets the verification callback of
 .Sy ctx
 to
-.Sy verify_cb
+.Sy verify_cb ,
 overwriting any existing callback.
 .Pp
 .Fn X509_STORE_set_verify_cb_func
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 43da66c6d1..67d336977f 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,6 +1,6 @@
-.\"	$OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -9,11 +9,11 @@
 .Nm X509_VERIFY_PARAM_get_flags ,
 .Nm X509_VERIFY_PARAM_set_purpose ,
 .Nm X509_VERIFY_PARAM_set_trust ,
-.Nm X509_VERIFY_PARAM_set_depth ,
-.Nm X509_VERIFY_PARAM_get_depth ,
 .Nm X509_VERIFY_PARAM_set_time ,
 .Nm X509_VERIFY_PARAM_add0_policy ,
-.Nm X509_VERIFY_PARAM_set1_policies
+.Nm X509_VERIFY_PARAM_set1_policies ,
+.Nm X509_VERIFY_PARAM_set_depth ,
+.Nm X509_VERIFY_PARAM_get_depth
 .Nd X509 verification parameters
 .Sh SYNOPSIS
 .In openssl/x509_vfy.h
@@ -170,7 +170,7 @@ An error occurs if a suitable CRL cannot be found.
 enables CRL checking for the entire certificate chain.
 .Pp
 .Dv X509_V_FLAG_IGNORE_CRITICAL
-disabled critical extension checking.
+disables critical extension checking.
 By default any unhandled critical extensions in certificates or (if
 checked) CRLs results in a fatal error.
 If this flag is set unhandled critical extensions are ignored.
@@ -189,7 +189,7 @@ verification strictly apply X509 rules.
 enables proxy certificate verification.
 .Pp
 .Dv X509_V_FLAG_POLICY_CHECK
-enables certificate policy checking, by default no policy checking is
+enables certificate policy checking; by default no policy checking is
 performed.
 Additional information is sent to the verification callback relating to
 policy checking.
@@ -203,7 +203,7 @@ set the
 .Dq inhibit any policy ,
 and
 .Dq inhibit policy mapping
-flags, respectively, as defined in RFC3280.
+flags, respectively, as defined in RFC 3280.
 Policy checking is automatically enabled if any of these flags are set.
 .Pp
 If
@@ -250,7 +250,7 @@ SSL connections associated with an
 .Vt SSL_CTX
 structure
 .Fa ctx :
-.Bd -literal
+.Bd -literal -offset indent
 X509_VERIFY_PARAM *param;
 param = X509_VERIFY_PARAM_new();
 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3
index 00343e1764..705f4b2816 100644
--- a/src/lib/libcrypto/man/X509_new.3
+++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,12 +1,12 @@
-.\"	$OpenBSD: X509_new.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_new.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
 .Nm X509_new ,
 .Nm X509_free
-.Nd X509 certificate ASN1 allocation functions
+.Nd X509 certificate ASN.1 allocation functions
 .Sh SYNOPSIS
 .In openssl/x509.h
 .Ft X509 *
@@ -16,7 +16,7 @@
 .Fa "X509 *a"
 .Fc
 .Sh DESCRIPTION
-The X509 ASN1 allocation routines allocate and free an
+The X509 ASN.1 allocation routines allocate and free an
 .Vt X509
 structure, which represents an X509 certificate.
 .Pp
diff --git a/src/lib/libcrypto/man/X509_verify_cert.3 b/src/lib/libcrypto/man/X509_verify_cert.3
index fab813ffaa..b359a380ed 100644
--- a/src/lib/libcrypto/man/X509_verify_cert.3
+++ b/src/lib/libcrypto/man/X509_verify_cert.3
@@ -1,6 +1,6 @@
-.\"	$OpenBSD: X509_verify_cert.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"	$OpenBSD: X509_verify_cert.3,v 1.3 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt X509_VERIFY_CERT 3
 .Os
 .Sh NAME
@@ -41,11 +41,8 @@ by examining
 for example using
 .Xr X509_STORE_CTX_get_error 3 .
 .Sh SEE ALSO
+.Xr openssl 1 ,
 .Xr X509_STORE_CTX_get_error 3
-and the
-.Cm verify
-entry in
-.Xr openssl 1
 .Sh HISTORY
 .Fn X509_verify_cert
 is available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/bn_dump.3 b/src/lib/libcrypto/man/bn_dump.3
index 9c4b06e9b3..b912e3a473 100644
--- a/src/lib/libcrypto/man/bn_dump.3
+++ b/src/lib/libcrypto/man/bn_dump.3
@@ -1,6 +1,6 @@
-.\"	$OpenBSD: bn_dump.3,v 1.3 2016/11/21 22:19:15 jmc Exp $
+.\"	$OpenBSD: bn_dump.3,v 1.4 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 21 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt BN_DUMP 3
 .Os
 .Sh NAME
@@ -324,7 +324,7 @@ calls, the
 .Vt BN_CTX
 structure is used.
 This structure contains BN_CTX_NUM
-.Vt BIGNUM Ns s,
+.Vt BIGNUM Ns s ;
 see
 .Xr BN_CTX_start 3 .
 .Ss Low level arithmetic operations
@@ -427,7 +427,7 @@ operates on the 4 word arrays
 .Fa a
 and
 .Fa b
-and the 8 word array
+and the 8-word array
 .Fa r .
 It computes
 .Fa a Ns * Ns Fa b
@@ -435,11 +435,11 @@ and places the result in
 .Fa r .
 .Pp
 .Fn bn_mul_comba8 r a b
-operates on the 8 word arrays
+operates on the 8-word arrays
 .Fa a
 and
 .Fa b
-and the 16 word array
+and the 16-word array
 .Fa r .
 It computes
 .Fa a Ns * Ns Fa b
@@ -447,15 +447,15 @@ and places the result in
 .Fa r .
 .Pp
 .Fn bn_sqr_comba4 r a b
-operates on the 4 word arrays
+operates on the 4-word arrays
 .Fa a
 and
 .Fa b
-and the 8 word array
+and the 8-word array
 .Fa r .
 .Pp
 .Fn bn_sqr_comba8 r a b
-operates on the 8 word arrays
+operates on the 8-word arrays
 .Fa a
 and
 .Fa b
@@ -681,7 +681,7 @@ prints
 .Fa n
 words at
 .Fa d
-(in reverse order, i.e.
+(in reverse order, i.e.\&
 most significant word first) to
 .Dv stderr .
 .Pp
diff --git a/src/lib/libcrypto/man/crypto.3 b/src/lib/libcrypto/man/crypto.3
index 20b139bf74..7e7572ea67 100644
--- a/src/lib/libcrypto/man/crypto.3
+++ b/src/lib/libcrypto/man/crypto.3
@@ -1,6 +1,6 @@
-.\"	$OpenBSD: crypto.3,v 1.5 2016/11/21 09:56:35 schwarze Exp $
+.\"	$OpenBSD: crypto.3,v 1.6 2016/12/03 13:36:03 jmc Exp $
 .\"
-.Dd $Mdocdate: November 21 2016 $
+.Dd $Mdocdate: December 3 2016 $
 .Dt CRYPTO 3
 .Os
 .Sh NAME
@@ -12,7 +12,7 @@ algorithms used in various Internet standards.
 The services provided by this library are used by the OpenSSL
 implementations of SSL, TLS and S/MIME, and they have also been used to
 implement SSH, OpenPGP, and other cryptographic standards.
-.Sh OVERVIEW
+.Pp
 .Sy libcrypto
 consists of a number of sub-libraries that implement the individual
 algorithms.
@@ -20,7 +20,7 @@ algorithms.
 The functionality includes symmetric encryption, public key cryptography
 and key agreement, certificate handling, cryptographic hash functions
 and a cryptographic pseudo-random number generator.
-.Bl -tag -width Ds
+.Bl -tag -width Ds -offset indent
 .It SYMMETRIC CIPHERS
 .Xr blowfish 3 ,
 CAST, DES, IDEA, RC2,
@@ -51,7 +51,7 @@ x509v3
 asn1,
 .Xr BIO 3 ,
 .Xr evp 3 ,
-.Xr PEM 3 ,
+PEM,
 pkcs7,
 pkcs12
 .It INTERNAL FUNCTIONS
@@ -63,7 +63,7 @@ objects,
 stack,
 txt_db
 .El
-.Sh NOTES
+.Pp
 Some of the newer functions follow a naming convention using the numbers
 .Sq 0
 and
-- 
cgit v1.2.3-55-g6feb