INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout

Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12232)
2025-05-10 16:39:40 +00:00 · 2020-06-23 08:38:24 +02:00 · 2020-06-23 08:38:24 +02:00 · 9afbb681ec
commit 9afbb681ec
parent 3a0b3cc905
2 changed files with 124 additions and 120 deletions
--- a/INSTALL.md
+++ b/INSTALL.md
@ -130,8 +130,8 @@ determined by the user.
    [[ options ]]
-Note that the notation assumes spaces around {, }, [, ], {{, }} and
+Note that the notation assumes spaces around `{`, `}`, `[`, `]`, `{{`, `}}` and
-[[, ]].  This is to differentiate from OpenVMS directory
+`[[`, `]]`.  This is to differentiate from OpenVMS directory
 specifications, which also use [ and ], but without spaces.
 Quick Installation Guide
@ -175,10 +175,10 @@ and issue the following commands to build OpenSSL.
 As mentioned in the [Choices](#choices) section, you need to pick one
 of the four Configure targets in the first command.
-Most likely you will be using the VC-WIN64A target for 64bit Windows
+Most likely you will be using the `VC-WIN64A` target for 64bit Windows
-binaries (AMD64) or VC-WIN32 for 32bit Windows binaries (X86).
+binaries (AMD64) or `VC-WIN32` for 32bit Windows binaries (X86).
-The other two options are VC_WIN64I (Intel IA64, Itanium) and
+The other two options are `VC-WIN64I` (Intel IA64, Itanium) and
-VC-CE (Windows CE) are rather uncommon nowadays.
+`VC-CE` (Windows CE) are rather uncommon nowadays.
 Installing OpenSSL
 ------------------
@ -262,7 +262,7 @@ for 32bit binaries on 64bit Windows (WOW64).
 #### Installing to a different location
 To install OpenSSL to a different location (for example into your home
-directory for testing purposes) run Configure as shown in the following
+directory for testing purposes) run `Configure` as shown in the following
 examples.
 On Unix:
@ -281,10 +281,10 @@ in otherwise unexpected ways.
 Configuration Options
 =====================
-There are several options to ./Configure to customize the build (note that
+There are several options to `./Configure` to customize the build (note that
-for Windows, the defaults for `--prefix` and `--openssldir` depend in what
+for Windows, the defaults for `--prefix` and `--openssldir` depend on what
 configuration is used and what Windows implementation OpenSSL is built on.
-More notes on this in NOTES.WIN):
+More notes on this in [NOTES.WIN](NOTES.WIN)):
 API Level
 ---------
@ -307,12 +307,12 @@ If `--api` isn't given, it defaults to the current (minor) OpenSSL version.
 Cross Compile Prefix
 --------------------
-    --cross-compile-prefix=PREFIX
+    --cross-compile-prefix=<PREFIX>
-The PREFIX to include in front of commands for your toolchain.
+The `<PREFIX>` to include in front of commands for your toolchain.
-It is likely to have to end with dash, e.g.  a-b-c- would invoke GNU compiler
+It is likely to have to end with dash, e.g. `a-b-c-` would invoke GNU compiler
-as a-b-c-gcc, etc.  Unfortunately cross-compiling is too case-specific to put
+as `a-b-c-gcc`, etc.  Unfortunately cross-compiling is too case-specific to put
 together one-size-fits-all instructions.  You might have to pass more flags or
 set up environment variables to actually make it work.  Android and iOS cases
 are discussed in corresponding `Configurations/15-*.conf` files.  But there are
@ -348,9 +348,9 @@ Directories
 The name of the directory under the top of the installation directory tree
 (see the `--prefix` option) where libraries will be installed.  By default
-this is "lib". Note that on Windows only static libraries (`*.lib`) will
+this is `lib/`. Note that on Windows only static libraries (`*.lib`) will
 be stored in this location. Shared libraries (`*.dll`) will always be
-installed to the "bin" directory.
+installed to the `bin/` directory.
 ### openssldir
@ -406,12 +406,12 @@ If not provided the system library path will be used.
 **On Windows:** this is the filename of the zlib library (with or
 without a path).  This flag must be provided if the
-[zlib-dynamic](#zlib-dynamic) option is not also used.  If zlib-dynamic is used
+[zlib-dynamic](#zlib-dynamic) option is not also used. If `zlib-dynamic` is used
-then this flag is optional and defaults to "ZLIB1" if not provided.
+then this flag is optional and defaults to `ZLIB1` if not provided.
 **On VMS:** this is the filename of the zlib library (with or without a path).
-This flag is optional and if not provided then "GNV$LIBZSHR", "GNV$LIBZSHR32"
+This flag is optional and if not provided then `GNV$LIBZSHR`, `GNV$LIBZSHR32`
-or "GNV$LIBZSHR64" is used by default depending on the pointer size chosen.
+or `GNV$LIBZSHR64` is used by default depending on the pointer size chosen.
 Seeding the Random Generator
 ----------------------------
@ -436,8 +436,8 @@ Use the [getrandom(2)][man-getrandom] or equivalent system call.
 ### devrandom
-Use the first device from the DEVRANDOM list which can be opened to read
+Use the first device from the `DEVRANDOM` list which can be opened to read
-random bytes.  The DEVRANDOM preprocessor constant expands to
+random bytes.  The `DEVRANDOM` preprocessor constant expands to
    "/dev/urandom","/dev/random","/dev/srandom"
@ -449,7 +449,7 @@ Check for an entropy generating daemon.
 ### rdcpu
-Use the RDSEED or RDRAND command if provided by the CPU.
+Use the `RDSEED` or `RDRAND` command if provided by the CPU.
 ### librandom
@ -468,15 +468,15 @@ at the end of this document.
 Enable and Disable Features
 ---------------------------
-Feature options always come in pairs, an option to enable feature xxxx, and
+Feature options always come in pairs, an option to enable feature `xxxx`, and
 and option to disable it:
    [ enable-xxxx | no-xxxx ]
 Whether a feature is enabled or disabled by default, depends on the feature.
 In the following list, always the non-default variant is documented: if
-feature xxxx is disabled by default then enable-xxxx is documented and
+feature `xxxx` is disabled by default then `enable-xxxx` is documented and
-if feature xxxx is enabled by default then no-xxxx is documented.
+if feature `xxxx` is enabled by default then `no-xxxx` is documented.
 ### no-afalgeng
@ -532,8 +532,8 @@ Don't automatically load all supported ciphers and digests.
 Typically OpenSSL will make available all of its supported ciphers and digests.
 For a statically linked application this may be undesirable if small executable
 size is an objective.  This only affects libcrypto.  Ciphers and digests will
-have to be loaded manually using EVP_add_cipher() and EVP_add_digest() if this
+have to be loaded manually using `EVP_add_cipher()` and `EVP_add_digest()`
-option is used.  This option will force a non-shared build.
+if this option is used.  This option will force a non-shared build.
 ### no-autoerrinit
@ -545,7 +545,7 @@ is an objective.
 ### no-autoload-config
-Don't automatically load the default openssl.cnf file.
+Don't automatically load the default `openssl.cnf` file.
 Typically OpenSSL will automatically load a system config file which configures
 default SSL options.
@ -558,7 +558,7 @@ OpenSSL header files are usable standalone with C++.
 Enabling this option demands extra care.  For any compiler flag given directly
 as configuration option, you must ensure that it's valid for both the C and
 the C++ compiler.  If not, the C++ build test will most likely break.  As an
-alternative, you can use the language specific variables, CFLAGS and CXXFLAGS.
+alternative, you can use the language specific variables, `CFLAGS` and `CXXFLAGS`.
 ### no-capieng
@ -568,7 +568,8 @@ This option will be forced if on a platform that does not support CAPI.
 ### no-cmp
-Don't build support for Certificate Management Protocol (CMP).
+Don't build support for Certificate Management Protocol (CMP)
 and Certificate Request Message Format (CRMF).
 ### no-cms
@ -579,11 +580,11 @@ Don't build support for Cryptographic Message Syntax (CMS).
 Don't build support for SSL/TLS compression.
 If this option is enabled (the default), then compression will only work if
-the zlib or zlib-dynamic options are also chosen.
+the zlib or `zlib-dynamic` options are also chosen.
 ### enable-crypto-mdebug
-This now only enables the failed-malloc feature.
+This now only enables the `failed-malloc` feature.
 ### enable-crypto-mdebug-backtrace
@ -613,7 +614,7 @@ Don't build support for loading Dynamic Shared Objects (DSO)
 Build the `/dev/crypto` engine.
 This option is automatically selected on the BSD platform, in which case it can
-be disabled with no-devcryptoeng.
+be disabled with `no-devcryptoeng`.
 ### no-dynamic-engine
@ -707,7 +708,7 @@ Don't generate dependencies.
 Don't build any dynamically loadable engines.
-This also implies 'no-dynamic-engine'.
+This also implies `no-dynamic-engine`.
 ### no-multiblock
@ -729,7 +730,7 @@ Don't build the padlock engine.
 ### no-hw-padlock
-As synonyme for no-padlockeng.  Deprecated and should not be used.
+As synonym for `no-padlockeng`.  Deprecated and should not be used.
 ### no-pic
@ -741,16 +742,17 @@ Don't pin the shared libraries.
 By default OpenSSL will attempt to stay in memory until the process exits.
 This is so that libcrypto and libssl can be properly cleaned up automatically
-via an atexit() handler.  The handler is registered by libcrypto and cleans
+via an `atexit()` handler.  The handler is registered by libcrypto and cleans
-up both libraries.  On some platforms the atexit() handler will run on unload of
+up both libraries.  On some platforms the `atexit()` handler will run on unload of
 libcrypto (if it has been dynamically loaded) rather than at process exit.  This
 option can be used to stop OpenSSL from attempting to stay in memory until the
 process exits.  This could lead to crashes if either libcrypto or libssl have
 already been unloaded at the point that the atexit handler is invoked, e.g.  on a
-platform which calls atexit() on unload of the library, and libssl is unloaded
+platform which calls `atexit()` on unload of the library, and libssl is unloaded
 before libcrypto then a crash is likely to happen.  Applications can suppress
-running of the atexit() handler at run time by using the OPENSSL_INIT_NO_ATEXIT
+running of the `atexit()` handler at run time by using the
-option to OPENSSL_init_crypto().  See the man page for it for further details.
+`OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`.
 See the man page for it for further details.
 ### no-posix-io
@ -801,16 +803,16 @@ the machine code will be executed is taken solely on CPU capability vector.  Thi
 means that if you happen to run OS kernel which does not support SSE2 extension
 on Intel P4 processor, then your application might be exposed to "illegal
 instruction" exception.  There might be a way to enable support in kernel, e.g.
-FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and there is a way to
+FreeBSD kernel can be compiled with `CPU_ENABLE_SSE`, and there is a way to
 disengage SSE2 code paths upon application start-up, but if you aim for wider
-"audience" running such kernel, consider no-sse2.  Both the 386 and no-asm
+"audience" running such kernel, consider `no-sse2`.  Both the `386` and `no-asm`
-options imply no-sse2.
+options imply `no-sse2`.
 ### enable-ssl-trace
 Build with the SSL Trace capabilities.
-This adds the "-trace" option to s_client and s_server.
+This adds the `-trace` option to `s_client` and `s_server`.
 ### no-static-engine
@ -856,8 +858,8 @@ Don't build Time Stamping (TS) Authority support.
 Build with the Undefined Behaviour sanitiser (UBSAN).
 This is a developer option only.  It may not work on all platforms and should
-never be used in production environments.  It will only work when used with gcc
+never be used in production environments.  It will only work when used with
-or clang and should be used in conjunction with the `-DPEDANTIC` option
+gcc or clang and should be used in conjunction with the `-DPEDANTIC` option
 (or the `--strict-warnings` option).
 ### no-ui-console
@ -907,9 +909,10 @@ accompanied by a corresponding compiler-specific option.
 Don't build support for negotiating the specified SSL/TLS protocol.
-If "no-tls" is selected then all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
+If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3`
-Similarly "no-dtls" will disable dtls1 and dtls1_2.  The "no-ssl" option is
+are disabled.
-synonymous with "no-ssl3".  Note this only affects version negotiation.
+Similarly `no-dtls` will disable `dtls1` and `dtls1_2`.  The `no-ssl` option is
 synonymous with `no-ssl3`.  Note this only affects version negotiation.
 OpenSSL will still provide the methods for applications to explicitly select
 the individual protocol versions.
@ -917,13 +920,13 @@ the individual protocol versions.
    no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method
-Analogous to no-{protocol} but in addition do not build the methods for
+Analogous to `no-{protocol}` but in addition do not build the methods for
 applications to explicitly select individual protocol versions.  Note that there
-is no "no-tls1_3-method" option because there is no application method for
+is no `no-tls1_3-method` option because there is no application method for
 TLSv1.3.
 Using individual protocol methods directly is deprecated.  Applications should
-use TLS_method() instead.
+use `TLS_method()` instead.
 ### enable-{algorithm}
@ -940,7 +943,7 @@ Build with support for the specified algorithm.
 Build without support for the specified algorithm.
-The "ripemd" algorithm is deprecated and if used is synonymous with rmd160.
+The `ripemd` algorithm is deprecated and if used is synonymous with `rmd160`.
 ### Compiler-specific options
@ -961,12 +964,12 @@ below and how these flags interact with those variables.
 Additional options that are not otherwise recognised are passed through as
 they are to the compiler as well.  Unix-style options beginning with a
-'-' or '+' and Windows-style options beginning with a '/' are recognized.
+`-` or `+` and Windows-style options beginning with a `/` are recognized.
 Again, consult your compiler documentation.
 If the option contains arguments separated by spaces, then the URL-style
-notation %20 can be used for the space character in order to avoid having
+notation `%20` can be used for the space character in order to avoid having
-to quote the option.  For example, -opt%20arg gets expanded to -opt arg.
+to quote the option.  For example, `-opt%20arg` gets expanded to `-opt arg`.
 In fact, any ASCII character can be encoded as %xx using its hexadecimal
 encoding.
@ -977,7 +980,7 @@ below and how these flags interact with those variables.
    VAR=value
-Assign the given value to the environment variable VAR for Configure.
+Assign the given value to the environment variable `VAR` for `Configure`.
 These work just like normal environment variable assignments, but are supported
 on all platforms and are confined to the configuration scripts only.
@ -1038,7 +1041,7 @@ for the following:
    AR, CC, CXX, CROSS_COMPILE, HASHBANGPERL, PERL, RANLIB, RC, and WINDRES
-For example, the following command will not see -DBAR:
+For example, the following command will not see `-DBAR`:
    $ CPPFLAGS=-DBAR ./Configure -DCOOKIE
@ -1046,9 +1049,9 @@ However, the following will see both set variables:
    $ CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- ./Configure -DCOOKIE
-If CC is set, it is advisable to also set CXX to ensure both the C and C++
+If `CC` is set, it is advisable to also set `CXX` to ensure both the C and C++
 compiler are in the same "family".  This becomes relevant with
-'enable-external-tests' and 'enable-buildtest-c++'.
+`enable-external-tests` and `enable-buildtest-c++`.
 ### Reconfigure
@ -1058,9 +1061,9 @@ compiler are in the same "family".  This becomes relevant with
 Reconfigure from earlier data.
 This fetches the previous command line options and environment from data
-saved in "configdata.pm" and runs the configuration process again, using
+saved in `configdata.pm` and runs the configuration process again, using
 these options and environment.  Note: NO other option is permitted together
-with "reconf".  Note: The original configuration saves away values for ALL
+with `reconf`.  Note: The original configuration saves away values for ALL
 environment variables that were used, and if they weren't defined, they are
 still saved away with information that they weren't originally defined.
 This information takes precedence over environment variables that are
@ -1070,7 +1073,7 @@ Displaying configuration data
 -----------------------------
 The configuration script itself will say very little, and finishes by
-creating "configdata.pm".  This perl module can be loaded by other scripts
+creating `configdata.pm`.  This perl module can be loaded by other scripts
 to find all the configuration data, and it can also be used as a script to
 display all sorts of configuration data in a human readable form.
@ -1123,9 +1126,9 @@ For the remainder of this text, the Unix form will be used in all examples.
 Please use the appropriate form for your platform.
 Pick a suitable name from the list that matches your system.  For most
-operating systems there is a choice between using "cc" or "gcc".
+operating systems there is a choice between using cc or gcc.
 When you have identified your system (and if necessary compiler) use this
-name as the argument to Configure.  For example, a "linux-elf" user would
+name as the argument to `Configure`.  For example, a `linux-elf` user would
 run:
    $ ./Configure linux-elf [[ options ]]
@ -1133,19 +1136,19 @@ run:
 ### Creating your own Configuration
 If your system isn't listed, you will have to create a configuration
-file named Configurations/{{ something }}.conf and add the correct
+file named `Configurations/{{ something }}.conf` and add the correct
 configuration for your system.  See the available configs as examples
 and read [Configurations/README](Configurations/README)
 and [Configurations/README.design](Configurations/README.design)
 for more information.
-The generic configurations "cc" or "gcc" should usually work on 32 bit
+The generic configurations `cc` or `gcc` should usually work on 32 bit
 Unix-like systems.
-Configure creates a build file (`Makefile` on Unix, `makefile` on Windows
+`Configure` creates a build file (`Makefile` on Unix, `makefile` on Windows
-and `descrip.mms` on OpenVMS) from a suitable template in Configurations,
+and `descrip.mms` on OpenVMS) from a suitable template in `Configurations/`,
-and defines various macros in include/openssl/configuration.h (generated
+and defines various macros in `include/openssl/configuration.h` (generated
-from include/openssl/configuration.h.in).
+from `include/openssl/configuration.h.in`.
 ### Out of Tree Builds
@ -1173,7 +1176,7 @@ directory and invoking the configuration commands from there.
    $ cd \temp-openssl
    $ perl d:\PATH\TO\OPENSSL\SOURCE\Configure [[ options ]]
-Paths can be relative just as well as absolute.  Configure will do its best
+Paths can be relative just as well as absolute.  `Configure` will do its best
 to translate them to relative paths whenever possible.
 Build OpenSSL
@ -1185,10 +1188,10 @@ Build OpenSSL by running:
    $ mms                                            ! (or mmk) OpenVMS
    $ nmake                                          # Windows
-This will build the OpenSSL libraries (libcrypto.a and libssl.a on
+This will build the OpenSSL libraries (`libcrypto.a` and `libssl.a` on
 Unix, corresponding on other platforms) and the OpenSSL binary
-("openssl").  The libraries will be built in the top-level directory,
+(`openssl`).  The libraries will be built in the top-level directory,
-and the binary will be in the "apps" subdirectory.
+and the binary will be in the `apps/` subdirectory.
 If the build fails, take a look at the [Build Failures](#build-failures)
 subsection of the [Troubleshooting](#troubleshooting) section.
@ -1221,7 +1224,7 @@ Note that in order to perform the install step above you need to have
 appropriate permissions to write to the installation directory.
 The above commands will install all the software components in this
-directory tree under PREFIX (the directory given with `--prefix` or
+directory tree under `<PREFIX>` (the directory given with `--prefix` or
 its default):
 ### Unix / Linux / macOS
@ -1248,8 +1251,8 @@ its default):
 ### OpenVMS
-'arch' is replaced with the architecture name, "Alpha" or "ia64",
+'arch' is replaced with the architecture name, `Alpha` or `ia64`,
-'sover' is replaced with the shared library version (0101 for 1.1), and
+'sover' is replaced with the shared library version (`0101` for 1.1), and
 'pz' is replaced with the pointer size OpenSSL was built with:
    [.EXE.'arch']  Contains the openssl binary.
@ -1333,7 +1336,7 @@ Environment Variables
 A number of environment variables can be used to provide additional control
 over the build process.  Typically these should be defined prior to running
-Configure.  Not all environment variables are relevant to all platforms.
+`Configure`.  Not all environment variables are relevant to all platforms.
    AR
                   The name of the ar executable to use.
@ -1349,7 +1352,7 @@ Configure.  Not all environment variables are relevant to all platforms.
                   The compiler to use. Configure will attempt to pick a default
                   compiler for your platform but this choice can be overridden
                   using this variable. Set it to the compiler executable you wish
-                   to use, e.g. "gcc" or "clang".
+                   to use, e.g. gcc or clang.
    CROSS_COMPILE
                   This environment variable has the same meaning as for the
@ -1403,7 +1406,7 @@ Configure.  Not all environment variables are relevant to all platforms.
 Makefile Targets
 ----------------
-The Configure script generates a Makefile in a format relevant to the specific
+The `Configure` script generates a Makefile in a format relevant to the specific
 platform.  The Makefiles provide a number of targets that can be used.  Not all
 targets may be available on all platforms.  Only the most common targets are
 described here.  Examine the Makefiles themselves for the full list.
@ -1486,11 +1489,12 @@ cases it does not succeed. You will see a message like the following:
    Operating system: x86-whatever-minix
    This system (minix) is not supported. See file INSTALL for details.
-Even if the automatic target selection by the `./Configure` script fails, chances
+Even if the automatic target selection by the `./Configure` script fails,
-are that you still might find a suitable target in the Configurations directory,
+chances are that you still might find a suitable target in the `Configurations`
-which you can supply to the `./Configure` command, possibly after some adjustment.
+directory, which you can supply to the `./Configure` command,
 possibly after some adjustment.
-The Configurations directory contains a lot of examples of such targets.
+The `Configurations/` directory contains a lot of examples of such targets.
 The main configuration file is [10-main.conf][], which contains all targets that
 are officially supported by the OpenSSL team. Other configuration files contain
 targets contributed by other OpenSSL users. The list of targets can be found in
@ -1510,11 +1514,11 @@ a Perl list `my %targets = ( ... )`.
 If you call `./Configure` without arguments, it will give you a list of all
 known targets. Using `grep`, you can lookup the target definition in the
-Configurations directory. For example the "android-x86_64" can be found in
+`Configurations/` directory. For example the `android-x86_64` can be found in
-Configurations/15-android.conf.
+[Configurations/15-android.conf](Configurations/15-android.conf).
 The directory contains two README files, which explain the general syntax and
-design of the configurations files.
+design of the configuration files.
 - [Configurations/README](Configurations/README)
 - [Configurations/README.design](Configurations/README.design)
@ -1565,7 +1569,7 @@ build.  Use this command:
    $ nmake clean                                    # Windows
 Assembler error messages can sometimes be sidestepped by using the
-"no-asm" configuration option.
+`no-asm` configuration option.
 Compiling parts of OpenSSL with gcc and others with the system compiler will
 result in unresolved symbols on some systems.
@ -1602,58 +1606,58 @@ Notes
 Notes on multi-threading
 ------------------------
-For some systems, the OpenSSL Configure script knows what compiler options
+For some systems, the OpenSSL `Configure` script knows what compiler options
 are needed to generate a library that is suitable for multi-threaded
 applications.  On these systems, support for multi-threading is enabled
-by default; use the "no-threads" option to disable (this should never be
+by default; use the `no-threads` option to disable (this should never be
 necessary).
 On other systems, to enable support for multi-threading, you will have
-to specify at least two options: "threads", and a system-dependent option.
+to specify at least two options: `threads`, and a system-dependent option.
-(The latter is "-D_REENTRANT" on various systems.)  The default in this
+(The latter is `-D_REENTRANT` on various systems.)  The default in this
 case, obviously, is not to include support for multi-threading (but
-you can still use "no-threads" to suppress an annoying warning message
+you can still use `no-threads` to suppress an annoying warning message
-from the Configure script.)
+from the `Configure` script.)
 OpenSSL provides built-in support for two threading models: pthreads (found on
 most UNIX/Linux systems), and Windows threads.  No other threading models are
 supported.  If your platform does not provide pthreads or Windows threads then
-you should Configure with the "no-threads" option.
+you should use `Configure` with the `no-threads` option.
 Notes on shared libraries
 -------------------------
-For most systems the OpenSSL Configure script knows what is needed to
+For most systems the OpenSSL `Configure` script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems
 the shared libraries will be created by default.  This can be suppressed and
-only static libraries created by using the "no-shared" option.  On systems
+only static libraries created by using the `no-shared` option.  On systems
-where OpenSSL does not know how to build shared libraries the "no-shared"
+where OpenSSL does not know how to build shared libraries the `no-shared`
 option will be forced and only static libraries will be created.
 Shared libraries are named a little differently on different platforms.
 One way or another, they all have the major OpenSSL version number as
-part of the file name, i.e.  for OpenSSL 1.1.x, 1.1 is somehow part of
+part of the file name, i.e.  for OpenSSL 1.1.x, `1.1` is somehow part of
 the name.
-On most POSIX platforms, shared libraries are named libcrypto.so.1.1
+On most POSIX platforms, shared libraries are named `libcrypto.so.1.1`
-and libssl.so.1.1.
+and `libssl.so.1.1`.
-on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
+on Cygwin, shared libraries are named `cygcrypto-1.1.dll` and `cygssl-1.1.dll`
-with import libraries libcrypto.dll.a and libssl.dll.a.
+with import libraries `libcrypto.dll.a` and `libssl.dll.a`.
 On Windows build with MSVC or using MingW, shared libraries are named
-libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll
+`libcrypto-1_1.dll` and `libssl-1_1.dll` for 32-bit Windows,
-and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
+`libcrypto-1_1-x64.dll` and `libssl-1_1-x64.dll` for 64-bit x86_64 Windows,
-and libssl-1_1-ia64.dll for IA64 Windows.  With MSVC, the import libraries
+and `libcrypto-1_1-ia64.dll` and `libssl-1_1-ia64.dll` for IA64 Windows.
-are named libcrypto.lib and libssl.lib, while with MingW, they are named
+With MSVC, the import libraries are named `libcrypto.lib` and `libssl.lib`,
-libcrypto.dll.a and libssl.dll.a.
+while with MingW, they are named `libcrypto.dll.a` and `libssl.dll.a`.
 On VMS, shareable images (VMS speak for shared libraries) are named
-ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe.  However, when
+`ossl$libcrypto0101_shr.exe` and `ossl$libssl0101_shr.exe`.  However, when
 OpenSSL is specifically built for 32-bit pointers, the shareable images
-are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe
+are named `ossl$libcrypto0101_shr32.exe` and `ossl$libssl0101_shr32.exe`
 instead, and when built for 64-bit pointers, they are named
-ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe.
+`ossl$libcrypto0101_shr64.exe` and `ossl$libssl0101_shr64.exe`.
 Notes on random number generation
 ---------------------------------
@ -1675,10 +1679,10 @@ available  method to seed the CSPRNG from the operating system's
 randomness sources.  This corresponds to the option `--with-rand-seed=os`.
 II) On systems without such a suitable randomness source, automatic seeding
-and reseeding is disabled (--with-rand-seed=none) and it may be necessary
+and reseeding is disabled (`--with-rand-seed=none`) and it may be necessary
 to install additional support software to obtain a random seed and reseed
-the CSPRNG manually.  Please check out the manual pages for RAND_add(),
+the CSPRNG manually.  Please check out the manual pages for `RAND_add()`,
-RAND_bytes(), RAND_egd(), and the FAQ for more information.
+`RAND_bytes()`, `RAND_egd()`, and the FAQ for more information.
 <!-- Links  -->
--- a/NOTES.VALGRIND
+++ b/NOTES.VALGRIND
@ -51,20 +51,20 @@ used to control what capabilities OpenSSL uses.
 As of valgrind-3.15.0 on Linux/x86_64, instructions up to AVX2 are
 supported. Setting the following disables instructions beyond AVX2:
-    OPENSSL_ia32cap=":0"
+`OPENSSL_ia32cap=":0"`
 This variable may need to be set to something different based on the
 processor and Valgrind version you are running tests on. More information
 may be found in [docs/man3/OPENSSL_ia32cap.pod](docs/man3/OPENSSL_ia32cap.pod).
 Additional variables (such as `VERBOSE` and `TESTS`) are described in the
-file [test/README.md]/(test/README.md).
+file [test/README.md](test/README.md).
 Example command line:
-    make test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0"
+    $ make test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0"
 If an error occurs, you can then run the specific test via the `TESTS`
 variable with the VERBOSE option to gather additional information.
-    make test VERBOSE=1 TESTS=test_test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0"
+    $ make test VERBOSE=1 TESTS=test_test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0"