From e1271ac2212f7cde14df478558bfaae2834fa09e Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Mon, 3 Apr 2017 15:39:09 -0400
Subject: [PATCH] Standardize on =over 4 and check for it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
---
 doc/man1/dgst.pod                   |  2 +-
 doc/man1/openssl.pod                | 10 +++++-----
 doc/man1/rehash.pod                 |  2 +-
 doc/man3/ASN1_generate_nconf.pod    |  6 +++---
 doc/man3/BIO_set_callback.pod       |  2 +-
 doc/man3/CT_POLICY_EVAL_CTX_new.pod |  4 ++--
 doc/man3/EVP_CIPHER_meth_new.pod    |  2 +-
 doc/man3/OPENSSL_ia32cap.pod        |  4 ++--
 doc/man3/SCT_new.pod                |  4 ++--
 doc/man3/SCT_validate.pod           |  2 +-
 doc/man3/SSL_get_version.pod        |  2 +-
 doc/man3/d2i_X509.pod               |  2 +-
 doc/man7/des_modes.pod              | 13 ++++++-------
 doc/man7/evp.pod                    |  2 +-
 util/find-doc-nits                  |  2 ++
 15 files changed, 30 insertions(+), 29 deletions(-)

diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 9faaf346b1..677f2b21ef 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -133,7 +133,7 @@ via B<-macopt> parameter.
 Passes options to MAC algorithm, specified by B<-mac> key.
 Following options are supported by both by B<HMAC> and B<gost-mac>:
 
-=over 8
+=over 4
 
 =item B<key:string>
 
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index bfac312c93..7fc53c9bae 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -75,7 +75,7 @@ B<list>, or B<no->I<XXX> itself.)
 
 =head2 Standard Commands
 
-=over 10
+=over 4
 
 =item L<B<asn1parse>|asn1parse(1)>
 
@@ -268,7 +268,7 @@ X.509 Certificate Data Management.
 
 =head2 Message Digest Commands
 
-=over 10
+=over 4
 
 =item B<md2>
 
@@ -314,7 +314,7 @@ SHA-512 Digest
 
 =head2 Encoding and Cipher Commands
 
-=over 10
+=over 4
 
 =item B<base64>
 
@@ -365,7 +365,7 @@ This section describes some common options with common behavior.
 
 =head2 Common Options
 
-=over 10
+=over 4
 
 =item B<-help>
 
@@ -383,7 +383,7 @@ password argument is given and a password is required then the user is
 prompted to enter one: this will typically be read from the current
 terminal with echoing turned off.
 
-=over 10
+=over 4
 
 =item B<pass:password>
 
diff --git a/doc/man1/rehash.pod b/doc/man1/rehash.pod
index 936fda6180..1dca9b5341 100644
--- a/doc/man1/rehash.pod
+++ b/doc/man1/rehash.pod
@@ -107,7 +107,7 @@ By default, B<rehash> only lists each directory as it is processed.
 
 =head1 ENVIRONMENT
 
-=over
+=over 4
 
 =item B<OPENSSL>
 
diff --git a/doc/man3/ASN1_generate_nconf.pod b/doc/man3/ASN1_generate_nconf.pod
index 92f624fa24..bf29af62f7 100644
--- a/doc/man3/ASN1_generate_nconf.pod
+++ b/doc/man3/ASN1_generate_nconf.pod
@@ -30,7 +30,7 @@ The actual data encoded is determined by the string B<str> and
 the configuration information. The general format of the string
 is:
 
-=over 2
+=over 4
 
 =item B<[modifier,]type[:value]>
 
@@ -45,7 +45,7 @@ B<value> and B<modifier> are explained below.
 The supported types are listed below. Unless otherwise specified
 only the B<ASCII> format is permissible.
 
-=over 2
+=over 4
 
 =item B<BOOLEAN>, B<BOOL>
 
@@ -126,7 +126,7 @@ add EXPLICIT or IMPLICIT tagging, add wrappers or to change
 the string format of the final type and value. The supported
 formats are documented below.
 
-=over 2
+=over 4
 
 =item B<EXPLICIT>, B<EXP>
 
diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod
index ed395fa0ab..3d15859406 100644
--- a/doc/man3/BIO_set_callback.pod
+++ b/doc/man3/BIO_set_callback.pod
@@ -52,7 +52,7 @@ BIO_callback_fn_ex() is the type of the callback function and BIO_callback_fn()
 is the type of the old format callback function. The meaning of each argument
 is described below:
 
-=over
+=over 4
 
 =item B<b>
 
diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
index fedc58d08a..7839fd393a 100644
--- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
@@ -32,7 +32,7 @@ This policy may be, for example, that at least one valid SCT is available. To
 determine this, an SCT's timestamp and signature must be verified.
 This requires:
 
-=over
+=over 4
 
 =item * the public key of the log that issued the SCT
 
@@ -49,7 +49,7 @@ The above requirements are met using the setters described below.
 CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
 should then be populated using:
 
-=over
+=over 4
 
 =item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
 
diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod
index 6e18ed5412..ef47f0fdb3 100644
--- a/doc/man3/EVP_CIPHER_meth_new.pod
+++ b/doc/man3/EVP_CIPHER_meth_new.pod
@@ -82,7 +82,7 @@ With the exception of cipher modes, of which only one may be present,
 several flags can be or'd together.
 The available flags are:
 
-=over
+=over 4
 
 =item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
 EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
diff --git a/doc/man3/OPENSSL_ia32cap.pod b/doc/man3/OPENSSL_ia32cap.pod
index 5071659074..7c5fde313d 100644
--- a/doc/man3/OPENSSL_ia32cap.pod
+++ b/doc/man3/OPENSSL_ia32cap.pod
@@ -19,7 +19,7 @@ between different code paths to provide optimal performance across wide
 range of processors. For the moment of this writing following bits are
 significant:
 
-=over
+=over 4
 
 =item bit #4 denoting presence of Time-Stamp Counter.
 
@@ -86,7 +86,7 @@ are applied, most notably in AES assembler module.
 The capability vector is further extended with EBX value returned by
 CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
 
-=over
+=over 4
 
 =item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
 
diff --git a/doc/man3/SCT_new.pod b/doc/man3/SCT_new.pod
index 086e389ff4..23595e1056 100644
--- a/doc/man3/SCT_new.pod
+++ b/doc/man3/SCT_new.pod
@@ -84,7 +84,7 @@ An internal representation of an SCT can be created in one of two ways.
 The first option is to create a blank SCT, using SCT_new(), and then populate
 it using:
 
-=over
+=over 4
 
 =item * SCT_set_version() to set the SCT version.
 
@@ -117,7 +117,7 @@ The former takes ownership, whereas the latter makes a copy.
 Alternatively, the SCT can be pre-populated from the following data using
 SCT_new_from_base64():
 
-=over
+=over 4
 
 =item * The SCT version (only SCT_VERSION_V1 is currently supported).
 
diff --git a/doc/man3/SCT_validate.pod b/doc/man3/SCT_validate.pod
index 9868a282b5..3c03e97287 100644
--- a/doc/man3/SCT_validate.pod
+++ b/doc/man3/SCT_validate.pod
@@ -31,7 +31,7 @@ SCT_get_validation_status().
 
 A CT_POLICY_EVAL_CTX must be provided that specifies:
 
-=over
+=over 4
 
 =item * The certificate the SCT was issued for.
 
diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod
index e0ff960281..f8dd85e17f 100644
--- a/doc/man3/SSL_get_version.pod
+++ b/doc/man3/SSL_get_version.pod
@@ -64,7 +64,7 @@ This indicates that no version has been set (no connection established).
 SSL_version() and SSL_client_version() return an integer which could include any of
 the following:
 
-=over 5
+=over 4
 
 =item SSL3_VERSION
 
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index da5386b743..f78d02065c 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -436,7 +436,7 @@ another will be processed after it.
 
 The following points about the data types might be useful:
 
-=over
+=over 4
 
 =item B<ASN1_OBJECT>
 
diff --git a/doc/man7/des_modes.pod b/doc/man7/des_modes.pod
index 89f14b890c..12001e675f 100644
--- a/doc/man7/des_modes.pod
+++ b/doc/man7/des_modes.pod
@@ -16,7 +16,7 @@ other things.
 
 Normally, this is found as the function I<algorithm>_ecb_encrypt().
 
-=over 2
+=over 4
 
 =item *
 
@@ -43,7 +43,7 @@ Normally, this is found as the function I<algorithm>_cbc_encrypt().
 Be aware that des_cbc_encrypt() is not really DES CBC (it does
 not update the IV); use des_ncbc_encrypt() instead.
 
-=over 2
+=over 4
 
 =item *
 
@@ -75,7 +75,7 @@ An error will affect the current and the following ciphertext blocks.
 
 Normally, this is found as the function I<algorithm>_cfb_encrypt().
 
-=over 2
+=over 4
 
 =item *
 
@@ -122,7 +122,7 @@ An error will affect the current and the following ciphertext variables.
 
 Normally, this is found as the function I<algorithm>_ofb_encrypt().
 
-=over 2
+=over 4
 
 
 =item *
@@ -183,7 +183,7 @@ susceptible to a 'known plaintext' attack.
 
 Normally, this is found as the function I<algorithm>_ecb3_encrypt().
 
-=over 2
+=over 4
 
 =item *
 
@@ -218,8 +218,7 @@ ecb mode.
 
 Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
 
-=over 2
-
+=over 4
 
 =item *
 
diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod
index 9c9cbe05a6..fbc357eb48 100644
--- a/doc/man7/evp.pod
+++ b/doc/man7/evp.pod
@@ -36,7 +36,7 @@ L<EVP_PKEY_print_private(3)>.
 
 The EVP_PKEY functions support the full range of asymmetric algorithm operations:
 
-=over
+=over 4
 
 =item For key agreement see L<EVP_PKEY_derive(3)>
 
diff --git a/util/find-doc-nits b/util/find-doc-nits
index ff2409110a..9befeb996d 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -162,6 +162,8 @@ sub check()
         if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
     print "$id Duplicate $1 in L<>\n"
         if $contents =~ /L<([^>]*)\|([^>]*)>/ && $1 eq $2;
+    print "$id Bad =over $1\n"
+        if $contents =~ /=over([^ ][^4])/;
 
     # Look for multiple consecutive openssl #include lines.
     # Consecutive because of files like md5.pod. Sometimes it's okay
-- 
2.40.0