Fix nits in pod files.

Add doc-nit-check to help find future issues.
Make podchecker be almost clean.
Remove trailing whitespace.
Tab expansion

Reviewed-by: Richard Levitte <levitte@openssl.org>

doc/apps/CA.pl.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/asn1parse.pod

@@ -153,7 +153,7 @@ space. The second column is the "short name" which is a single word followed
 by white space. The final column is the rest of the line and is the
 "long name". B<asn1parse> displays the long name. Example:
 
-C<1.2.3.4	shortName	A long name>
+C<1.2.3.4       shortName       A long name>
 
 =head1 EXAMPLES
 

doc/apps/ca.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME
@@ -586,7 +585,7 @@ A sample configuration file with the relevant sections for B<ca>:
 
  dir            = ./demoCA              # top dir
  database       = $dir/index.txt        # index file.
- new_certs_dir	= $dir/newcerts         # new certs dir
+ new_certs_dir  = $dir/newcerts         # new certs dir
 
  certificate    = $dir/cacert.pem       # The CA cert
  serial         = $dir/serial           # serial no file
@@ -600,9 +599,9 @@ A sample configuration file with the relevant sections for B<ca>:
  policy         = policy_any            # default policy
  email_in_dn    = no                    # Don't add the email into cert DN
 
- name_opt	= ca_default		# Subject name display option
+ name_opt       = ca_default            # Subject name display option
- cert_opt	= ca_default		# Certificate display option
+ cert_opt       = ca_default            # Certificate display option
- copy_extensions = none			# Don't copy extensions from request
+ copy_extensions = none                 # Don't copy extensions from request
 
  [ policy_any ]
  countryName            = supplied

doc/apps/cms.pod

@@ -598,29 +598,29 @@ be processed by the older B<smime> command.
 Create a cleartext signed message:
 
  openssl cms -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem
+        -signer mycert.pem
 
 Create an opaque signed message
 
  openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
-	-signer mycert.pem
+        -signer mycert.pem
 
 Create a signed message, include some additional certificates and
 read the private key from another file:
 
  openssl cms -sign -in in.txt -text -out mail.msg \
-	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
 
 Create a signed message with two signers, use key identifier:
 
  openssl cms -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem -signer othercert.pem -keyid
+        -signer mycert.pem -signer othercert.pem -keyid
 
 Send a signed message under Unix directly to sendmail, including headers:
 
  openssl cms -sign -in in.txt -text -signer mycert.pem \
-	-from steve@openssl.org -to someone@somewhere \
+        -from steve@openssl.org -to someone@somewhere \
-	-subject "Signed message" | sendmail someone@somewhere
+        -subject "Signed message" | sendmail someone@somewhere
 
 Verify a message and extract the signer's certificate if successful:
 
@@ -629,15 +629,15 @@ Verify a message and extract the signer's certificate if successful:
 Send encrypted mail using triple DES:
 
  openssl cms -encrypt -in in.txt -from steve@openssl.org \
-	-to someone@somewhere -subject "Encrypted message" \
+        -to someone@somewhere -subject "Encrypted message" \
-	-des3 user.pem -out mail.msg
+        -des3 user.pem -out mail.msg
 
 Sign and encrypt mail:
 
  openssl cms -sign -in ml.txt -signer my.pem -text \
-	| openssl cms -encrypt -out mail.msg \
+        | openssl cms -encrypt -out mail.msg \
-	-from steve@openssl.org -to someone@somewhere \
+        -from steve@openssl.org -to someone@somewhere \
-	-subject "Signed and Encrypted message" -des3 user.pem
+        -subject "Signed and Encrypted message" -des3 user.pem
 
 Note: the encryption command does not include the B<-text> option because the
 message being encrypted already has MIME headers.
@@ -673,17 +673,17 @@ Add a signer to an existing message:
 Sign mail using RSA-PSS:
 
  openssl cms -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem -keyopt rsa_padding_mode:pss
+        -signer mycert.pem -keyopt rsa_padding_mode:pss
 
 Create encrypted mail using RSA-OAEP:
 
  openssl cms -encrypt -in plain.txt -out mail.msg \
-	-recip cert.pem -keyopt rsa_padding_mode:oaep
+        -recip cert.pem -keyopt rsa_padding_mode:oaep
 
 Use SHA256 KDF with an ECDH certificate:
 
  openssl cms -encrypt -in plain.txt -out mail.msg \
-	-recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
+        -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
 
 =head1 BUGS
 

doc/apps/config.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =for comment openssl_manual_section:5

doc/apps/crl2pkcs7.pod

@@ -75,7 +75,7 @@ Creates a PKCS#7 structure in DER format with no CRL from several
 different certificates:
 
  openssl crl2pkcs7 -nocrl -certfile newcert.pem
-	-certfile demoCA/cacert.pem -outform DER -out p7.der
+        -certfile demoCA/cacert.pem -outform DER -out p7.der
 
 =head1 NOTES
 

doc/apps/enc.pod

@@ -283,13 +283,13 @@ authentication tag.
  rc5-ecb            RC5 cipher in ECB mode
  rc5-ofb            RC5 cipher in OFB mode
 
- aes-[128|192|256]-cbc	128/192/256 bit AES in CBC mode
+ aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
- aes[128|192|256]	Alias for aes-[128|192|256]-cbc
+ aes[128|192|256]       Alias for aes-[128|192|256]-cbc
- aes-[128|192|256]-cfb	128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
- aes-[128|192|256]-cfb1	128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
- aes-[128|192|256]-cfb8	128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
- aes-[128|192|256]-ecb	128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
- aes-[128|192|256]-ofb	128/192/256 bit AES in OFB mode
+ aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
 
 =head1 EXAMPLES
 

doc/apps/engine.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME
@@ -52,6 +51,7 @@ Tests if each specified engine is available, and displays the answer.
 Displays an error trace for any unavailable engine.
 
 =item B<-pre> I<command>
+
 =item B<-post> I<command>
 
 Command-line configuration of engines.

doc/apps/genpkey.pod

@@ -213,12 +213,12 @@ Encrypt output private key using 128 bit AES and the passphrase "hello":
 Generate a 2048 bit RSA key using 3 as the public exponent:
 
  openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
- 						-pkeyopt rsa_keygen_pubexp:3
+                                                -pkeyopt rsa_keygen_pubexp:3
 
 Generate 1024 bit DSA parameters:
 
  openssl genpkey -genparam -algorithm DSA -out dsap.pem \
-						-pkeyopt dsa_paramgen_bits:1024
+                                                -pkeyopt dsa_paramgen_bits:1024
 
 Generate DSA key from parameters:
 
@@ -227,7 +227,7 @@ Generate DSA key from parameters:
 Generate 1024 bit DH parameters:
 
  openssl genpkey -genparam -algorithm DH -out dhp.pem \
-					-pkeyopt dh_paramgen_prime_len:1024
+                                        -pkeyopt dh_paramgen_prime_len:1024
 
 Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
 
@@ -240,8 +240,8 @@ Generate DH key from parameters:
 Generate EC parameters:
 
  openssl genpkey -genparam -algorithm EC -out ecp.pem \
-	-pkeyopt ec_paramgen_curve:secp384r1 \
+        -pkeyopt ec_paramgen_curve:secp384r1 \
-	-pkeyopt ec_param_enc:named_curve
+        -pkeyopt ec_param_enc:named_curve
 
 Generate EC key from parameters:
 
@@ -250,8 +250,8 @@ Generate EC key from parameters:
 Generate EC key directly:
 
  openssl genpkey -algorithm EC -out eckey.pem \
-	-pkeyopt ec_paramgen_curve:P-384 \
+        -pkeyopt ec_paramgen_curve:P-384 \
-	-pkeyopt ec_param_enc:named_curve
+        -pkeyopt ec_param_enc:named_curve
 
 =head1 HISTORY
 

doc/apps/ocsp.pod

@@ -342,8 +342,8 @@ The OCSP server will exit after receiving B<number> requests, default unlimited.
 =item B<-nmin minutes>, B<-ndays days>
 
 Number of minutes or days when fresh revocation information is available: used in the
-B<nextUpdate> field. If neither option is present then the B<nextUpdate> field is 
+B<nextUpdate> field. If neither option is present then the B<nextUpdate> field
-omitted meaning fresh revocation information is immediately available.
+is omitted meaning fresh revocation information is immediately available.
 
 =back
 
@@ -427,7 +427,7 @@ OCSP server on port 8888 using a standard B<ca> configuration, and a separate
 responder certificate. All requests and responses are printed to a file.
 
  openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
-	-text -out log.txt
+        -text -out log.txt
 
 As above but exit after processing one request:
 

doc/apps/openssl.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/pkcs12.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/pkey.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/pkeyparam.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/req.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME
@@ -499,8 +498,8 @@ Generate a self signed root certificate:
 
 Example of a file pointed to by the B<oid_file> option:
 
- 1.2.3.4	shortName	A longer Name
+ 1.2.3.4        shortName       A longer Name
- 1.2.3.6	otherName	Other longer Name
+ 1.2.3.6        otherName       Other longer Name
 
 Example of a section pointed to by B<oid_section> making use of variable
 expansion:
@@ -511,34 +510,34 @@ expansion:
 Sample configuration file prompting for field values:
 
  [ req ]
- default_bits		= 2048
+ default_bits           = 2048
- default_keyfile 	= privkey.pem
+ default_keyfile        = privkey.pem
- distinguished_name	= req_distinguished_name
+ distinguished_name     = req_distinguished_name
- attributes		= req_attributes
+ attributes             = req_attributes
- req_extensions		= v3_ca
+ req_extensions         = v3_ca
 
  dirstring_type = nobmp
 
  [ req_distinguished_name ]
- countryName			= Country Name (2 letter code)
+ countryName                    = Country Name (2 letter code)
- countryName_default		= AU
+ countryName_default            = AU
- countryName_min		= 2
+ countryName_min                = 2
- countryName_max		= 2
+ countryName_max                = 2
 
- localityName			= Locality Name (eg, city)
+ localityName                   = Locality Name (eg, city)
 
- organizationalUnitName		= Organizational Unit Name (eg, section)
+ organizationalUnitName         = Organizational Unit Name (eg, section)
 
- commonName			= Common Name (eg, YOUR name)
+ commonName                     = Common Name (eg, YOUR name)
- commonName_max			= 64
+ commonName_max                 = 64
 
- emailAddress			= Email Address
+ emailAddress                   = Email Address
- emailAddress_max		= 40
+ emailAddress_max               = 40
 
  [ req_attributes ]
- challengePassword		= A challenge password
+ challengePassword              = A challenge password
- challengePassword_min		= 4
+ challengePassword_min          = 4
- challengePassword_max		= 20
+ challengePassword_max          = 20
 
  [ v3_ca ]
 
@@ -549,27 +548,27 @@ Sample configuration file prompting for field values:
 Sample configuration containing all field values:
 
 
- RANDFILE		= $ENV::HOME/.rnd
+ RANDFILE               = $ENV::HOME/.rnd
 
  [ req ]
- default_bits		= 2048
+ default_bits           = 2048
- default_keyfile 	= keyfile.pem
+ default_keyfile        = keyfile.pem
- distinguished_name	= req_distinguished_name
+ distinguished_name     = req_distinguished_name
- attributes		= req_attributes
+ attributes             = req_attributes
- prompt			= no
+ prompt                 = no
- output_password	= mypass
+ output_password        = mypass
 
  [ req_distinguished_name ]
- C			= GB
+ C                      = GB
- ST			= Test State or Province
+ ST                     = Test State or Province
- L			= Test Locality
+ L                      = Test Locality
- O			= Organization Name
+ O                      = Organization Name
- OU			= Organizational Unit Name
+ OU                     = Organizational Unit Name
- CN			= Common Name
+ CN                     = Common Name
- emailAddress		= test@email.address
+ emailAddress           = test@email.address
 
  [ req_attributes ]
- challengePassword		= A challenge password
+ challengePassword              = A challenge password
 
 
 =head1 NOTES
@@ -596,13 +595,13 @@ by the script in an extendedKeyUsage extension.
 
 The following messages are frequently asked about:
 
-	Using configuration from /some/path/openssl.cnf
+        Using configuration from /some/path/openssl.cnf
-	Unable to load config info
+        Unable to load config info
 
 This is followed some time later by...
 
-	unable to find 'distinguished_name' in config
+        unable to find 'distinguished_name' in config
-	problems making Certificate Request
+        problems making Certificate Request
 
 The first error message is the clue: it can't find the configuration
 file! Certain operations (like examining a certificate request) don't

doc/apps/rsa.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/s_client.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/s_server.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/s_time.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/sess_id.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME

doc/apps/smime.pod

@@ -398,29 +398,29 @@ the signers certificates.
 Create a cleartext signed message:
 
  openssl smime -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem
+        -signer mycert.pem
 
 Create an opaque signed message:
 
  openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
-	-signer mycert.pem
+        -signer mycert.pem
 
 Create a signed message, include some additional certificates and
 read the private key from another file:
 
  openssl smime -sign -in in.txt -text -out mail.msg \
-	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
 
 Create a signed message with two signers:
 
  openssl smime -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem -signer othercert.pem
+        -signer mycert.pem -signer othercert.pem
 
 Send a signed message under Unix directly to sendmail, including headers:
 
  openssl smime -sign -in in.txt -text -signer mycert.pem \
-	-from steve@openssl.org -to someone@somewhere \
+        -from steve@openssl.org -to someone@somewhere \
-	-subject "Signed message" | sendmail someone@somewhere
+        -subject "Signed message" | sendmail someone@somewhere
 
 Verify a message and extract the signer's certificate if successful:
 
@@ -429,15 +429,15 @@ Verify a message and extract the signer's certificate if successful:
 Send encrypted mail using triple DES:
 
  openssl smime -encrypt -in in.txt -from steve@openssl.org \
-	-to someone@somewhere -subject "Encrypted message" \
+        -to someone@somewhere -subject "Encrypted message" \
-	-des3 user.pem -out mail.msg
+        -des3 user.pem -out mail.msg
 
 Sign and encrypt mail:
 
  openssl smime -sign -in ml.txt -signer my.pem -text \
-	| openssl smime -encrypt -out mail.msg \
+        | openssl smime -encrypt -out mail.msg \
-	-from steve@openssl.org -to someone@somewhere \
+        -from steve@openssl.org -to someone@somewhere \
-	-subject "Signed and Encrypted message" -des3 user.pem
+        -subject "Signed and Encrypted message" -des3 user.pem
 
 Note: the encryption command does not include the B<-text> option because the
 message being encrypted already has MIME headers.

doc/apps/ts.pod

@@ -522,13 +522,13 @@ To create a time stamp request for design1.txt with SHA-1
 without nonce and policy and no certificate is required in the response:
 
   openssl ts -query -data design1.txt -no_nonce \
-	-out design1.tsq
+        -out design1.tsq
 
 To create a similar time stamp request with specifying the message imprint
 explicitly:
 
   openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-	 -no_nonce -out design1.tsq
+         -no_nonce -out design1.tsq
 
 To print the content of the previous request in human readable format:
 
@@ -540,7 +540,7 @@ specifies a policy id (assuming the tsa_policy1 name is defined in the
 OID section of the config file):
 
   openssl ts -query -data design2.txt -md5 \
-	-tspolicy tsa_policy1 -cert -out design2.tsq
+        -tspolicy tsa_policy1 -cert -out design2.tsq
 
 =head2 Time Stamp Response
 
@@ -557,7 +557,7 @@ tsakey.pem is the private key of the TSA.
 To create a time stamp response for a request:
 
   openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
-	-signer tsacert.pem -out design1.tsr
+        -signer tsacert.pem -out design1.tsr
 
 If you want to use the settings in the config file you could just write:
 
@@ -589,20 +589,20 @@ valid response:
 To verify a time stamp reply against a request:
 
   openssl ts -verify -queryfile design1.tsq -in design1.tsr \
-	-CAfile cacert.pem -untrusted tsacert.pem
+        -CAfile cacert.pem -untrusted tsacert.pem
 
 To verify a time stamp reply that includes the certificate chain:
 
   openssl ts -verify -queryfile design2.tsq -in design2.tsr \
-	-CAfile cacert.pem
+        -CAfile cacert.pem
 
 To verify a time stamp token against the original data file:
   openssl ts -verify -data design2.txt -in design2.tsr \
-	-CAfile cacert.pem
+        -CAfile cacert.pem
 
 To verify a time stamp token against a message imprint:
   openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-	 -in design2.tsr -CAfile cacert.pem
+         -in design2.tsr -CAfile cacert.pem
 
 You could also look at the 'test' directory for more examples.
 

doc/apps/tsget.pod

@@ -33,15 +33,15 @@ line.
 
 The tool sends the following HTTP request for each time stamp request:
 
-	POST url HTTP/1.1
+        POST url HTTP/1.1
-	User-Agent: OpenTSA tsget.pl/<version>
+        User-Agent: OpenTSA tsget.pl/<version>
-	Host: <host>:<port>
+        Host: <host>:<port>
-	Pragma: no-cache
+        Pragma: no-cache
-	Content-Type: application/timestamp-query
+        Content-Type: application/timestamp-query
-	Accept: application/timestamp-reply
+        Accept: application/timestamp-reply
-	Content-Length: length of body
+        Content-Length: length of body
 
-	...binary request specified by the user...
+        ...binary request specified by the user...
 
 B<tsget> expects a response of type application/timestamp-reply, which is
 written to a file without any interpretation.
@@ -151,34 +151,34 @@ Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
 progress, output is written to file1.reply and file2.reply respectively:
 
   tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
-	file1.tsq file2.tsq
+        file1.tsq file2.tsq
 
 Create a time stamp request, write it to file3.tsq, send it to the server and
 write the response to file3.tsr:
 
   openssl ts -query -data file3.txt -cert | tee file3.tsq \
-	| tsget -h http://tsa.opentsa.org:8080/tsa \
+        | tsget -h http://tsa.opentsa.org:8080/tsa \
-	-o file3.tsr
+        -o file3.tsr
 
 Get a time stamp response for file1.tsq over HTTPS without client
 authentication:
 
   tsget -h https://tsa.opentsa.org:8443/tsa \
-	-C cacerts.pem file1.tsq
+        -C cacerts.pem file1.tsq
 
 Get a time stamp response for file1.tsq over HTTPS with certificate-based
 client authentication (it will ask for the passphrase if client_key.pem is
 protected):
 
   tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-	-k client_key.pem -c client_cert.pem file1.tsq
+        -k client_key.pem -c client_cert.pem file1.tsq
 
 You can shorten the previous command line if you make use of the B<TSGET>
 environment variable. The following commands do the same as the previous
 example:
 
   TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-	-k client_key.pem -c client_cert.pem'
+        -k client_key.pem -c client_cert.pem'
   export TSGET
   tsget file1.tsq
 

doc/apps/x509.pod

@@ -1,4 +1,3 @@
-
 =pod
 
 =head1 NAME
@@ -707,20 +706,20 @@ Convert a certificate request into a self signed certificate using
 extensions for a CA:
 
  openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
-	-signkey key.pem -out cacert.pem
+        -signkey key.pem -out cacert.pem
 
 Sign a certificate request using the CA certificate above and add user
 certificate extensions:
 
  openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
-	-CA cacert.pem -CAkey key.pem -CAcreateserial
+        -CA cacert.pem -CAkey key.pem -CAcreateserial
 
 
 Set a certificate to be trusted for SSL client use and change set its alias to
 "Steve's Class 1 CA"
 
  openssl x509 -in cert.pem -addtrust clientAuth \
-	-setalias "Steve's Class 1 CA" -out trust.pem
+        -setalias "Steve's Class 1 CA" -out trust.pem
 
 =head1 NOTES
 

doc/apps/x509v3_config.pod

@@ -108,19 +108,19 @@ These can either be object short names or the dotted numerical form of OIDs.
 While any OID can be used only certain values make sense. In particular the
 following PKIX, NS and MS values are meaningful:
 
- Value			Meaning
+ Value                  Meaning
- -----			-------
+ -----                  -------
- serverAuth		SSL/TLS Web Server Authentication.
+ serverAuth             SSL/TLS Web Server Authentication.
- clientAuth		SSL/TLS Web Client Authentication.
+ clientAuth             SSL/TLS Web Client Authentication.
- codeSigning		Code signing.
+ codeSigning            Code signing.
- emailProtection	E-mail Protection (S/MIME).
+ emailProtection        E-mail Protection (S/MIME).
- timeStamping		Trusted Timestamping
+ timeStamping           Trusted Timestamping
- OCSPSigning		OCSP Signing
+ OCSPSigning            OCSP Signing
- ipsecIKE		ipsec Internet Key Exchnage
+ ipsecIKE               ipsec Internet Key Exchnage
- msCodeInd		Microsoft Individual Code Signing (authenticode)
+ msCodeInd              Microsoft Individual Code Signing (authenticode)
- msCodeCom		Microsoft Commercial Code Signing (authenticode)
+ msCodeCom              Microsoft Commercial Code Signing (authenticode)
- msCTLSign		Microsoft Trust List Signing
+ msCTLSign              Microsoft Trust List Signing
- msEFS			Microsoft Encrypted File System
+ msEFS                  Microsoft Encrypted File System
 
 Examples:
 

doc/crypto/ASN1_STRING_length.pod

@@ -72,8 +72,6 @@ character in big endian format, UTF8String will be in UTF8 format.
 Similar care should be take to ensure the data is in the correct format
 when calling ASN1_STRING_set().
 
-=head1 RETURN VALUES
-
 =head1 SEE ALSO
 
 L<ERR_get_error(3)>

doc/crypto/ASN1_TIME_set.pod

@@ -100,7 +100,7 @@ Determine if one time is later or sooner than the current time:
  int day, sec;
 
  if (!ASN1_TIME_diff(&day, &sec, NULL, to))
-	/* Invalid time format */
+        /* Invalid time format */
 
  if (day > 0 || sec > 0)
    printf("Later\n");

doc/crypto/BIO_ctrl.pod

@@ -13,7 +13,7 @@ BIO_get_info_callback, BIO_set_info_callback - BIO control operations
 
  long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
  long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
- char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+ char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
  long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
 
  int BIO_reset(BIO *b);

doc/crypto/BIO_f_base64.pod

@@ -9,7 +9,7 @@ BIO_f_base64 - base64 BIO filter
  #include <openssl/bio.h>
  #include <openssl/evp.h>
 
- const BIO_METHOD *	BIO_f_base64(void);
+ const BIO_METHOD *     BIO_f_base64(void);
 
 =head1 DESCRIPTION
 
@@ -64,7 +64,7 @@ data to standard output:
  bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
  BIO_push(b64, bio);
  while((inlen = BIO_read(b64, inbuf, 512)) > 0)
-	BIO_write(bio_out, inbuf, inlen);
+        BIO_write(bio_out, inbuf, inlen);
 
  BIO_flush(bio_out);
  BIO_free_all(b64);

doc/crypto/BIO_f_cipher.pod

@@ -9,9 +9,9 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher
  #include <openssl/bio.h>
  #include <openssl/evp.h>
 
- const BIO_METHOD *	BIO_f_cipher(void);
+ const BIO_METHOD *BIO_f_cipher(void);
  void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
-		unsigned char *key, unsigned char *iv, int enc);
+                unsigned char *key, unsigned char *iv, int enc);
  int BIO_get_cipher_status(BIO *b)
  int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
 

doc/crypto/BIO_f_md.pod

@@ -9,7 +9,7 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
  #include <openssl/bio.h>
  #include <openssl/evp.h>
 
- const BIO_METHOD *	BIO_f_md(void);
+ const BIO_METHOD *     BIO_f_md(void);
  int BIO_set_md(BIO *b,EVP_MD *md);
  int BIO_get_md(BIO *b,EVP_MD **mdp);
  int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
@@ -103,7 +103,7 @@ The next example digests data by reading through a chain instead:
  BIO_set_md(mdtmp, EVP_md5());
  bio = BIO_push(mdtmp, bio);
  do {
- 	rdlen = BIO_read(bio, buf, sizeof(buf));
+        rdlen = BIO_read(bio, buf, sizeof(buf));
         /* Might want to do something with the data here */
  } while(rdlen > 0);
 
@@ -114,17 +114,17 @@ outputs them. This could be used with the examples above.
  unsigned char mdbuf[EVP_MAX_MD_SIZE];
  int mdlen;
  int i;
- mdtmp = bio;	/* Assume bio has previously been set up */
+ mdtmp = bio;   /* Assume bio has previously been set up */
  do {
-	EVP_MD *md;
+        EVP_MD *md;
- 	mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+        mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
         if(!mdtmp) break;
-	BIO_get_md(mdtmp, &md);
+        BIO_get_md(mdtmp, &md);
         printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
-	mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+        mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
-	for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+        for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
-	printf("\n");
+        printf("\n");
-	mdtmp = BIO_next(mdtmp);
+        mdtmp = BIO_next(mdtmp);
  } while(mdtmp);
 
  BIO_free_all(bio);

doc/crypto/BIO_f_null.pod

@@ -8,7 +8,7 @@ BIO_f_null - null filter
 
  #include <openssl/bio.h>
 
- const BIO_METHOD *	BIO_f_null(void);
+ const BIO_METHOD *     BIO_f_null(void);
 
 =head1 DESCRIPTION
 

doc/crypto/BIO_f_ssl.pod

@@ -14,15 +14,15 @@ BIO_ssl_shutdown - SSL BIO
 
  const BIO_METHOD *BIO_f_ssl(void);
 
- #define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+ #define BIO_set_ssl(b,ssl,c)   BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
- #define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+ #define BIO_get_ssl(b,sslp)    BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
- #define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+ #define BIO_set_ssl_mode(b,client)     BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
  #define BIO_set_ssl_renegotiate_bytes(b,num) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
  #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
  #define BIO_get_num_renegotiates(b) \
-	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+        BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
 
  BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
  BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
@@ -30,7 +30,7 @@ BIO_ssl_shutdown - SSL BIO
  int BIO_ssl_copy_session_id(BIO *to,BIO *from);
  void BIO_ssl_shutdown(BIO *bio);
 
- #define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+ #define BIO_do_handshake(b)    BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
 
 =head1 DESCRIPTION
 
@@ -170,24 +170,24 @@ unencrypted example in L<BIO_s_connect(3)>.
 
  out = BIO_new_fp(stdout, BIO_NOCLOSE);
  if(BIO_do_connect(sbio) <= 0) {
-	fprintf(stderr, "Error connecting to server\n");
+        fprintf(stderr, "Error connecting to server\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	/* whatever ... */
+        /* whatever ... */
  }
 
  if(BIO_do_handshake(sbio) <= 0) {
-	fprintf(stderr, "Error establishing SSL connection\n");
+        fprintf(stderr, "Error establishing SSL connection\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	/* whatever ... */
+        /* whatever ... */
  }
 
  /* Could examine ssl here to get connection info */
 
  BIO_puts(sbio, "GET / HTTP/1.0\n\n");
  for(;;) {      
-	len = BIO_read(sbio, tmpbuf, 1024);
+        len = BIO_read(sbio, tmpbuf, 1024);
-	if(len <= 0) break;
+        if(len <= 0) break;
-	BIO_write(out, tmpbuf, len);
+        BIO_write(out, tmpbuf, len);
  }
  BIO_free_all(sbio);
  BIO_free(out);
@@ -208,12 +208,12 @@ a client and also echoes the request to standard output.
  ctx = SSL_CTX_new(TLS_server_method());
 
  if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-	|| !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
+        || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-	|| !SSL_CTX_check_private_key(ctx)) {
+        || !SSL_CTX_check_private_key(ctx)) {
 
-	fprintf(stderr, "Error setting up SSL_CTX\n");
+        fprintf(stderr, "Error setting up SSL_CTX\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	return 0;
+        return 0;
  }
 
  /* Might do other things here like setting verify locations and
@@ -254,16 +254,16 @@ a client and also echoes the request to standard output.
 
  /* Setup accept BIO */
  if(BIO_do_accept(acpt) <= 0) {
-	fprintf(stderr, "Error setting up accept BIO\n");
+        fprintf(stderr, "Error setting up accept BIO\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	return 0;
+        return 0;
  }
 
  /* Now wait for incoming connection */
  if(BIO_do_accept(acpt) <= 0) {
-	fprintf(stderr, "Error in connection\n");
+        fprintf(stderr, "Error in connection\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	return 0;
+        return 0;
  }
 
  /* We only want one connection so remove and free
@@ -275,9 +275,9 @@ a client and also echoes the request to standard output.
  BIO_free_all(acpt);
 
  if(BIO_do_handshake(sbio) <= 0) {
-	fprintf(stderr, "Error in SSL handshake\n");
+        fprintf(stderr, "Error in SSL handshake\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	return 0;
+        return 0;
  }
 
  BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
@@ -285,12 +285,12 @@ a client and also echoes the request to standard output.
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
  for(;;) {
- 	len = BIO_gets(sbio, tmpbuf, 1024);
+        len = BIO_gets(sbio, tmpbuf, 1024);
         if(len <= 0) break;
-	BIO_write(sbio, tmpbuf, len);
+        BIO_write(sbio, tmpbuf, len);
-	BIO_write(out, tmpbuf, len);
+        BIO_write(out, tmpbuf, len);
-	/* Look for blank line signifying end of headers*/
+        /* Look for blank line signifying end of headers*/
-	if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
+        if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");

doc/crypto/BIO_find_type.pod

@@ -8,35 +8,35 @@ BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
 
  #include <openssl/bio.h>
 
- BIO *	BIO_find_type(BIO *b,int bio_type);
+ BIO *  BIO_find_type(BIO *b,int bio_type);
- BIO *	BIO_next(BIO *b);
+ BIO *  BIO_next(BIO *b);
 
- #define BIO_method_type(b)		((b)->method->type)
+ #define BIO_method_type(b)             ((b)->method->type)
 
- #define BIO_TYPE_NONE		0
+ #define BIO_TYPE_NONE          0
- #define BIO_TYPE_MEM		(1|0x0400)
+ #define BIO_TYPE_MEM           (1|0x0400)
- #define BIO_TYPE_FILE		(2|0x0400)
+ #define BIO_TYPE_FILE          (2|0x0400)
 
- #define BIO_TYPE_FD		(4|0x0400|0x0100)
+ #define BIO_TYPE_FD            (4|0x0400|0x0100)
- #define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
+ #define BIO_TYPE_SOCKET                (5|0x0400|0x0100)
- #define BIO_TYPE_NULL		(6|0x0400)
+ #define BIO_TYPE_NULL          (6|0x0400)
- #define BIO_TYPE_SSL		(7|0x0200)
+ #define BIO_TYPE_SSL           (7|0x0200)
- #define BIO_TYPE_MD		(8|0x0200)
+ #define BIO_TYPE_MD            (8|0x0200)
- #define BIO_TYPE_BUFFER		(9|0x0200)
+ #define BIO_TYPE_BUFFER                (9|0x0200)
- #define BIO_TYPE_CIPHER		(10|0x0200)
+ #define BIO_TYPE_CIPHER                (10|0x0200)
- #define BIO_TYPE_BASE64		(11|0x0200)
+ #define BIO_TYPE_BASE64                (11|0x0200)
- #define BIO_TYPE_CONNECT	(12|0x0400|0x0100)
+ #define BIO_TYPE_CONNECT       (12|0x0400|0x0100)
- #define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)
+ #define BIO_TYPE_ACCEPT                (13|0x0400|0x0100)
- #define BIO_TYPE_PROXY_CLIENT	(14|0x0200)
+ #define BIO_TYPE_PROXY_CLIENT  (14|0x0200)
- #define BIO_TYPE_PROXY_SERVER	(15|0x0200)
+ #define BIO_TYPE_PROXY_SERVER  (15|0x0200)
- #define BIO_TYPE_NBIO_TEST	(16|0x0200)
+ #define BIO_TYPE_NBIO_TEST     (16|0x0200)
- #define BIO_TYPE_NULL_FILTER	(17|0x0200)
+ #define BIO_TYPE_NULL_FILTER   (17|0x0200)
- #define BIO_TYPE_BER		(18|0x0200)
+ #define BIO_TYPE_BER           (18|0x0200)
- #define BIO_TYPE_BIO		(19|0x0400)
+ #define BIO_TYPE_BIO           (19|0x0400)
 
- #define BIO_TYPE_DESCRIPTOR	0x0100
+ #define BIO_TYPE_DESCRIPTOR    0x0100
- #define BIO_TYPE_FILTER		0x0200
+ #define BIO_TYPE_FILTER                0x0200
- #define BIO_TYPE_SOURCE_SINK	0x0400
+ #define BIO_TYPE_SOURCE_SINK   0x0400
 
 =head1 DESCRIPTION
 
@@ -68,15 +68,15 @@ BIO_method_type() returns the type of the BIO B<b>.
 Traverse a chain looking for digest BIOs:
 
  BIO *btmp;
- btmp = in_bio;	/* in_bio is chain to search through */
+ btmp = in_bio; /* in_bio is chain to search through */
 
  do {
- 	btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+        btmp = BIO_find_type(btmp, BIO_TYPE_MD);
-	if(btmp == NULL) break;	/* Not found */
+        if(btmp == NULL) break; /* Not found */
-	/* btmp is a digest BIO, do something with it ...*/
+        /* btmp is a digest BIO, do something with it ...*/
-   	...
+        ...
 
-	btmp = BIO_next(btmp);
+        btmp = BIO_next(btmp);
  } while(btmp);
 
 

doc/crypto/BIO_get_ex_new_index.pod

@@ -23,9 +23,9 @@ crypto structures:
  #include <openssl/x509.h>
 
  int X509_get_ex_new_index(long argl, void *argp,
-		CRYPTO_EX_new *new_func,
+                CRYPTO_EX_new *new_func,
-		CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func);
+                CRYPTO_EX_free *free_func);
 
  int X509_set_ex_data(X509 *d, int idx, void *arg);
 

doc/crypto/BIO_new.pod

@@ -8,12 +8,12 @@ BIO_new, BIO_set, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation
 
  #include <openssl/bio.h>
 
- BIO *	BIO_new(const BIO_METHOD *type);
+ BIO *  BIO_new(const BIO_METHOD *type);
- int	BIO_set(BIO *a,const BIO_METHOD *type);
+ int    BIO_set(BIO *a,const BIO_METHOD *type);
- int	BIO_up_ref(BIO *a);
+ int    BIO_up_ref(BIO *a);
- int	BIO_free(BIO *a);
+ int    BIO_free(BIO *a);
- void	BIO_vfree(BIO *a);
+ void   BIO_vfree(BIO *a);
- void	BIO_free_all(BIO *a);
+ void   BIO_free_all(BIO *a);
 
 =head1 DESCRIPTION
 

doc/crypto/BIO_new_CMS.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- BIO_new_CMS - CMS streaming filter BIO
+BIO_new_CMS - CMS streaming filter BIO
 
 =head1 SYNOPSIS
 

doc/crypto/BIO_parse_hostserv.pod

@@ -42,11 +42,6 @@ The service part can  be a service name or its port number.
 The returned values will depend on the given B<hostserv> string
 and B<hostserv_prio>, as follows:
 
-=for comment
-The following is ONE verbatim block.  To make sure it's rendered as
-one block and not several, the blank lines in between have one space.
-They should be left as is.
-
  host + ':' + service  => *host = "host", *service = "service"
  host + ':' + '*'      => *host = "host", *service = NULL
  host + ':'            => *host = "host", *service = NULL

doc/crypto/BIO_read.pod

@@ -8,10 +8,10 @@ BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
 
  #include <openssl/bio.h>
 
- int	BIO_read(BIO *b, void *buf, int len);
+ int    BIO_read(BIO *b, void *buf, int len);
- int	BIO_gets(BIO *b, char *buf, int size);
+ int    BIO_gets(BIO *b, char *buf, int size);
- int	BIO_write(BIO *b, const void *buf, int len);
+ int    BIO_write(BIO *b, const void *buf, int len);
- int	BIO_puts(BIO *b, const char *buf);
+ int    BIO_puts(BIO *b, const char *buf);
 
 =head1 DESCRIPTION
 

doc/crypto/BIO_s_accept.pod

@@ -23,9 +23,9 @@ BIO_get_bind_mode, BIO_do_accept - accept BIO
  long BIO_set_bind_mode(BIO *b, long mode);
  long BIO_get_bind_mode(BIO *b);
 
- #define BIO_BIND_NORMAL		0
+ #define BIO_BIND_NORMAL                0
- #define BIO_BIND_REUSEADDR_IF_UNUSED	1
+ #define BIO_BIND_REUSEADDR_IF_UNUSED   1
- #define BIO_BIND_REUSEADDR		2
+ #define BIO_BIND_REUSEADDR             2
 
  int BIO_do_accept(BIO *b);
 
@@ -165,16 +165,16 @@ down each and finally closes both down.
 
  /* First call to BIO_accept() sets up accept BIO */
  if(BIO_do_accept(abio) <= 0) {
-	fprintf(stderr, "Error setting up accept\n");
+        fprintf(stderr, "Error setting up accept\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	exit(0);		
+        exit(0);                
  }
 
  /* Wait for incoming connection */
  if(BIO_do_accept(abio) <= 0) {
-	fprintf(stderr, "Error accepting connection\n");
+        fprintf(stderr, "Error accepting connection\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	exit(0);		
+        exit(0);                
  }
  fprintf(stderr, "Connection 1 established\n");
  /* Retrieve BIO for connection */
@@ -183,9 +183,9 @@ down each and finally closes both down.
  fprintf(stderr, "Sent out data on connection 1\n");
  /* Wait for another connection */
  if(BIO_do_accept(abio) <= 0) {
-	fprintf(stderr, "Error accepting connection\n");
+        fprintf(stderr, "Error accepting connection\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	exit(0);		
+        exit(0);                
  }
  fprintf(stderr, "Connection 2 established\n");
  /* Close accept BIO to refuse further connections */

doc/crypto/BIO_s_bio.pod

@@ -159,7 +159,7 @@ without having to go through the SSL-interface.
    socket
 
   ...
-  SSL_free(ssl);		/* implicitly frees internal_bio */
+  SSL_free(ssl);                /* implicitly frees internal_bio */
   BIO_free(network_bio);
   ...
 

doc/crypto/BIO_s_connect.pod

@@ -168,15 +168,15 @@ to retrieve a page and copy the result to standard output.
  cbio = BIO_new_connect("localhost:http");
  out = BIO_new_fp(stdout, BIO_NOCLOSE);
  if(BIO_do_connect(cbio) <= 0) {
-	fprintf(stderr, "Error connecting to server\n");
+        fprintf(stderr, "Error connecting to server\n");
-	ERR_print_errors_fp(stderr);
+        ERR_print_errors_fp(stderr);
-	/* whatever ... */
+        /* whatever ... */
-	}
+        }
  BIO_puts(cbio, "GET / HTTP/1.0\n\n");
  for(;;) {      
-	len = BIO_read(cbio, tmpbuf, 1024);
+        len = BIO_read(cbio, tmpbuf, 1024);
-	if(len <= 0) break;
+        if(len <= 0) break;
-	BIO_write(out, tmpbuf, len);
+        BIO_write(out, tmpbuf, len);
  }
  BIO_free(cbio);
  BIO_free(out);

doc/crypto/BIO_s_fd.pod

@@ -8,10 +8,10 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
 
  #include <openssl/bio.h>
 
- const BIO_METHOD *	BIO_s_fd(void);
+ const BIO_METHOD *     BIO_s_fd(void);
 
- #define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+ #define BIO_set_fd(b,fd,c)     BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
- #define BIO_get_fd(b,c)	BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+ #define BIO_get_fd(b,c)        BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
 
  BIO *BIO_new_fd(int fd, int close_flag);
 

doc/crypto/BIO_s_file.pod

@@ -10,7 +10,7 @@ BIO_rw_filename - FILE bio
 
  #include <openssl/bio.h>
 
- const BIO_METHOD *	BIO_s_file(void);
+ const BIO_METHOD *     BIO_s_file(void);
  BIO *BIO_new_file(const char *filename, const char *mode);
  BIO *BIO_new_fp(FILE *stream, int flags);
 

doc/crypto/BIO_s_mem.pod

@@ -9,8 +9,8 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
 
  #include <openssl/bio.h>
 
- const BIO_METHOD *	BIO_s_mem(void);
+ const BIO_METHOD *     BIO_s_mem(void);
- const BIO_METHOD *	BIO_s_secmem(void);
+ const BIO_METHOD *     BIO_s_secmem(void);
 
  BIO_set_mem_eof_return(BIO *b,int v)
  long BIO_get_mem_data(BIO *b, char **pp)

doc/crypto/BIO_s_null.pod

@@ -8,7 +8,7 @@ BIO_s_null - null data sink
 
  #include <openssl/bio.h>
 
- const BIO_METHOD *	BIO_s_null(void);
+ const BIO_METHOD *     BIO_s_null(void);
 
 =head1 DESCRIPTION
 

doc/crypto/BIO_set_callback.pod

@@ -9,16 +9,16 @@ BIO_debug_callback - BIO callback functions
 
  #include <openssl/bio.h>
 
- #define BIO_set_callback(b,cb)		((b)->callback=(cb))
+ #define BIO_set_callback(b,cb)         ((b)->callback=(cb))
- #define BIO_get_callback(b)		((b)->callback)
+ #define BIO_get_callback(b)            ((b)->callback)
- #define BIO_set_callback_arg(b,arg)	((b)->cb_arg=(char *)(arg))
+ #define BIO_set_callback_arg(b,arg)    ((b)->cb_arg=(char *)(arg))
- #define BIO_get_callback_arg(b)		((b)->cb_arg)
+ #define BIO_get_callback_arg(b)                ((b)->cb_arg)
 
  long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-	long argl,long ret);
+        long argl,long ret);
 
  typedef long (*callback)(BIO *b, int oper, const char *argp,
-			int argi, long argl, long retvalue);
+                        int argi, long argl, long retvalue);
 
 =head1 DESCRIPTION
 

doc/crypto/BIO_should_retry.pod

@@ -11,17 +11,17 @@ functions
 
  #include <openssl/bio.h>
 
- #define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)
+ #define BIO_should_read(a)             ((a)->flags & BIO_FLAGS_READ)
- #define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)
+ #define BIO_should_write(a)            ((a)->flags & BIO_FLAGS_WRITE)
- #define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)
+ #define BIO_should_io_special(a)       ((a)->flags & BIO_FLAGS_IO_SPECIAL)
- #define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
+ #define BIO_retry_type(a)              ((a)->flags & BIO_FLAGS_RWS)
- #define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+ #define BIO_should_retry(a)            ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
 
- #define BIO_FLAGS_READ		0x01
+ #define BIO_FLAGS_READ         0x01
- #define BIO_FLAGS_WRITE	0x02
+ #define BIO_FLAGS_WRITE        0x02
- #define BIO_FLAGS_IO_SPECIAL	0x04
+ #define BIO_FLAGS_IO_SPECIAL   0x04
  #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
- #define BIO_FLAGS_SHOULD_RETRY	0x08
+ #define BIO_FLAGS_SHOULD_RETRY 0x08
 
  BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
  int BIO_get_retry_reason(BIO *bio);

doc/crypto/BN_BLINDING_new.pod

@@ -13,15 +13,15 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
  #include <openssl/bn.h>
 
  BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
-	BIGNUM *mod);
+        BIGNUM *mod);
  void BN_BLINDING_free(BN_BLINDING *b);
  int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
  int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
  int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
  int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
-	BN_CTX *ctx);
+        BN_CTX *ctx);
  int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
-	BN_CTX *ctx);
+        BN_CTX *ctx);
  int BN_BLINDING_is_current_thread(BN_BLINDING *b);
  void BN_BLINDING_set_current_thread(BN_BLINDING *b);
  int BN_BLINDING_lock(BN_BLINDING *b);
@@ -29,10 +29,10 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
  unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
  void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
  BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-	const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-	BN_MONT_CTX *m_ctx);
+        BN_MONT_CTX *m_ctx);
 
 =head1 DESCRIPTION
 

doc/crypto/CMS_add1_recipient_cert.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
+CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_add1_signer.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure.
+CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure.
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_decrypt.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_decrypt - decrypt content from a CMS envelopedData structure
+CMS_decrypt - decrypt content from a CMS envelopedData structure
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_encrypt.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_encrypt - create a CMS envelopedData structure
+CMS_encrypt - create a CMS envelopedData structure
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_final.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_final - finalise a CMS_ContentInfo structure
+CMS_final - finalise a CMS_ContentInfo structure
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_get0_type.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content
+CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_get1_ReceiptRequest.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions.
+CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions.
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_sign.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_sign - create a CMS SignedData structure
+CMS_sign - create a CMS SignedData structure
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_sign_receipt.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_sign_receipt - create a CMS signed receipt
+CMS_sign_receipt - create a CMS signed receipt
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_uncompress.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_uncompress - uncompress a CMS CompressedData structure
+CMS_uncompress - uncompress a CMS CompressedData structure
 
 =head1 SYNOPSIS
 

doc/crypto/CMS_verify_receipt.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- CMS_verify_receipt - verify a CMS signed receipt
+CMS_verify_receipt - verify a CMS signed receipt
 
 =head1 SYNOPSIS
 

doc/crypto/CONF_modules_free.pod

@@ -2,8 +2,8 @@
 
 =head1 NAME
 
- CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
+CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
- OpenSSL configuration cleanup functions
+OpenSSL configuration cleanup functions
 
 =head1 SYNOPSIS
 

doc/crypto/CONF_modules_load_file.pod

@@ -2,16 +2,16 @@
 
 =head1 NAME
 
- CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
+CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
 
 =head1 SYNOPSIS
 
  #include <openssl/conf.h>
 
  int CONF_modules_load_file(const char *filename, const char *appname,
-			                unsigned long flags);
+                                        unsigned long flags);
  int CONF_modules_load(const CONF *cnf, const char *appname,
-		               unsigned long flags);
+                               unsigned long flags);
 
 =head1 DESCRIPTION
 

doc/crypto/CRYPTO_get_ex_new_index.pod

@@ -12,9 +12,9 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
 
  int CRYPTO_get_ex_new_index(int class_index,
                 long argl, void *argp,
-		CRYPTO_EX_new *new_func,
+                CRYPTO_EX_new *new_func,
-		CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func);
+                CRYPTO_EX_free *free_func);
 
  typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                            int idx, long argl, void *argp);

doc/crypto/DH_generate_parameters.pod

@@ -2,7 +2,6 @@
 
 =head1 NAME
 
-
 DH_generate_parameters_ex, DH_generate_parameters,
 DH_check - generate and check Diffie-Hellman parameters
 

doc/crypto/DSA_do_sign.pod

@@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA signature operations
  DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 
  int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-	     DSA_SIG *sig, DSA *dsa);
+             DSA_SIG *sig, DSA *dsa);
 
 =head1 DESCRIPTION
 

doc/crypto/DSA_generate_parameters.pod

@@ -9,15 +9,15 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters
  #include <openssl/dsa.h>
 
  int DSA_generate_parameters_ex(DSA *dsa, int bits,
-		const unsigned char *seed,int seed_len,
+                const unsigned char *seed,int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 
 Deprecated:
 
  #if OPENSSL_API_COMPAT < 0x00908000L
  DSA *DSA_generate_parameters(int bits, unsigned char *seed,
                 int seed_len, int *counter_ret, unsigned long *h_ret,
-		void (*callback)(int, int, void *), void *cb_arg);
+                void (*callback)(int, int, void *), void *cb_arg);
  #endif
 
 =head1 DESCRIPTION

doc/crypto/DSA_sign.pod

@@ -8,14 +8,14 @@ DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
 
  #include <openssl/dsa.h>
 
- int	DSA_sign(int type, const unsigned char *dgst, int len,
+ int    DSA_sign(int type, const unsigned char *dgst, int len,
-		unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
 
- int	DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+ int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
                 BIGNUM **rp);
 
- int	DSA_verify(int type, const unsigned char *dgst, int len,
+ int    DSA_verify(int type, const unsigned char *dgst, int len,
-		unsigned char *sigbuf, int siglen, DSA *dsa);
+                unsigned char *sigbuf, int siglen, DSA *dsa);
 
 =head1 DESCRIPTION
 

doc/crypto/EC_GROUP_copy.pod

@@ -47,7 +47,7 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROU
  int EC_GROUP_get_basis_type(const EC_GROUP *);
  int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
  int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
-	unsigned int *k2, unsigned int *k3);
+        unsigned int *k2, unsigned int *k3);
 
 =head1 DESCRIPTION
 
@@ -89,17 +89,16 @@ The point_conversion_form for a curve controls how EC_POINT data is encoded as A
 point_conversion_form_t is an enum defined as follows:
 
  typedef enum {
-	/** the point is encoded as z||x, where the octet z specifies 
+        /** the point is encoded as z||x, where the octet z specifies
-	 *   which solution of the quadratic equation y is  */
+         *   which solution of the quadratic equation y is  */
-	POINT_CONVERSION_COMPRESSED = 2,
+        POINT_CONVERSION_COMPRESSED = 2,
-	/** the point is encoded as z||x||y, where z is the octet 0x02  */
+        /** the point is encoded as z||x||y, where z is the octet 0x02  */
-	POINT_CONVERSION_UNCOMPRESSED = 4,
+        POINT_CONVERSION_UNCOMPRESSED = 4,
-	/** the point is encoded as z||x||y, where the octet z specifies
+        /** the point is encoded as z||x||y, where the octet z specifies
          *  which solution of the quadratic equation y is  */
-	POINT_CONVERSION_HYBRID = 6
+        POINT_CONVERSION_HYBRID = 6
  } point_conversion_form_t;
 
- 
 For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by
 the octets for x, followed by the octets for y.
 

doc/crypto/EC_GROUP_new.pod

@@ -79,9 +79,9 @@ not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than
 The EC_builtin_curve structure is defined as follows:
 
  typedef struct {
-	int nid;
+        int nid;
-	const char *comment;
+        const char *comment;
-	} EC_builtin_curve;
+        } EC_builtin_curve;
 
 Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve.
 

doc/crypto/EVP_BytesToKey.pod

@@ -44,7 +44,7 @@ defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
 The key and IV is derived by concatenating D_1, D_2, etc until
 enough data is available for the key and IV. D_i is defined as:
 
-	D_i = HASH^count(D_(i-1) || data || salt)
+        D_i = HASH^count(D_(i-1) || data || salt)
 
 where || denotes concatenation, D_0 is empty, HASH is the digest
 algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)

doc/crypto/EVP_CIPHER_meth_new.pod

@@ -82,37 +82,14 @@ With the exception of cipher modes, of which only one may be present,
 several flags can be or'd together.
 The available flags are:
 
-=over 4
+=over
 
-=over 4
+=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
+EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
+EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE,
+EVP_CIPH_OCB_MODE
 
-=item The cipher modes:
+The cipher mode.
-
-=over 4
-
-=item EVP_CIPH_STREAM_CIPHER
-
-=item EVP_CIPH_ECB_MODE
-
-=item EVP_CIPH_CBC_MODE
-
-=item EVP_CIPH_CFB_MODE
-
-=item EVP_CIPH_OFB_MODE
-
-=item EVP_CIPH_CTR_MODE
-
-=item EVP_CIPH_GCM_MODE
-
-=item EVP_CIPH_CCM_MODE
-
-=item EVP_CIPH_XTS_MODE
-
-=item EVP_CIPH_WRAP_MODE
-
-=item EVP_CIPH_OCB_MODE
-
-=back
 
 =item EVP_CIPH_VARIABLE_LENGTH
 
@@ -197,13 +174,8 @@ This indicates that this is an AEAD cipher implementation.
 
 =item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
 
-=begin comment
+Allow interleaving of crypto blocks, a particular optimization only applicable
-
+to certain TLS ciphers.
-I could use some help explaining this one!
-
-=end comment
-
-=back
 
 =back
 
@@ -234,6 +206,7 @@ EVP_CIPHER_CTX_free().
 
 EVP_CIPHER_meth_set_ctrl() sets the control function for B<cipher>.
 
+=head1 RETURN VALUES
 
 EVP_CIPHER_meth_get_input_blocksize(), EVP_CIPHER_meth_get_result_size(),
 EVP_CIPHER_meth_get_app_datasize(), EVP_CIPHER_meth_get_flags(),

doc/crypto/EVP_DigestInit.pod

@@ -32,7 +32,7 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
 
  int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
 
- #define EVP_MAX_MD_SIZE 64	/* SHA512 */
+ #define EVP_MAX_MD_SIZE 64     /* SHA512 */
 
  int EVP_MD_type(const EVP_MD *md);
  int EVP_MD_pkey_type(const EVP_MD *md);        
@@ -213,15 +213,15 @@ digest name passed on the command line.
  int md_len, i;
 
  if(!argv[1]) {
- 	printf("Usage: mdtest digestname\n");
+        printf("Usage: mdtest digestname\n");
-	exit(1);
+        exit(1);
  }
 
  md = EVP_get_digestbyname(argv[1]);
 
  if(!md) {
- 	printf("Unknown message digest %s\n", argv[1]);
+        printf("Unknown message digest %s\n", argv[1]);
-	exit(1);
+        exit(1);
  }
 
  mdctx = EVP_MD_CTX_new();
@@ -233,7 +233,7 @@ digest name passed on the command line.
 
  printf("Digest is: ");
  for(i = 0; i < md_len; i++)
- 	printf("%02x", md_value[i]);
+        printf("%02x", md_value[i]);
  printf("\n");
 
  exit(0);

doc/crypto/EVP_DigestSignInit.pod

@@ -9,7 +9,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing func
  #include <openssl/evp.h>
 
  int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
  int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
  int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
 

doc/crypto/EVP_DigestVerifyInit.pod

@@ -9,7 +9,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signat
  #include <openssl/evp.h>
 
  int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
  int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
  int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen);
 

doc/crypto/EVP_EncryptInit.pod

@@ -40,14 +40,14 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
  void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
 
  int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-	 ENGINE *impl, unsigned char *key, unsigned char *iv);
+         ENGINE *impl, unsigned char *key, unsigned char *iv);
  int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
  int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl);
 
  int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-	 ENGINE *impl, unsigned char *key, unsigned char *iv);
+         ENGINE *impl, unsigned char *key, unsigned char *iv);
  int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
  int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
@@ -83,12 +83,12 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
  #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
  #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
 
- #define EVP_CIPHER_nid(e)		((e)->nid)
+ #define EVP_CIPHER_nid(e)              ((e)->nid)
- #define EVP_CIPHER_block_size(e)	((e)->block_size)
+ #define EVP_CIPHER_block_size(e)       ((e)->block_size)
- #define EVP_CIPHER_key_length(e)	((e)->key_len)
+ #define EVP_CIPHER_key_length(e)       ((e)->key_len)
- #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
+ #define EVP_CIPHER_iv_length(e)                ((e)->iv_len)
- #define EVP_CIPHER_flags(e)		((e)->flags)
+ #define EVP_CIPHER_flags(e)            ((e)->flags)
- #define EVP_CIPHER_mode(e)		((e)->flags) & EVP_CIPH_MODE)
+ #define EVP_CIPHER_mode(e)             ((e)->flags) & EVP_CIPH_MODE)
  int EVP_CIPHER_type(const EVP_CIPHER *ctx);
 
  const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
@@ -384,13 +384,13 @@ bits and 12 rounds.
 
 AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
 These ciphers require additional control operations to function correctly: see
-the L</GCM and OCB modes> section below for details.
+the L</GCM and OCB Modes> section below for details.
 
 =item EVP_aes_128_ocb(void), EVP_aes_192_ocb(void), EVP_aes_256_ocb(void)
 
 Offset Codebook Mode (OCB) for 128, 192 and 256 bit keys respectively.
 These ciphers require additional control operations to function correctly: see
-the L</GCM and OCB modes> section below for details.
+the L</GCM and OCB Modes> section below for details.
 
 =item EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm()
 
@@ -526,46 +526,46 @@ for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
 Encrypt a string using IDEA:
 
  int do_crypt(char *outfile)
-	{
+        {
-	unsigned char outbuf[1024];
+        unsigned char outbuf[1024];
-	int outlen, tmplen;
+        int outlen, tmplen;
-	/* Bogus key and IV: we'd normally set these from
+        /* Bogus key and IV: we'd normally set these from
-	 * another source.
+         * another source.
-	 */
+         */
-	unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+        unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
-	unsigned char iv[] = {1,2,3,4,5,6,7,8};
+        unsigned char iv[] = {1,2,3,4,5,6,7,8};
-	char intext[] = "Some Crypto Text";
+        char intext[] = "Some Crypto Text";
-	EVP_CIPHER_CTX ctx;
+        EVP_CIPHER_CTX ctx;
-	FILE *out;
+        FILE *out;
 
-	ctx = EVP_CIPHER_CTX_new();
+        ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
+        EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
 
-	if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
+        if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
-		{
+                {
-		/* Error */
+                /* Error */
-		return 0;
+                return 0;
-		}
+                }
-	/* Buffer passed to EVP_EncryptFinal() must be after data just
+        /* Buffer passed to EVP_EncryptFinal() must be after data just
-	 * encrypted to avoid overwriting it.
+         * encrypted to avoid overwriting it.
-	 */
+         */
-	if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
+        if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
-		{
+                {
-		/* Error */
+                /* Error */
-		return 0;
+                return 0;
-		}
+                }
-	outlen += tmplen;
+        outlen += tmplen;
-	EVP_CIPHER_CTX_free(ctx);
+        EVP_CIPHER_CTX_free(ctx);
-	/* Need binary mode for fopen because encrypted data is
+        /* Need binary mode for fopen because encrypted data is
-	 * binary data. Also cannot use strlen() on it because
+         * binary data. Also cannot use strlen() on it because
          * it wont be null terminated and may contain embedded
-	 * nulls.
+         * nulls.
-	 */
+         */
-	out = fopen(outfile, "wb");
+        out = fopen(outfile, "wb");
-	fwrite(outbuf, 1, outlen, out);
+        fwrite(outbuf, 1, outlen, out);
-	fclose(out);
+        fclose(out);
-	return 1;
+        return 1;
-	}
+        }
 
 The ciphertext from the above example can be decrypted using the B<openssl>
 utility with the command line (shown on two lines for clarity):
@@ -577,50 +577,50 @@ General encryption and decryption function example using FILE I/O and AES128
 with a 128-bit key:
 
  int do_crypt(FILE *in, FILE *out, int do_encrypt)
- 	{
+        {
-	/* Allow enough space in output buffer for additional block */
+        /* Allow enough space in output buffer for additional block */
-	unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+        unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
-	int inlen, outlen;
+        int inlen, outlen;
-	EVP_CIPHER_CTX *ctx;
+        EVP_CIPHER_CTX *ctx;
-	/* Bogus key and IV: we'd normally set these from
+        /* Bogus key and IV: we'd normally set these from
-	 * another source.
+         * another source.
-	 */
+         */
-	unsigned char key[] = "0123456789abcdeF";
+        unsigned char key[] = "0123456789abcdeF";
-	unsigned char iv[] = "1234567887654321";
+        unsigned char iv[] = "1234567887654321";
 
-	/* Don't set key or IV right away; we want to check lengths */
+        /* Don't set key or IV right away; we want to check lengths */
-	ctx = EVP_CIPHER_CTX_new();
+        ctx = EVP_CIPHER_CTX_new();
-	EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+        EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
-		do_encrypt);
+                do_encrypt);
-	OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
+        OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
-	OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
+        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
 
-	/* Now we can set key and IV */
+        /* Now we can set key and IV */
-	EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
+        EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
 
-	for(;;)
+        for(;;)
-		{
+                {
-		inlen = fread(inbuf, 1, 1024, in);
+                inlen = fread(inbuf, 1, 1024, in);
-		if(inlen <= 0) break;
+                if(inlen <= 0) break;
-		if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
+                if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
-			{
+                        {
-			/* Error */
+                        /* Error */
-			EVP_CIPHER_CTX_free(ctx);
+                        EVP_CIPHER_CTX_free(ctx);
-			return 0;
+                        return 0;
-			}
+                        }
-		fwrite(outbuf, 1, outlen, out);
+                fwrite(outbuf, 1, outlen, out);
-		}
+                }
-	if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
+        if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
-		{
+                {
-		/* Error */
+                /* Error */
-		EVP_CIPHER_CTX_free(ctx);
+                EVP_CIPHER_CTX_free(ctx);
-		return 0;
+                return 0;
-		}
+                }
-	fwrite(outbuf, 1, outlen, out);
+        fwrite(outbuf, 1, outlen, out);
 
-	EVP_CIPHER_CTX_free(ctx);
+        EVP_CIPHER_CTX_free(ctx);
-	return 1;
+        return 1;
-	}
+        }
 
 
 =head1 SEE ALSO

doc/crypto/EVP_OpenInit.pod

@@ -9,7 +9,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
  #include <openssl/evp.h>
 
  int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
-		int ekl,unsigned char *iv,EVP_PKEY *priv);
+                int ekl,unsigned char *iv,EVP_PKEY *priv);
  int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
          int *outl, unsigned char *in, int inl);
  int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,

doc/crypto/EVP_PKEY_CTX_ctrl.pod

@@ -16,9 +16,9 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
  #include <openssl/evp.h>
 
  int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
-				int cmd, int p1, void *p2);
+                                int cmd, int p1, void *p2);
  int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-						const char *value);
+                                                const char *value);
 
  #include <openssl/rsa.h>
 

doc/crypto/EVP_PKEY_decrypt.pod

@@ -10,8 +10,8 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
 
  int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
+                        unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen);
+                        const unsigned char *in, size_t inlen);
 
 =head1 DESCRIPTION
 
@@ -57,23 +57,23 @@ Decrypt data using OAEP (for RSA keys):
   */
  ctx = EVP_PKEY_CTX_new(key);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_decrypt_init(ctx) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
-	/* Error */
+        /* Error */
 
  /* Determine buffer length */
  if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
-	/* Error */
+        /* Error */
 
  out = OPENSSL_malloc(outlen);
 
  if (!out)
-	/* malloc failure */
+        /* malloc failure */
 
  if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
-	/* Error */
+        /* Error */
 
  /* Decrypted data is outlen bytes written to buffer out */
 

doc/crypto/EVP_PKEY_derive.pod

@@ -57,23 +57,23 @@ Derive shared secret (for example DH or EC keys):
 
  ctx = EVP_PKEY_CTX_new(pkey);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_derive_init(ctx) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
-	/* Error */
+        /* Error */
 
  /* Determine buffer length */
  if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
-	/* Error */
+        /* Error */
 
  skey = OPENSSL_malloc(skeylen);
 
  if (!skey)
-	/* malloc failure */
+        /* malloc failure */
 
  if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
-	/* Error */
+        /* Error */
 
  /* Shared secret is skey bytes written to buffer skey */
 

doc/crypto/EVP_PKEY_encrypt.pod

@@ -10,8 +10,8 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
 
  int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
+                        unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen);
+                        const unsigned char *in, size_t inlen);
 
 =head1 DESCRIPTION
 
@@ -61,23 +61,23 @@ set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
   */
  ctx = EVP_PKEY_CTX_new(key,eng);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_encrypt_init(ctx) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
-	/* Error */
+        /* Error */
 
  /* Determine buffer length */
  if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
-	/* Error */
+        /* Error */
 
  out = OPENSSL_malloc(outlen);
 
  if (!out)
-	/* malloc failure */
+        /* malloc failure */
 
  if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
-	/* Error */
+        /* Error */
 
  /* Encrypted data is outlen bytes written to buffer out */
 

doc/crypto/EVP_PKEY_keygen.pod

@@ -95,15 +95,15 @@ Generate a 2048 bit RSA key:
  EVP_PKEY *pkey = NULL;
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_keygen_init(ctx) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
-	/* Error */
+        /* Error */
 
  /* Generate key */
  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-	/* Error */
+        /* Error */
 
 Generate a key from a set of parameters:
 
@@ -115,13 +115,13 @@ Generate a key from a set of parameters:
  /* Assumed param is set up already */
  ctx = EVP_PKEY_CTX_new(param);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_keygen_init(ctx) <= 0)
-	/* Error */
+        /* Error */
 
  /* Generate key */
  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-	/* Error */
+        /* Error */
 
 Example of generation callback for OpenSSL public key implementations:
 
@@ -130,19 +130,19 @@ Example of generation callback for OpenSSL public key implementations:
  EVP_PKEY_CTX_set_app_data(ctx, status_bio);
 
  static int genpkey_cb(EVP_PKEY_CTX *ctx)
-	{
+        {
-	char c='*';
+        char c='*';
-	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
-	int p;
+        int p;
-	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-	if (p == 0) c='.';
+        if (p == 0) c='.';
-	if (p == 1) c='+';
+        if (p == 1) c='+';
-	if (p == 2) c='*';
+        if (p == 2) c='*';
-	if (p == 3) c='\n';
+        if (p == 3) c='\n';
-	BIO_write(b,&c,1);
+        BIO_write(b,&c,1);
-	(void)BIO_flush(b);
+        (void)BIO_flush(b);
-	return 1;
+        return 1;
-	}
+        }
 
 =head1 SEE ALSO
 

doc/crypto/EVP_PKEY_print_private.pod

@@ -9,11 +9,11 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public ke
  #include <openssl/evp.h>
 
  int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
+                                int indent, ASN1_PCTX *pctx);
  int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
+                                int indent, ASN1_PCTX *pctx);
  int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
+                                int indent, ASN1_PCTX *pctx);
 
 =head1 DESCRIPTION
 

doc/crypto/EVP_PKEY_sign.pod

@@ -10,8 +10,8 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
 
  int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
-			unsigned char *sig, size_t *siglen,
+                        unsigned char *sig, size_t *siglen,
-			const unsigned char *tbs, size_t tbslen);
+                        const unsigned char *tbs, size_t tbslen);
 
 =head1 DESCRIPTION
 
@@ -66,25 +66,25 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
   */
  ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_sign_init(ctx) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
-	/* Error */
+        /* Error */
 
  /* Determine buffer length */
  if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
-	/* Error */
+        /* Error */
 
  sig = OPENSSL_malloc(siglen);
 
  if (!sig)
-	/* malloc failure */
+        /* malloc failure */
 
  if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
-	/* Error */
+        /* Error */
 
  /* Signature is siglen bytes written to buffer sig */
 

doc/crypto/EVP_PKEY_verify.pod

@@ -10,8 +10,8 @@ EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public ke
 
  int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
-			const unsigned char *sig, size_t siglen,
+                        const unsigned char *sig, size_t siglen,
-			const unsigned char *tbs, size_t tbslen);
+                        const unsigned char *tbs, size_t tbslen);
 
 =head1 DESCRIPTION
 
@@ -60,13 +60,13 @@ Verify signature using PKCS#1 and SHA256 digest:
   */
  ctx = EVP_PKEY_CTX_new(verify_key);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_verify_init(ctx) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
-	/* Error */
+        /* Error */
 
  /* Perform operation */
  ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);

doc/crypto/EVP_PKEY_verify_recover.pod

@@ -10,8 +10,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using
 
  int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
-			unsigned char *rout, size_t *routlen,
+                        unsigned char *rout, size_t *routlen,
-			const unsigned char *sig, size_t siglen);
+                        const unsigned char *sig, size_t siglen);
 
 =head1 DESCRIPTION
 
@@ -65,25 +65,25 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
   */
  ctx = EVP_PKEY_CTX_new(verify_key);
  if (!ctx)
-	/* Error occurred */
+        /* Error occurred */
  if (EVP_PKEY_verify_recover_init(ctx) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
-	/* Error */
+        /* Error */
  if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
-	/* Error */
+        /* Error */
 
  /* Determine buffer length */
  if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
-	/* Error */
+        /* Error */
 
  rout = OPENSSL_malloc(routlen);
 
  if (!rout)
-	/* malloc failure */
+        /* malloc failure */
 
  if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
-	/* Error */
+        /* Error */
 
  /* Recovered data is routlen bytes written to buffer rout */
 

doc/crypto/OBJ_nid2obj.pod

@@ -127,7 +127,7 @@ Create an object for B<commonName>:
 Check if an object is B<commonName>
 
  if (OBJ_obj2nid(obj) == NID_commonName)
-	/* Do something */
+        /* Do something */
 
 Create a new NID and initialize an object from it:
 

doc/crypto/PEM_write_bio_CMS_stream.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
+PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
 
 =head1 SYNOPSIS
 

doc/crypto/PKCS12_create.pod

@@ -9,7 +9,7 @@ PKCS12_create - create a PKCS#12 structure
  #include <openssl/pkcs12.h>
 
  PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
-				int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+                                int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
 
 =head1 DESCRIPTION
 

doc/crypto/PKCS5_PBKDF2_HMAC.pod

@@ -14,8 +14,8 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines w
                        int keylen, unsigned char *out);
 
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
+                           const unsigned char *salt, int saltlen, int iter,
-			   int keylen, unsigned char *out);
+                           int keylen, unsigned char *out);
 
 =head1 DESCRIPTION
 

doc/crypto/RAND_set_rand_method.pod

@@ -42,7 +42,7 @@ API is being used, so this function is no longer recommended.
         void (*cleanup)(void);
         void (*add)(const void *buf, int num, int entropy);
         int (*pseudorand)(unsigned char *buf, int num);
-	int (*status)(void);
+        int (*status)(void);
  } RAND_METHOD;
 
 The components point to method implementations used by (or called by), in order,

doc/crypto/RSA_set_method.pod

@@ -80,56 +80,56 @@ the default method is used.
  typedef struct rsa_meth_st
  {
      /* name of the implementation */
-	const char *name;
+        const char *name;
 
      /* encrypt */
-	int (*rsa_pub_enc)(int flen, unsigned char *from,
+        int (*rsa_pub_enc)(int flen, unsigned char *from,
           unsigned char *to, RSA *rsa, int padding);
 
      /* verify arbitrary data */
-	int (*rsa_pub_dec)(int flen, unsigned char *from,
+        int (*rsa_pub_dec)(int flen, unsigned char *from,
           unsigned char *to, RSA *rsa, int padding);
 
      /* sign arbitrary data */
-	int (*rsa_priv_enc)(int flen, unsigned char *from,
+        int (*rsa_priv_enc)(int flen, unsigned char *from,
           unsigned char *to, RSA *rsa, int padding);
 
      /* decrypt */
-	int (*rsa_priv_dec)(int flen, unsigned char *from,
+        int (*rsa_priv_dec)(int flen, unsigned char *from,
           unsigned char *to, RSA *rsa, int padding);
 
      /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
                                         implementations) */
-	int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
 
      /* compute r = a ^ p mod m (May be NULL for some implementations) */
-	int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
           const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 
      /* called at RSA_new */
-	int (*init)(RSA *rsa);
+        int (*init)(RSA *rsa);
 
      /* called at RSA_free */
-	int (*finish)(RSA *rsa);
+        int (*finish)(RSA *rsa);
 
      /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
       *                            operations, even if p,q,dmp1,dmq1,iqmp
       *                            are NULL
       * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
       */
-	int flags;
+        int flags;
 
-	char *app_data; /* ?? */
+        char *app_data; /* ?? */
 
-	int (*rsa_sign)(int type,
+        int (*rsa_sign)(int type,
-		const unsigned char *m, unsigned int m_length,
+                const unsigned char *m, unsigned int m_length,
-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-	int (*rsa_verify)(int dtype,
+        int (*rsa_verify)(int dtype,
-		const unsigned char *m, unsigned int m_length,
+                const unsigned char *m, unsigned int m_length,
-		const unsigned char *sigbuf, unsigned int siglen,
+                const unsigned char *sigbuf, unsigned int siglen,
-								const RSA *rsa);
+                                                                const RSA *rsa);
      /* keygen. If NULL builtin RSA key generation will be used */
-	int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+        int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
 
  } RSA_METHOD;
 

doc/crypto/SMIME_read_CMS.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- SMIME_read_CMS - parse S/MIME message.
+SMIME_read_CMS - parse S/MIME message.
 
 =head1 SYNOPSIS
 

doc/crypto/SMIME_write_CMS.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
- SMIME_write_CMS - convert CMS structure to S/MIME format.
+SMIME_write_CMS - convert CMS structure to S/MIME format.
 
 =head1 SYNOPSIS
 

doc/crypto/X509_EXTENSION_set_object.pod

@@ -1,3 +1,5 @@
+=pod
+
 =head1 NAME
 
 X509_EXTENSION_set_object, X509_EXTENSION_set_critical,

doc/crypto/X509_NAME_ENTRY_get_object.pod

@@ -60,17 +60,11 @@ X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
 B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
 set first so the relevant field information can be looked up internally.
 
-=head1 RETURN VALUES
-
 =head1 SEE ALSO
 
 L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>,
 L<OBJ_nid2obj(3)>
 
-=head1 HISTORY
-
-TBA
-
 =cut
 
 =head1 COPYRIGHT

doc/crypto/X509_NAME_add_entry_by_txt.pod

@@ -80,16 +80,16 @@ Create an B<X509_NAME> structure:
  X509_NAME *nm;
  nm = X509_NAME_new();
  if (nm == NULL)
-	/* Some error */
+        /* Some error */
  if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
-			"UK", -1, -1, 0))
+                        "UK", -1, -1, 0))
-	/* Error */
+        /* Error */
  if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
-			"Disorganized Organization", -1, -1, 0))
+                        "Disorganized Organization", -1, -1, 0))
-	/* Error */
+        /* Error */
  if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
-			"Joe Bloggs", -1, -1, 0))
+                        "Joe Bloggs", -1, -1, 0))
-	/* Error */
+        /* Error */
 
 =head1 RETURN VALUES
 

doc/crypto/X509_NAME_get_index_by_NID.pod

@@ -76,10 +76,10 @@ Process all entries:
  X509_NAME_ENTRY *e;
 
  for (i = 0; i < X509_NAME_entry_count(nm); i++)
-	{
+        {
-	e = X509_NAME_get_entry(nm, i);
+        e = X509_NAME_get_entry(nm, i);
-	/* Do something with e */
+        /* Do something with e */
-	}
+        }
 
 Process all commonName entries:
 
@@ -88,13 +88,13 @@ Process all commonName entries:
 
  loc = -1;
  for (;;)
-	{
+        {
-	lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
-	if (lastpos == -1)
+        if (lastpos == -1)
-		break;
+                break;
-	e = X509_NAME_get_entry(nm, lastpos);
+        e = X509_NAME_get_entry(nm, lastpos);
-	/* Do something with e */
+        /* Do something with e */
-	}
+        }
 
 =head1 RETURN VALUES
 

doc/crypto/X509_NAME_print_ex.pod

@@ -11,7 +11,7 @@ X509_NAME_oneline - X509_NAME printing routines.
 
  int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
  int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
- char *	X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
  int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 
 =head1 DESCRIPTION

doc/crypto/X509_STORE_CTX_new.pod

@@ -24,7 +24,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
  void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 
  int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-			 X509 *x509, STACK_OF(X509) *chain);
+                         X509 *x509, STACK_OF(X509) *chain);
 
  void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 

doc/crypto/X509_STORE_CTX_set_verify_cb.pod

@@ -14,7 +14,7 @@ X509_STORE_CTX_set_verify_cb - get and set verification callback
  X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
 
  void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-				   X509_STORE_CTX_verify_cb verify_cb);
+                                   X509_STORE_CTX_verify_cb verify_cb);
 
 =head1 DESCRIPTION
 
@@ -68,92 +68,92 @@ X509_STORE_CTX_set_verify_cb() does not return a value.
 Default callback operation:
 
  int verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
+        {
-	return ok;
+        return ok;
-	}
+        }
 
 Simple example, suppose a certificate in the chain is expired and we wish
 to continue after this error:
 
  int verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
+        {
-	/* Tolerate certificate expiration */
+        /* Tolerate certificate expiration */
-	if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
-			return 1;
+                        return 1;
-	/* Otherwise don't override */
+        /* Otherwise don't override */
-	return ok;
+        return ok;
-	}
+        }
 
 More complex example, we don't wish to continue after B<any> certificate has
 expired just one specific case:
 
  int verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
+        {
-	int err = X509_STORE_CTX_get_error(ctx);
+        int err = X509_STORE_CTX_get_error(ctx);
-	X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
-	if (err == X509_V_ERR_CERT_HAS_EXPIRED)
+        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
-		{
+                {
-		if (check_is_acceptable_expired_cert(err_cert)
+                if (check_is_acceptable_expired_cert(err_cert)
-			return 1;
+                        return 1;
-		}
+                }
-	return ok;
+        return ok;
-	}
+        }
 
 Full featured logging callback. In this case the B<bio_err> is assumed to be
 a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
 B<ex_data>.
 
  int verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
+        {
-	X509 *err_cert;
+        X509 *err_cert;
-	int err,depth;
+        int err,depth;
 
-	err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
-	err =	X509_STORE_CTX_get_error(ctx);
+        err =   X509_STORE_CTX_get_error(ctx);
-	depth =	X509_STORE_CTX_get_error_depth(ctx);
+        depth = X509_STORE_CTX_get_error_depth(ctx);
 
-	BIO_printf(bio_err,"depth=%d ",depth);
+        BIO_printf(bio_err,"depth=%d ",depth);
-	if (err_cert)
+        if (err_cert)
-		{
+                {
-		X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
-					0, XN_FLAG_ONELINE);
+                                        0, XN_FLAG_ONELINE);
-		BIO_puts(bio_err, "\n");
+                BIO_puts(bio_err, "\n");
-		}
+                }
-	else
+        else
-		BIO_puts(bio_err, "<no cert>\n");
+                BIO_puts(bio_err, "<no cert>\n");
-	if (!ok)
+        if (!ok)
-		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
-			X509_verify_cert_error_string(err));
+                        X509_verify_cert_error_string(err));
-	switch (err)
+        switch (err)
-		{
+                {
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		BIO_puts(bio_err,"issuer= ");
+                BIO_puts(bio_err,"issuer= ");
-		X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
-					0, XN_FLAG_ONELINE);
+                                        0, XN_FLAG_ONELINE);
-		BIO_puts(bio_err, "\n");
+                BIO_puts(bio_err, "\n");
-		break;
+                break;
-	case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_CERT_NOT_YET_VALID:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		BIO_printf(bio_err,"notBefore=");
+                BIO_printf(bio_err,"notBefore=");
-		ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
+                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
-		BIO_printf(bio_err,"\n");
+                BIO_printf(bio_err,"\n");
-		break;
+                break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_CERT_HAS_EXPIRED:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		BIO_printf(bio_err,"notAfter=");
+                BIO_printf(bio_err,"notAfter=");
-		ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
+                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
-		BIO_printf(bio_err,"\n");
+                BIO_printf(bio_err,"\n");
-		break;
+                break;
-	case X509_V_ERR_NO_EXPLICIT_POLICY:
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
-		policies_print(bio_err, ctx);
+                policies_print(bio_err, ctx);
-		break;
+                break;
-		}
+                }
-	if (err == X509_V_OK && ok == 2)
+        if (err == X509_V_OK && ok == 2)
-		/* print out policies */
+                /* print out policies */
 
-	BIO_printf(bio_err,"verify return:%d\n",ok);
+        BIO_printf(bio_err,"verify return:%d\n",ok);
-	return(ok);
+        return(ok);
-	}
+        }
 
 =head1 SEE ALSO