Use \return and \throw consitently in the docs

2024-11-26 19:30:21 +00:00 · 2020-12-07 23:35:10 -05:00 · 2020-12-07 23:35:10 -05:00 · ac6987f3ae
commit ac6987f3ae
parent 4d2b58c8fe
54 changed files with 609 additions and 609 deletions
--- a/algebra.h
+++ b/algebra.h
@ -33,56 +33,56 @@ public:
 	/// \brief Compare two elements for equality
 	/// \param a first element
 	/// \param b second element
-	/// \returns true if the elements are equal, false otherwise
+	/// \return true if the elements are equal, false otherwise
 	/// \details Equal() tests the elements for equality using <tt>a==b</tt>
 	virtual bool Equal(const Element &a, const Element &b) const =0;
 	/// \brief Provides the Identity element
-	/// \returns the Identity element
+	/// \return the Identity element
 	virtual const Element& Identity() const =0;
 	/// \brief Adds elements in the group
 	/// \param a first element
 	/// \param b second element
-	/// \returns the sum of <tt>a</tt> and <tt>b</tt>
+	/// \return the sum of <tt>a</tt> and <tt>b</tt>
 	virtual const Element& Add(const Element &a, const Element &b) const =0;
 	/// \brief Inverts the element in the group
 	/// \param a first element
-	/// \returns the inverse of the element
+	/// \return the inverse of the element
 	virtual const Element& Inverse(const Element &a) const =0;
 	/// \brief Determine if inversion is fast
-	/// \returns true if inversion is fast, false otherwise
+	/// \return true if inversion is fast, false otherwise
 	virtual bool InversionIsFast() const {return false;}
 	/// \brief Doubles an element in the group
 	/// \param a the element
-	/// \returns the element doubled
+	/// \return the element doubled
 	virtual const Element& Double(const Element &a) const;
 	/// \brief Subtracts elements in the group
 	/// \param a first element
 	/// \param b second element
-	/// \returns the difference of <tt>a</tt> and <tt>b</tt>. The element <tt>a</tt> must provide a Subtract member function.
+	/// \return the difference of <tt>a</tt> and <tt>b</tt>. The element <tt>a</tt> must provide a Subtract member function.
 	virtual const Element& Subtract(const Element &a, const Element &b) const;
 	/// \brief TODO
 	/// \param a first element
 	/// \param b second element
-	/// \returns TODO
+	/// \return TODO
 	virtual Element& Accumulate(Element &a, const Element &b) const;
 	/// \brief Reduces an element in the congruence class
 	/// \param a element to reduce
 	/// \param b the congruence class
-	/// \returns the reduced element
+	/// \return the reduced element
 	virtual Element& Reduce(Element &a, const Element &b) const;
 	/// \brief Performs a scalar multiplication
 	/// \param a multiplicand
 	/// \param e multiplier
-	/// \returns the product
+	/// \return the product
 	virtual Element ScalarMultiply(const Element &a, const Integer &e) const;
 	/// \brief TODO
@ -90,7 +90,7 @@ public:
 	/// \param e1 the first multiplier
 	/// \param y second multiplicand
 	/// \param e2 the second multiplier
-	/// \returns TODO
+	/// \return TODO
 	virtual Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const;
 	/// \brief Multiplies a base to multiple exponents in a group
@ -135,17 +135,17 @@ public:
 	/// \brief Determines whether an element is a unit in the group
 	/// \param a the element
-	/// \returns true if the element is a unit after reduction, false otherwise.
+	/// \return true if the element is a unit after reduction, false otherwise.
 	virtual bool IsUnit(const Element &a) const =0;
 	/// \brief Retrieves the multiplicative identity
-	/// \returns the multiplicative identity
+	/// \return the multiplicative identity
 	virtual const Element& MultiplicativeIdentity() const =0;
 	/// \brief Multiplies elements in the group
 	/// \param a the multiplicand
 	/// \param b the multiplier
-	/// \returns the product of a and b
+	/// \return the product of a and b
 	virtual const Element& Multiply(const Element &a, const Element &b) const =0;
 	/// \brief Calculate the multiplicative inverse of an element in the group
@ -154,19 +154,19 @@ public:
 	/// \brief Square an element in the group
 	/// \param a the element
-	/// \returns the element squared
+	/// \return the element squared
 	virtual const Element& Square(const Element &a) const;
 	/// \brief Divides elements in the group
 	/// \param a the dividend
 	/// \param b the divisor
-	/// \returns the quotient
+	/// \return the quotient
 	virtual const Element& Divide(const Element &a, const Element &b) const;
 	/// \brief Raises a base to an exponent in the group
 	/// \param a the base
 	/// \param e the exponent
-	/// \returns the exponentiation
+	/// \return the exponentiation
 	virtual Element Exponentiate(const Element &a, const Integer &e) const;
 	/// \brief TODO
@ -174,7 +174,7 @@ public:
 	/// \param e1 first exponent
 	/// \param y second element
 	/// \param e2 second exponent
-	/// \returns TODO
+	/// \return TODO
 	virtual Element CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const;
 	/// \brief Exponentiates a base to multiple exponents in the Ring
@ -190,7 +190,7 @@ public:
 	virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
 	/// \brief Retrieves the multiplicative group
-	/// \returns the multiplicative group
+	/// \return the multiplicative group
 	virtual const AbstractGroup<T>& MultiplicativeGroup() const
 		{return m_mg;}
@ -288,13 +288,13 @@ public:
 	/// \brief Performs a modular reduction in the ring
 	/// \param a the element
 	/// \param b the modulus
-	/// \returns the result of <tt>a%b</tt>.
+	/// \return the result of <tt>a%b</tt>.
 	virtual const Element& Mod(const Element &a, const Element &b) const =0;
 	/// \brief Calculates the greatest common denominator in the ring
 	/// \param a the first element
 	/// \param b the second element
-	/// \returns the the greatest common denominator of a and b.
+	/// \return the the greatest common denominator of a and b.
 	virtual const Element& Gcd(const Element &a, const Element &b) const;
 protected:
--- a/allocate.h
+++ b/allocate.h
@ -16,7 +16,7 @@
 NAMESPACE_BEGIN(CryptoPP)
 /// \brief Attempts to reclaim unused memory
-/// \throws bad_alloc
+/// \throw bad_alloc
 /// \details In the normal course of running a program, a request for memory
 ///  normally succeeds. If a call to AlignedAllocate or UnalignedAllocate fails,
 ///  then CallNewHandler is called in n effort to recover. Internally,
@ -24,7 +24,7 @@ NAMESPACE_BEGIN(CryptoPP)
 ///  There is no guarantee CallNewHandler will be able to obtain more memory so
 ///  an allocation succeeds. If the call to set_new_handler fails, then CallNewHandler
 ///  throws a bad_alloc exception.
-/// \throws bad_alloc on failure
+/// \throw bad_alloc on failure
 /// \since Crypto++ 5.0
 /// \sa AlignedAllocate, AlignedDeallocate, UnalignedAllocate, UnalignedDeallocate
 CRYPTOPP_DLL void CRYPTOPP_API CallNewHandler();
--- a/arm_simd.h
+++ b/arm_simd.h
@ -22,7 +22,7 @@
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details PMULL_00() performs polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x00)</tt>.
 ///  The <tt>0x00</tt> indicates the low 64-bits of <tt>a</tt> and <tt>b</tt>
@ -52,7 +52,7 @@ inline uint64x2_t PMULL_00(const uint64x2_t a, const uint64x2_t b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details PMULL_01 performs() polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x01)</tt>.
 ///  The <tt>0x01</tt> indicates the low 64-bits of <tt>a</tt> and high
@ -82,7 +82,7 @@ inline uint64x2_t PMULL_01(const uint64x2_t a, const uint64x2_t b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details PMULL_10() performs polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x10)</tt>.
 ///  The <tt>0x10</tt> indicates the high 64-bits of <tt>a</tt> and low
@ -112,7 +112,7 @@ inline uint64x2_t PMULL_10(const uint64x2_t a, const uint64x2_t b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details PMULL_11() performs polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x11)</tt>.
 ///  The <tt>0x11</tt> indicates the high 64-bits of <tt>a</tt> and <tt>b</tt>
@ -143,7 +143,7 @@ inline uint64x2_t PMULL_11(const uint64x2_t a, const uint64x2_t b)
 /// \param a the first term
 /// \param b the second term
 /// \param c the byte count
-/// \returns vector
+/// \return vector
 /// \details VEXT_U8() extracts the first <tt>c</tt> bytes of vector
 ///  <tt>a</tt> and the remaining bytes in <tt>b</tt>.
 /// \since Crypto++ 8.0
@ -164,7 +164,7 @@ inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b, unsigned int c)
 /// \tparam C the byte count
 /// \param a the first term
 /// \param b the second term
-/// \returns vector
+/// \return vector
 /// \details VEXT_U8() extracts the first <tt>C</tt> bytes of vector
 ///  <tt>a</tt> and the remaining bytes in <tt>b</tt>.
 /// \since Crypto++ 8.0
--- a/asn.h
+++ b/asn.h
@ -117,14 +117,14 @@ public:
 /// \brief DER encode a length
 /// \param bt BufferedTransformation object for writing
 /// \param length the size to encode
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API DERLengthEncode(BufferedTransformation &bt, lword length);
 /// \brief BER decode a length
 /// \param bt BufferedTransformation object for reading
 /// \param length the decoded size
-/// \returns true if the value was decoded
+/// \return true if the value was decoded
-/// \throws BERDecodeError if the value fails to decode or is too large for size_t
+/// \throw BERDecodeError if the value fails to decode or is too large for size_t
 /// \details BERLengthDecode() returns false if the encoding is indefinite length.
 CRYPTOPP_DLL bool CRYPTOPP_API BERLengthDecode(BufferedTransformation &bt, size_t &length);
@ -140,25 +140,25 @@ CRYPTOPP_DLL void CRYPTOPP_API BERDecodeNull(BufferedTransformation &bt);
 /// \param bt BufferedTransformation object for writing
 /// \param str the string to encode
 /// \param strLen the length of the string
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t strLen);
 /// \brief DER encode octet string
 /// \param bt BufferedTransformation object for reading
 /// \param str the string to encode
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const SecByteBlock &str);
 /// \brief BER decode octet string
 /// \param bt BufferedTransformation object for reading
 /// \param str the decoded string
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str);
 /// \brief BER decode octet string
 /// \param bt BufferedTransformation object for reading
 /// \param str the decoded string
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &str);
 /// \brief DER encode text string
@ -166,7 +166,7 @@ CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt
 /// \param str the string to encode
 /// \param strLen the length of the string, in bytes
 /// \param asnTag the ASN.1 identifier
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 /// \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
 /// \since Crypto++ 8.3
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const byte* str, size_t strLen, byte asnTag);
@ -175,7 +175,7 @@ CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt,
 /// \param bt BufferedTransformation object for writing
 /// \param str the string to encode
 /// \param asnTag the ASN.1 identifier
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 /// \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
 /// \since Crypto++ 8.3
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const SecByteBlock &str, byte asnTag);
@ -184,7 +184,7 @@ CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt,
 /// \param bt BufferedTransformation object for writing
 /// \param str the string to encode
 /// \param asnTag the ASN.1 identifier
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 /// \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
 /// \since Crypto++ 6.0
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag);
@ -209,7 +209,7 @@ CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeTextString(BufferedTransformation &bt,
 /// \param bt BufferedTransformation object for writing
 /// \param str the date to encode
 /// \param asnTag the ASN.1 identifier
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 /// \details BERDecodeDate() can be used for UTC_TIME and GENERALIZED_TIME
 /// \since Crypto++ 8.3
 CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeDate(BufferedTransformation &bt, const SecByteBlock &str, byte asnTag);
@ -227,7 +227,7 @@ CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeDate(BufferedTransformation &bt, SecBy
 /// \param str the string to encode
 /// \param strLen the length of the string
 /// \param unusedBits the number of unused bits
-/// \returns the number of octets used for the encoding
+/// \return the number of octets used for the encoding
 /// \details The caller is responsible for shifting octets if unusedBits is
 ///  not 0. For example, to DER encode a web server X.509 key usage, the 101b
 ///  bit mask is often used (digitalSignature and keyEncipherment). In this
@ -253,7 +253,7 @@ CRYPTOPP_DLL void CRYPTOPP_API DERReencode(BufferedTransformation &bt, BufferedT
 /// \brief BER decode size
 /// \param bt BufferedTransformation object for reading
-/// \returns the length of the ASN.1 value, in bytes
+/// \return the length of the ASN.1 value, in bytes
 /// \details BERDecodePeekLength() determines the length of a value without
 ///  consuming octets in the stream. The stream must use definite length encoding.
 ///  If indefinite length encoding is used or an error occurs, then 0 is returned.
@ -295,7 +295,7 @@ public:
 	/// \brief BER decode an OID
 	/// \param bt BufferedTransformation object
-	/// \throws BERDecodeErr() if decoded value doesn't match an expected OID
+	/// \throw BERDecodeErr() if decoded value doesn't match an expected OID
 	/// \details BERDecodeAndCheck() can be used to parse an OID and verify it matches an expected.
 	/// <pre>
 	///   BERSequenceDecoder key(bt);
@ -306,14 +306,14 @@ public:
 	void BERDecodeAndCheck(BufferedTransformation &bt) const;
 	/// \brief Determine if OID is empty
-	/// \returns true if OID has 0 elements, false otherwise
+	/// \return true if OID has 0 elements, false otherwise
 	/// \since Crypto++ 8.0
 	bool Empty() const {
 		return m_values.empty();
 	}
 	/// \brief Retrieve OID value array
-	/// \returns OID value vector
+	/// \return OID value vector
 	/// \since Crypto++ 8.0
 	const std::vector<word32>& GetValues() const {
 		return m_values;
@ -321,7 +321,7 @@ public:
 	/// \brief Print an OID
 	/// \param out ostream object
-	/// \returns ostream reference
+	/// \return ostream reference
 	/// \details Print() writes the OID in a customary format, like
 	///  1.2.840.113549.1.1.11. The caller is reposnsible to convert the
 	///  OID to a friendly name, like sha256WithRSAEncryption.
@ -400,13 +400,13 @@ public:
 	explicit BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag);
 	/// \brief Determine length encoding
-	/// \returns true if the ASN.1 object is definite length encoded, false otherwise
+	/// \return true if the ASN.1 object is definite length encoded, false otherwise
 	bool IsDefiniteLength() const {
 		return m_definiteLength;
 	}
 	/// \brief Determine remaining length
-	/// \returns number of octets that remain to be consumed
+	/// \return number of octets that remain to be consumed
 	/// \details RemainingLength() is only valid if IsDefiniteLength()
 	///  returns true.
 	lword RemainingLength() const {
@ -415,19 +415,19 @@ public:
 	}
 	/// \brief Determine end of stream
-	/// \returns true if all octets have been consumed, false otherwise
+	/// \return true if all octets have been consumed, false otherwise
 	bool EndReached() const;
 	/// \brief Determine next octet
-	/// \returns next octet in the stream
+	/// \return next octet in the stream
 	/// \details PeekByte does not consume the octet.
-	/// \throws BERDecodeError if there are no octets remaining
+	/// \throw BERDecodeError if there are no octets remaining
 	byte PeekByte() const;
 	/// \brief Determine next octet
 	/// \details CheckByte reads the next byte in the stream and verifies
 	///  the octet matches b.
-	/// \throws BERDecodeError if the next octet is not b
+	/// \throw BERDecodeError if the next octet is not b
 	void CheckByte(byte b);
 	/// \brief Transfer bytes to another BufferedTransformation
@ -707,7 +707,7 @@ public:
 	void DEREncode(BufferedTransformation &bt) const;
 	/// \brief Retrieves the OID of the algorithm
-	/// \returns OID of the algorithm
+	/// \return OID of the algorithm
 	virtual OID GetAlgorithmID() const =0;
 	/// \brief Decode algorithm parameters
@ -753,7 +753,7 @@ public:
 	void DEREncode(BufferedTransformation &bt) const;
 	/// \brief Retrieves the OID of the algorithm
-	/// \returns OID of the algorithm
+	/// \return OID of the algorithm
 	virtual OID GetAlgorithmID() const =0;
 	/// \brief Decode optional parameters
@ -850,7 +850,7 @@ size_t DEREncodeUnsigned(BufferedTransformation &out, T w, byte asnTag = INTEGER
 /// \param asnTag the ASN.1 identifier
 /// \param minValue the minimum expected value
 /// \param maxValue the maximum expected value
-/// \throws BERDecodeErr() if the value cannot be parsed or the decoded value is not within range.
+/// \throw BERDecodeErr() if the value cannot be parsed or the decoded value is not within range.
 /// \details DEREncodeUnsigned() can be used with INTEGER, BOOLEAN, and ENUM
 template <class T>
 void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
@ -902,30 +902,30 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
 /// \brief Compare two OIDs for equality
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the OIDs are equal, false otherwise
+/// \return true if the OIDs are equal, false otherwise
 inline bool operator==(const OID &lhs, const OID &rhs);
 /// \brief Compare two OIDs for inequality
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the OIDs are not equal, false otherwise
+/// \return true if the OIDs are not equal, false otherwise
 inline bool operator!=(const OID &lhs, const OID &rhs);
 /// \brief Compare two OIDs for ordering
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the first OID is less than the second OID, false otherwise
+/// \return true if the first OID is less than the second OID, false otherwise
 /// \details operator<() calls std::lexicographical_compare() on each element in the array of values.
 inline bool operator<(const OID &lhs, const OID &rhs);
 /// \brief Compare two OIDs for ordering
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the first OID is less than or equal to the second OID, false otherwise
+/// \return true if the first OID is less than or equal to the second OID, false otherwise
 /// \details operator<=() is implemented in terms of operator==() and operator<().
 /// \since Crypto++ 8.3
 inline bool operator<=(const OID &lhs, const OID &rhs);
 /// \brief Compare two OIDs for ordering
 /// \param lhs the first OID
 /// \param rhs the second OID
-/// \returns true if the first OID is greater than or equal to the second OID, false otherwise
+/// \return true if the first OID is greater than or equal to the second OID, false otherwise
 /// \details operator>=() is implemented in terms of operator<().
 /// \since Crypto++ 8.3
 inline bool operator>=(const OID &lhs, const OID &rhs);
--- a/basecode.h
+++ b/basecode.h
@ -30,7 +30,7 @@ public:
 	/// \param attachment a BufferedTransformation to attach to this object
 	/// \param padding the character to use as padding
 	/// \pre log2base must be between 1 and 7 inclusive
-	/// \throws InvalidArgument if log2base is not between 1 and 7
+	/// \throw InvalidArgument if log2base is not between 1 and 7
 	BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULLPTR, int padding=-1)
 		: m_alphabet(NULLPTR), m_padding(0), m_bitsPerChar(0)
 		, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
--- a/blake2.h
+++ b/blake2.h
@ -280,7 +280,7 @@ public:
        bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
    /// \brief Retrieve the object's name
-    /// \returns the object's algorithm name following RFC 7693
+    /// \return the object's algorithm name following RFC 7693
    /// \details Object algorithm name follows the naming described in
    ///   <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The BLAKE2 Cryptographic Hash and
    /// Message Authentication Code (MAC)</A>. For example, "BLAKE2b-512" and "BLAKE2s-256".
@ -308,7 +308,7 @@ public:
    void SetTreeMode(bool mode) {m_treeMode=mode;}
    /// \brief Get tree mode
-    /// \returns the current tree mode
+    /// \return the current tree mode
    /// \details Tree mode is persisted across calls to Restart().
    bool GetTreeMode() const {return m_treeMode;}
@ -387,7 +387,7 @@ public:
        bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
    /// \brief Retrieve the object's name
-    /// \returns the object's algorithm name following RFC 7693
+    /// \return the object's algorithm name following RFC 7693
    /// \details Object algorithm name follows the naming described in
    ///   <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The BLAKE2 Cryptographic Hash and
    /// Message Authentication Code (MAC)</A>. For example, "BLAKE2b-512" and "BLAKE2s-256".
@ -415,7 +415,7 @@ public:
    void SetTreeMode(bool mode) {m_treeMode=mode;}
    /// \brief Get tree mode
-    /// \returns the current tree mode
+    /// \return the current tree mode
    /// \details Tree mode is persisted across calls to Restart().
    bool GetTreeMode() const {return m_treeMode;}
--- a/chacha.h
+++ b/chacha.h
@ -41,7 +41,7 @@ NAMESPACE_BEGIN(CryptoPP)
 struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    /// \details Bernstein named the cipher variants ChaCha8, ChaCha12 and
@ -98,7 +98,7 @@ struct ChaCha : public ChaCha_Info, public SymmetricCipherDocumentation
 struct ChaChaTLS_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 12>, FixedRounds<20>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    /// \details This is the IETF's variant of Bernstein's ChaCha from RFC
@ -166,7 +166,7 @@ struct ChaChaTLS : public ChaChaTLS_Info, public SymmetricCipherDocumentation
 struct XChaCha20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    /// \details This is the IETF's XChaCha from draft-arciszewski-xchacha.
--- a/cham.h
+++ b/cham.h
@ -32,7 +32,7 @@ NAMESPACE_BEGIN(CryptoPP)
 struct CHAM64_Info : public FixedBlockSize<8>, public FixedKeyLength<16>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    static const std::string StaticAlgorithmName()
@ -47,7 +47,7 @@ struct CHAM64_Info : public FixedBlockSize<8>, public FixedKeyLength<16>
 struct CHAM128_Info : public FixedBlockSize<16>, public VariableKeyLength<16,16,32,16>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    static const std::string StaticAlgorithmName()
--- a/cpu.h
+++ b/cpu.h
@ -110,7 +110,7 @@ CRYPTOPP_DLL bool CRYPTOPP_API CpuId(word32 func, word32 subfunc, word32 output[
 //@{
 /// \brief Determine SSE2 availability
-/// \returns true if SSE2 is determined to be available, false otherwise
+/// \return true if SSE2 is determined to be available, false otherwise
 /// \details MMX, SSE and SSE2 are core processor features for x86_64, and
 ///  the function return value is based on OSXSAVE. On i386 both
 ///  SSE2 and OSXSAVE are used for the return value.
@ -127,7 +127,7 @@ inline bool HasSSE2()
 }
 /// \brief Determine SSSE3 availability
-/// \returns true if SSSE3 is determined to be available, false otherwise
+/// \return true if SSSE3 is determined to be available, false otherwise
 /// \details HasSSSE3() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasSSSE3()
@ -142,7 +142,7 @@ inline bool HasSSSE3()
 }
 /// \brief Determine SSE4.1 availability
-/// \returns true if SSE4.1 is determined to be available, false otherwise
+/// \return true if SSE4.1 is determined to be available, false otherwise
 /// \details HasSSE41() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasSSE41()
@ -157,7 +157,7 @@ inline bool HasSSE41()
 }
 /// \brief Determine SSE4.2 availability
-/// \returns true if SSE4.2 is determined to be available, false otherwise
+/// \return true if SSE4.2 is determined to be available, false otherwise
 /// \details HasSSE42() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasSSE42()
@ -172,7 +172,7 @@ inline bool HasSSE42()
 }
 /// \brief Determine MOVBE availability
-/// \returns true if MOVBE is determined to be available, false otherwise
+/// \return true if MOVBE is determined to be available, false otherwise
 /// \details HasMOVBE() is a runtime check performed using CPUID
 /// \since Crypto++ 8.3
 /// \note This function is only available on Intel IA-32 platforms
@ -188,7 +188,7 @@ inline bool HasMOVBE()
 }
 /// \brief Determine AES-NI availability
-/// \returns true if AES-NI is determined to be available, false otherwise
+/// \return true if AES-NI is determined to be available, false otherwise
 /// \details HasAESNI() is a runtime check performed using CPUID
 /// \since Crypto++ 5.6.1
 /// \note This function is only available on Intel IA-32 platforms
@ -204,7 +204,7 @@ inline bool HasAESNI()
 }
 /// \brief Determine Carryless Multiply availability
-/// \returns true if pclmulqdq is determined to be available, false otherwise
+/// \return true if pclmulqdq is determined to be available, false otherwise
 /// \details HasCLMUL() is a runtime check performed using CPUID
 /// \since Crypto++ 5.6.1
 /// \note This function is only available on Intel IA-32 platforms
@ -220,7 +220,7 @@ inline bool HasCLMUL()
 }
 /// \brief Determine SHA availability
-/// \returns true if SHA is determined to be available, false otherwise
+/// \return true if SHA is determined to be available, false otherwise
 /// \details HasSHA() is a runtime check performed using CPUID
 /// \since Crypto++ 6.0
 /// \note This function is only available on Intel IA-32 platforms
@ -236,7 +236,7 @@ inline bool HasSHA()
 }
 /// \brief Determine ADX availability
-/// \returns true if ADX is determined to be available, false otherwise
+/// \return true if ADX is determined to be available, false otherwise
 /// \details HasADX() is a runtime check performed using CPUID
 /// \since Crypto++ 7.0
 /// \note This function is only available on Intel IA-32 platforms
@ -252,7 +252,7 @@ inline bool HasADX()
 }
 /// \brief Determine AVX availability
-/// \returns true if AVX is determined to be available, false otherwise
+/// \return true if AVX is determined to be available, false otherwise
 /// \details HasAVX() is a runtime check performed using CPUID
 /// \since Crypto++ 8.0
 /// \note This function is only available on Intel IA-32 platforms
@ -268,7 +268,7 @@ inline bool HasAVX()
 }
 /// \brief Determine AVX2 availability
-/// \returns true if AVX2 is determined to be available, false otherwise
+/// \return true if AVX2 is determined to be available, false otherwise
 /// \details HasAVX2() is a runtime check performed using CPUID
 /// \since Crypto++ 8.0
 /// \note This function is only available on Intel IA-32 platforms
@ -284,7 +284,7 @@ inline bool HasAVX2()
 }
 /// \brief Determine RDRAND availability
-/// \returns true if RDRAND is determined to be available, false otherwise
+/// \return true if RDRAND is determined to be available, false otherwise
 /// \details HasRDRAND() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasRDRAND()
@ -299,7 +299,7 @@ inline bool HasRDRAND()
 }
 /// \brief Determine RDSEED availability
-/// \returns true if RDSEED is determined to be available, false otherwise
+/// \return true if RDSEED is determined to be available, false otherwise
 /// \details HasRDSEED() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasRDSEED()
@ -314,7 +314,7 @@ inline bool HasRDSEED()
 }
 /// \brief Determine Padlock RNG availability
-/// \returns true if VIA Padlock RNG is determined to be available, false otherwise
+/// \return true if VIA Padlock RNG is determined to be available, false otherwise
 /// \details HasPadlockRNG() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasPadlockRNG()
@ -329,7 +329,7 @@ inline bool HasPadlockRNG()
 }
 /// \brief Determine Padlock ACE availability
-/// \returns true if VIA Padlock ACE is determined to be available, false otherwise
+/// \return true if VIA Padlock ACE is determined to be available, false otherwise
 /// \details HasPadlockACE() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasPadlockACE()
@ -344,7 +344,7 @@ inline bool HasPadlockACE()
 }
 /// \brief Determine Padlock ACE2 availability
-/// \returns true if VIA Padlock ACE2 is determined to be available, false otherwise
+/// \return true if VIA Padlock ACE2 is determined to be available, false otherwise
 /// \details HasPadlockACE2() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasPadlockACE2()
@ -359,7 +359,7 @@ inline bool HasPadlockACE2()
 }
 /// \brief Determine Padlock PHE availability
-/// \returns true if VIA Padlock PHE is determined to be available, false otherwise
+/// \return true if VIA Padlock PHE is determined to be available, false otherwise
 /// \details HasPadlockPHE() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasPadlockPHE()
@ -374,7 +374,7 @@ inline bool HasPadlockPHE()
 }
 /// \brief Determine Padlock PMM availability
-/// \returns true if VIA Padlock PMM is determined to be available, false otherwise
+/// \return true if VIA Padlock PMM is determined to be available, false otherwise
 /// \details HasPadlockPMM() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool HasPadlockPMM()
@ -389,7 +389,7 @@ inline bool HasPadlockPMM()
 }
 /// \brief Determine if the CPU is an Intel P4
-/// \returns true if the CPU is a P4, false otherwise
+/// \return true if the CPU is a P4, false otherwise
 /// \details IsP4() is a runtime check performed using CPUID
 /// \note This function is only available on Intel IA-32 platforms
 inline bool IsP4()
@ -400,7 +400,7 @@ inline bool IsP4()
 }
 /// \brief Provides the cache line size
-/// \returns lower bound on the size of a cache line in bytes, if available
+/// \return lower bound on the size of a cache line in bytes, if available
 /// \details GetCacheLineSize() returns the lower bound on the size of a cache line, if it
 ///  is available. If the value is not available at runtime, then 32 is returned for a 32-bit
 ///  processor and 64 is returned for a 64-bit processor.
@ -442,7 +442,7 @@ void CRYPTOPP_API DetectArmFeatures();
 //@{
 /// \brief Determine if an ARM processor is ARMv7 or above
-/// \returns true if the hardware is ARMv7 or above, false otherwise.
+/// \return true if the hardware is ARMv7 or above, false otherwise.
 /// \details Some AES code requires ARMv7 or above
 /// \since Crypto++ 8.0
 /// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms
@ -459,7 +459,7 @@ inline bool HasARMv7()
 }
 /// \brief Determine if an ARM processor has Advanced SIMD available
-/// \returns true if the hardware is capable of Advanced SIMD at runtime, false otherwise.
+/// \return true if the hardware is capable of Advanced SIMD at runtime, false otherwise.
 /// \details Advanced SIMD instructions are available under most ARMv7, Aarch32 and Aarch64.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mfpu=neon</tt> (32-bit) or <tt>-march=armv8-a</tt>
@ -479,7 +479,7 @@ inline bool HasNEON()
 }
 /// \brief Determine if an ARM processor provides Polynomial Multiplication
-/// \returns true if the hardware is capable of polynomial multiplications at runtime,
+/// \return true if the hardware is capable of polynomial multiplications at runtime,
 ///  false otherwise.
 /// \details The multiplication instructions are available under Aarch32 and Aarch64.
 /// \details Runtime support requires compile time support. When compiling with GCC,
@ -499,7 +499,7 @@ inline bool HasPMULL()
 }
 /// \brief Determine if an ARM processor has CRC32 available
-/// \returns true if the hardware is capable of CRC32 at runtime, false otherwise.
+/// \return true if the hardware is capable of CRC32 at runtime, false otherwise.
 /// \details CRC32 instructions provide access to the processor's CRC-32 and CRC-32C
 ///  instructions. They are provided by ARM C Language Extensions 2.0 (ACLE 2.0) and
 ///  available under Aarch32 and Aarch64.
@ -520,7 +520,7 @@ inline bool HasCRC32()
 }
 /// \brief Determine if an ARM processor has AES available
-/// \returns true if the hardware is capable of AES at runtime, false otherwise.
+/// \return true if the hardware is capable of AES at runtime, false otherwise.
 /// \details AES is part of the optional Crypto extensions on Aarch32 and Aarch64. They are
 ///  accessed using ARM C Language Extensions 2.0 (ACLE 2.0).
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
@ -540,7 +540,7 @@ inline bool HasAES()
 }
 /// \brief Determine if an ARM processor has SHA1 available
-/// \returns true if the hardware is capable of SHA1 at runtime, false otherwise.
+/// \return true if the hardware is capable of SHA1 at runtime, false otherwise.
 /// \details SHA1 is part of the optional Crypto extensions on Aarch32 and Aarch64. They are
 ///  accessed using ARM C Language Extensions 2.0 (ACLE 2.0).
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
@ -560,7 +560,7 @@ inline bool HasSHA1()
 }
 /// \brief Determine if an ARM processor has SHA256 available
-/// \returns true if the hardware is capable of SHA256 at runtime, false otherwise.
+/// \return true if the hardware is capable of SHA256 at runtime, false otherwise.
 /// \details SHA256 is part of the optional Crypto extensions on Aarch32 and Aarch64. They are
 ///  accessed using ARM C Language Extensions 2.0 (ACLE 2.0).
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
@ -580,7 +580,7 @@ inline bool HasSHA2()
 }
 /// \brief Determine if an ARM processor has SHA512 available
-/// \returns true if the hardware is capable of SHA512 at runtime, false otherwise.
+/// \return true if the hardware is capable of SHA512 at runtime, false otherwise.
 /// \details SHA512 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They
 ///  are accessed using ARM C Language Extensions 2.0 (ACLE 2.0).
 /// \details Runtime support requires compile time support. When compiling with GCC, you
@ -600,7 +600,7 @@ inline bool HasSHA512()
 }
 /// \brief Determine if an ARM processor has SHA3 available
-/// \returns true if the hardware is capable of SHA3 at runtime, false otherwise.
+/// \return true if the hardware is capable of SHA3 at runtime, false otherwise.
 /// \details SHA3 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They
 ///  are accessed using ARM C Language Extensions 2.0 (ACLE 2.0).
 /// \details Runtime support requires compile time support. When compiling with GCC, you
@ -620,7 +620,7 @@ inline bool HasSHA3()
 }
 /// \brief Determine if an ARM processor has SM3 available
-/// \returns true if the hardware is capable of SM3 at runtime, false otherwise.
+/// \return true if the hardware is capable of SM3 at runtime, false otherwise.
 /// \details SM3 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They
 ///  are accessed using ARM C Language Extensions 2.0 (ACLE 2.0).
 /// \details Runtime support requires compile time support. When compiling with GCC, you
@ -640,7 +640,7 @@ inline bool HasSM3()
 }
 /// \brief Determine if an ARM processor has SM4 available
-/// \returns true if the hardware is capable of SM4 at runtime, false otherwise.
+/// \return true if the hardware is capable of SM4 at runtime, false otherwise.
 /// \details SM4 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They
 ///  are accessed using ARM C Language Extensions 2.0 (ACLE 2.0).
 /// \details Runtime support requires compile time support. When compiling with GCC, you
@ -687,7 +687,7 @@ void CRYPTOPP_API DetectPowerpcFeatures();
 //@{
 /// \brief Determine if a PowerPC processor has Altivec available
-/// \returns true if the hardware is capable of Altivec at runtime, false otherwise.
+/// \return true if the hardware is capable of Altivec at runtime, false otherwise.
 /// \details Altivec instructions are available on modern PowerPCs.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power4</tt>; while IBM XL C/C++ compilers require
@ -705,7 +705,7 @@ inline bool HasAltivec()
 }
 /// \brief Determine if a PowerPC processor has Power7 available
-/// \returns true if the hardware is capable of Power7 at runtime, false otherwise.
+/// \return true if the hardware is capable of Power7 at runtime, false otherwise.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power7</tt>; while IBM XL C/C++ compilers require
 ///  <tt>-qarch=pwr7 -qaltivec</tt>. Also see PowerPC's <tt>_ALTIVEC_</tt> preprocessor macro.
@ -722,7 +722,7 @@ inline bool HasPower7()
 }
 /// \brief Determine if a PowerPC processor has Power8 available
-/// \returns true if the hardware is capable of Power8 at runtime, false otherwise.
+/// \return true if the hardware is capable of Power8 at runtime, false otherwise.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power8</tt>; while IBM XL C/C++ compilers require
 ///  <tt>-qarch=pwr8 -qaltivec</tt>. Also see PowerPC's <tt>_ALTIVEC_</tt> preprocessor macro.
@ -739,7 +739,7 @@ inline bool HasPower8()
 }
 /// \brief Determine if a PowerPC processor has Power9 available
-/// \returns true if the hardware is capable of Power9 at runtime, false otherwise.
+/// \return true if the hardware is capable of Power9 at runtime, false otherwise.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power9</tt>; while IBM XL C/C++ compilers require
 ///  <tt>-qarch=pwr9 -qaltivec</tt>. Also see PowerPC's <tt>_ALTIVEC_</tt> preprocessor macro.
@ -756,7 +756,7 @@ inline bool HasPower9()
 }
 /// \brief Determine if a PowerPC processor has AES available
-/// \returns true if the hardware is capable of AES at runtime, false otherwise.
+/// \return true if the hardware is capable of AES at runtime, false otherwise.
 /// \details AES is part of the in-crypto extensions on Power8 and Power9.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power8</tt>; while IBM XL C/C++ compilers require
@ -774,7 +774,7 @@ inline bool HasAES()
 }
 /// \brief Determine if a PowerPC processor has Polynomial Multiply available
-/// \returns true if the hardware is capable of PMULL at runtime, false otherwise.
+/// \return true if the hardware is capable of PMULL at runtime, false otherwise.
 /// \details PMULL is part of the in-crypto extensions on Power8 and Power9.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power8</tt>; while IBM XL C/C++ compilers require
@ -792,7 +792,7 @@ inline bool HasPMULL()
 }
 /// \brief Determine if a PowerPC processor has SHA256 available
-/// \returns true if the hardware is capable of SHA256 at runtime, false otherwise.
+/// \return true if the hardware is capable of SHA256 at runtime, false otherwise.
 /// \details SHA is part of the in-crypto extensions on Power8 and Power9.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power8</tt>; while IBM XL C/C++ compilers require
@ -810,7 +810,7 @@ inline bool HasSHA256()
 }
 /// \brief Determine if a PowerPC processor has SHA512 available
-/// \returns true if the hardware is capable of SHA512 at runtime, false otherwise.
+/// \return true if the hardware is capable of SHA512 at runtime, false otherwise.
 /// \details SHA is part of the in-crypto extensions on Power8 and Power9.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power8</tt>; while IBM XL C/C++ compilers require
@ -828,7 +828,7 @@ inline bool HasSHA512()
 }
 /// \brief Determine if a PowerPC processor has DARN available
-/// \returns true if the hardware is capable of DARN at runtime, false otherwise.
+/// \return true if the hardware is capable of DARN at runtime, false otherwise.
 /// \details Runtime support requires compile time support. When compiling with GCC, you may
 ///  need to compile with <tt>-mcpu=power9</tt>; while IBM XL C/C++ compilers require
 ///  <tt>-qarch=pwr9 -qaltivec</tt>. Also see PowerPC's <tt>_ALTIVEC_</tt> preprocessor macro.
@ -850,7 +850,7 @@ inline bool HasDARN()
 }
 /// \brief Provides the cache line size
-/// \returns lower bound on the size of a cache line in bytes, if available
+/// \return lower bound on the size of a cache line in bytes, if available
 /// \details GetCacheLineSize() returns the lower bound on the size of a cache line, if it
 ///  is available. If the value is not available at runtime, then 32 is returned for a 32-bit
 ///  processor and 64 is returned for a 64-bit processor.
@ -873,7 +873,7 @@ inline int GetCacheLineSize()
 // Non-Intel systems
 #if !(CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64)
 /// \brief Provides the cache line size
-/// \returns lower bound on the size of a cache line in bytes, if available
+/// \return lower bound on the size of a cache line in bytes, if available
 /// \details GetCacheLineSize() returns the lower bound on the size of a cache line, if it
 ///  is available. If the value is not available at runtime, then 32 is returned for a 32-bit
 ///  processor and 64 is returned for a 64-bit processor.
--- a/cryptlib.h
+++ b/cryptlib.h
@ -446,7 +446,7 @@ public:
 	/// \param name the name of the value
 	/// \param stored the type that was stored for the name
 	/// \param retrieving the type that is being retrieved for the name
-	/// \throws ValueTypeMismatch
+	/// \throw ValueTypeMismatch
 	/// \details ThrowIfTypeMismatch() effectively performs a type safety check.
 	///  stored and retrieving are C++ mangled names for the type.
 	/// \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(),
@ -459,7 +459,7 @@ public:
 	/// \param className the name of the class
 	/// \param name the name of the value
 	/// \param value reference to a variable to receive the value
-	/// \throws InvalidArgument
+	/// \throw InvalidArgument
 	/// \details GetRequiredParameter() throws InvalidArgument if the name
 	///  is not present or not of the expected type T.
 	/// \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(),
@ -475,7 +475,7 @@ public:
 	/// \param className the name of the class
 	/// \param name the name of the value
 	/// \param value reference to a variable to receive the value
-	/// \throws InvalidArgument
+	/// \throw InvalidArgument
 	/// \details GetRequiredParameter() throws InvalidArgument if the name
 	///  is not present or not of the expected type T.
 	/// \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(),
@ -588,7 +588,7 @@ public:
 	/// \brief Copies  this object
 	/// \return a copy of this object
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \note this is \a not implemented by most classes
 	/// \sa NotCopyable
 	virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");}	// TODO: make this =0
@ -756,7 +756,7 @@ public:
 	/// \brief Returns length of the IV accepted by this object
 	/// \return the size of an IV, in bytes
-	/// \throws NotImplemented() if the object does not support resynchronization
+	/// \throw NotImplemented() if the object does not support resynchronization
 	/// \details The default implementation throws NotImplemented
 	virtual unsigned int IVSize() const
 		{throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}
@ -767,19 +767,19 @@ public:
 	/// \brief Provides the minimum size of an IV
 	/// \return minimal length of IVs accepted by this object, in bytes
-	/// \throws NotImplemented() if the object does not support resynchronization
+	/// \throw NotImplemented() if the object does not support resynchronization
 	virtual unsigned int MinIVLength() const {return IVSize();}
 	/// \brief Provides the maximum size of an IV
 	/// \return maximal length of IVs accepted by this object, in bytes
-	/// \throws NotImplemented() if the object does not support resynchronization
+	/// \throw NotImplemented() if the object does not support resynchronization
 	virtual unsigned int MaxIVLength() const {return IVSize();}
 	/// \brief Resynchronize with an IV
 	/// \param iv the initialization vector
 	/// \param ivLength the size of the initialization vector, in bytes
 	/// \details Resynchronize() resynchronizes with an IV provided by the caller. <tt>ivLength=-1</tt> means use IVSize().
-	/// \throws NotImplemented() if the object does not support resynchronization
+	/// \throw NotImplemented() if the object does not support resynchronization
 	virtual void Resynchronize(const byte *iv, int ivLength=-1) {
 		CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(ivLength);
 		throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");
@ -810,11 +810,11 @@ protected:
 	/// \brief Validates the key length
 	/// \param length the size of the keying material, in bytes
-	/// \throws InvalidKeyLength if the key length is invalid
+	/// \throw InvalidKeyLength if the key length is invalid
 	void ThrowIfInvalidKeyLength(size_t length);
 	/// \brief Validates the object
-	/// \throws InvalidArgument if the IV is present
+	/// \throw InvalidArgument if the IV is present
 	/// \details Internally, the default implementation calls IsResynchronizable() and throws
 	///  InvalidArgument if the function returns  true.
 	/// \note called when no IV is passed
@ -822,7 +822,7 @@ protected:
 	/// \brief Validates the IV
 	/// \param iv the IV with a length of IVSize, in bytes
-	/// \throws InvalidArgument on failure
+	/// \throw InvalidArgument on failure
 	/// \details Internally, the default implementation checks the iv. If iv is not NULL or nullptr,
 	///  then the function succeeds. If iv is NULL, then IVRequirement is checked against
 	///  UNPREDICTABLE_RANDOM_IV. If IVRequirement is UNPREDICTABLE_RANDOM_IV, then
@ -831,14 +831,14 @@ protected:
 	/// \brief Validates the IV length
 	/// \param length the size of an IV, in bytes
-	/// \throws InvalidArgument if the IV length is invalid
+	/// \throw InvalidArgument if the IV length is invalid
 	size_t ThrowIfInvalidIVLength(int length);
 	/// \brief Retrieves and validates the IV
 	/// \param params NameValuePairs with the IV supplied as a ConstByteArrayParameter
 	/// \param size the length of the IV, in bytes
 	/// \return a pointer to the first byte of the IV
-	/// \throws InvalidArgument if the number of rounds are invalid
+	/// \throw InvalidArgument if the number of rounds are invalid
 	const byte * GetIVAndThrowIfInvalid(const NameValuePairs &params, size_t &size);
 	/// \brief Validates the key length
@ -1080,7 +1080,7 @@ public:
 	/// \brief Seek to an absolute position
 	/// \param pos position to seek
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \details The base class implementation throws NotImplemented. The function
 	///  \ref CRYPTOPP_ASSERT "asserts" IsRandomAccess() in debug builds.
 	virtual void Seek(lword pos)
@ -1191,7 +1191,7 @@ public:
 	/// \brief Verifies the hash of the current message
 	/// \param digest a pointer to the buffer of an \a existing hash
 	/// \return \p true if the existing hash matches the computed hash, \p false otherwise
-	/// \throws ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize()
+	/// \throw ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize()
 	/// \details Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is
 	///  a constant time comparison function. digestLength cannot exceed DigestSize().
 	/// \details Verify() restarts the hash for the next message.
@ -1205,7 +1205,7 @@ public:
 	/// \param input the additional input as a buffer
 	/// \param length the size of the buffer, in bytes
 	/// \return \p true if the existing hash matches the computed hash, \p false otherwise
-	/// \throws ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize()
+	/// \throw ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize()
 	/// \details Use this if your input is in one piece and you don't want to call Update()
 	///  and Verify() separately
 	/// \details VerifyDigest() performs a bitwise compare on the buffers using VerifyBufsEqual(),
@ -1240,7 +1240,7 @@ public:
 	/// \param digest a pointer to the buffer of an \a existing hash
 	/// \param digestLength the size of the truncated hash, in bytes
 	/// \return \p true if the existing hash matches the computed hash, \p false otherwise
-	/// \throws ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize()
+	/// \throw ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize()
 	/// \details TruncatedVerify() is a truncated version of Verify(). It can operate on a
 	///  buffer smaller than DigestSize(). However, digestLength cannot exceed DigestSize().
 	/// \details Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is
@ -1254,7 +1254,7 @@ public:
 	/// \param input the additional input as a buffer
 	/// \param length the size of the buffer, in bytes
 	/// \return \p true if the existing hash matches the computed hash, \p false otherwise
-	/// \throws ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize()
+	/// \throw ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize()
 	/// \details Use this if your input is in one piece and you don't want to call Update()
 	///  and TruncatedVerify() separately.
 	/// \details VerifyTruncatedDigest() is a truncated version of VerifyDigest(). It can operate
@ -1268,7 +1268,7 @@ public:
 protected:
 	/// \brief Validates a truncated digest size
 	/// \param size the requested digest size
-	/// \throws InvalidArgument if the algorithm's digest size cannot be truncated to the requested size
+	/// \throw InvalidArgument if the algorithm's digest size cannot be truncated to the requested size
 	/// \details Throws an exception when the truncated digest size is greater than DigestSize()
 	void ThrowIfInvalidTruncatedSize(size_t size) const;
 };
@ -1418,7 +1418,7 @@ public:
 	/// \brief Update RNG state with additional unpredictable values
 	/// \param input the entropy to add to the generator
 	/// \param length the size of the input buffer
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \details A generator may or may not accept additional entropy. Call CanIncorporateEntropy()
 	///  to test for the ability to use additional entropy.
 	/// \details If a derived class does not override IncorporateEntropy(), then the base class
@ -1535,7 +1535,7 @@ public:
 	/// \param secretLen the size of the secret buffer, in bytes
 	/// \param params additional initialization parameters to configure this object
 	/// \return the number of iterations performed
-	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throw InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///  a secret seed and other parameters. Each class that derives from KeyDerivationFunction
 	///  provides an overload that accepts most parameters used by the derivation function.
@ -1556,7 +1556,7 @@ protected:
 	/// \brief Validates the derived key length
 	/// \param length the size of the derived key material, in bytes
-	/// \throws InvalidKeyLength if the key length is invalid
+	/// \throw InvalidKeyLength if the key length is invalid
 	void ThrowIfInvalidDerivedKeyLength(size_t length) const;
 };
@ -1784,7 +1784,7 @@ public:
 		/// \brief Initialize or reinitialize this object, without signal propagation
 		/// \param parameters a set of NameValuePairs to initialize this object
-		/// \throws NotImplemented
+		/// \throw NotImplemented
 		/// \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
 		///  number of arbitrarily typed arguments. The function avoids the need for multiple constructors providing
 		///  all possible combintations of configurable parameters.
@ -2328,7 +2328,7 @@ public:
 		/// \brief Delete the current attachment chain and attach a new one
 		/// \param newAttachment the new BufferedTransformation to attach
-		/// \throws NotImplemented
+		/// \throw NotImplemented
 		/// \details Detach() deletes the current attachment chain and replace it with an optional newAttachment
 		/// \details If a derived class does not override Detach(), then the base class throws
 		///  NotImplemented.
@ -2400,7 +2400,7 @@ public:
 	/// \brief Check this object for errors
 	/// \param rng a RandomNumberGenerator for objects which use randomized testing
 	/// \param level the level of thoroughness
-	/// \throws InvalidMaterial
+	/// \throw InvalidMaterial
 	/// \details Internally, ThrowIfInvalid() calls Validate() and throws InvalidMaterial() if validation fails.
 	/// \sa Validate()
 	virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const
@ -2408,7 +2408,7 @@ public:
 	/// \brief Saves a key to a BufferedTransformation
 	/// \param bt the destination BufferedTransformation
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \details Save() writes the material to a BufferedTransformation.
 	/// \details If the material is a key, then the key is written with ASN.1 DER encoding. The key
 	///  includes an object identifier with an algorthm id, like a subjectPublicKeyInfo.
@ -2420,7 +2420,7 @@ public:
 	/// \brief Loads a key from a BufferedTransformation
 	/// \param bt the source BufferedTransformation
-	/// \throws KeyingErr
+	/// \throw KeyingErr
 	/// \details Load() attempts to read material from a BufferedTransformation. If the
 	///  material is a key that was generated outside the library, then the following
 	///  usually applies:
@ -2442,7 +2442,7 @@ public:
 	/// \brief Perform precomputation
 	/// \param precomputationStorage the suggested number of objects for the precompute table
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \details The exact semantics of Precompute() varies, but it typically means calculate
 	///  a table of n objects that can be used later to speed up computation.
 	/// \details If a derived class does not override Precompute(), then the base class throws
@ -2455,14 +2455,14 @@ public:
 	/// \brief Retrieve previously saved precomputation
 	/// \param storedPrecomputation BufferedTransformation with the saved precomputation
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \sa SupportsPrecomputation(), Precompute()
 	virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
 		{CRYPTOPP_UNUSED(storedPrecomputation); CRYPTOPP_ASSERT(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
 	/// \brief Save precomputation for later use
 	/// \param storedPrecomputation BufferedTransformation to write the precomputation
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \sa SupportsPrecomputation(), Precompute()
 	virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
 		{CRYPTOPP_UNUSED(storedPrecomputation); CRYPTOPP_ASSERT(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
@ -2493,7 +2493,7 @@ public:
 	/// \brief Generate a random key or crypto parameters
 	/// \param rng a RandomNumberGenerator to produce keying material
 	/// \param params additional initialization parameters
-	/// \throws KeyingErr if a key can't be generated or algorithm parameters are invalid
+	/// \throw KeyingErr if a key can't be generated or algorithm parameters are invalid
 	/// \details If a derived class does not override GenerateRandom(), then the base class throws
 	///  NotImplemented.
 	virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params = g_nullNameValuePairs) {
@ -2504,7 +2504,7 @@ public:
 	/// \brief Generate a random key or crypto parameters
 	/// \param rng a RandomNumberGenerator to produce keying material
 	/// \param keySize the size of the key, in bits
-	/// \throws KeyingErr if a key can't be generated or algorithm parameters are invalid
+	/// \throw KeyingErr if a key can't be generated or algorithm parameters are invalid
 	/// \details GenerateRandomWithKeySize calls GenerateRandom() with a NameValuePairs
 	///  object with only "KeySize"
 	void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize);
--- a/darn.h
+++ b/darn.h
@ -57,7 +57,7 @@ public:
    virtual ~DARN() {}
    /// \brief Construct a DARN generator
-     /// \throws DARN_Err if the random number generator is not available
+     /// \throw DARN_Err if the random number generator is not available
    DARN();
    /// \brief Generate random array of bytes
--- a/donna.h
+++ b/donna.h
@ -37,7 +37,7 @@ NAMESPACE_BEGIN(Donna)
 /// \brief Generate a public key
 /// \param publicKey byte array for the public key
 /// \param secretKey byte array with the private key
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \details curve25519_mult() generates a public key from an existing
 ///   secret key. Internally curve25519_mult() performs a scalar
 ///   multiplication using the base point and writes the result to
@ -48,7 +48,7 @@ int curve25519_mult(byte publicKey[32], const byte secretKey[32]);
 /// \param sharedKey byte array for the shared secret
 /// \param secretKey byte array with the private key
 /// \param othersKey byte array with the peer's public key
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \details curve25519_mult() generates a shared key from an existing
 ///   secret key and the other party's public key. Internally
 ///   curve25519_mult() performs a scalar multiplication using the two keys
@ -60,7 +60,7 @@ int curve25519_mult(byte sharedKey[32], const byte secretKey[32], const byte oth
 /// \brief Creates a public key from a secret key
 /// \param publicKey byte array for the public key
 /// \param secretKey byte array with the private key
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \details ed25519_publickey() generates a public key from a secret key.
 ///   Internally ed25519_publickey() performs a scalar multiplication
 ///   using the secret key and then writes the result to <tt>publicKey</tt>.
@ -72,7 +72,7 @@ int ed25519_publickey(byte publicKey[32], const byte secretKey[32]);
 /// \param publicKey byte array with the public key
 /// \param secretKey byte array with the private key
 /// \param signature byte array for the signature
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \details ed25519_sign() generates a signature on a message using
 ///   the public and private keys. The various buffers can be exact
 ///   sizes, and do not require extra space like when using the
@ -86,7 +86,7 @@ int ed25519_sign(const byte* message, size_t messageLength, const byte secretKey
 /// \param publicKey byte array with the public key
 /// \param secretKey byte array with the private key
 /// \param signature byte array for the signature
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \details ed25519_sign() generates a signature on a message using
 ///   the public and private keys. The various buffers can be exact
 ///   sizes, and do not require extra space like when using the
@ -103,7 +103,7 @@ int ed25519_sign(std::istream& stream, const byte secretKey[32], const byte publ
 /// \param messageLength size of the message, in bytes
 /// \param publicKey byte array with the public key
 /// \param signature byte array with the signature
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \details ed25519_sign_open() verifies a signature on a message using
 ///   the public key. The various buffers can be exact sizes, and do not
 ///   require extra space like when using the NaCl library functions.
@ -116,7 +116,7 @@ ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKe
 /// \param stream std::istream derived class
 /// \param publicKey byte array with the public key
 /// \param signature byte array with the signature
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \details ed25519_sign_open() verifies a signature on a message using
 ///   the public key. The various buffers can be exact sizes, and do not
 ///   require extra space like when using the NaCl library functions.
--- a/drbg.h
+++ b/drbg.h
@ -45,7 +45,7 @@ public:
    /// \brief Update RNG state with additional unpredictable values
    /// \param input the entropy to add to the generator
    /// \param length the size of the input buffer
-    /// \throws NIST_DRBG::Err if the generator is reseeded with insufficient entropy
+    /// \throw NIST_DRBG::Err if the generator is reseeded with insufficient entropy
    /// \details NIST instantiation and reseed requirements demand the generator is constructed
    ///  with at least <tt>MINIMUM_ENTROPY</tt> entropy. The byte array for <tt>input</tt> must
    ///  meet <A HREF ="http://csrc.nist.gov/publications/PubsSPs.html">NIST SP 800-90B or
@ -57,7 +57,7 @@ public:
    /// \param entropyLength the size of the input buffer
    /// \param additional additional input to add to the generator
    /// \param additionaLength the size of the additional input buffer
-    /// \throws NIST_DRBG::Err if the generator is reseeded with insufficient entropy
+    /// \throw NIST_DRBG::Err if the generator is reseeded with insufficient entropy
    /// \details IncorporateEntropy() is an overload provided to match NIST requirements. NIST
    ///  instantiation and reseed requirements demand the generator is constructed with at least
    ///  <tt>MINIMUM_ENTROPY</tt> entropy. The byte array for <tt>entropy</tt> must meet
@ -68,8 +68,8 @@ public:
    /// \brief Generate random array of bytes
    /// \param output the byte buffer
    /// \param size the length of the buffer, in bytes
-    /// \throws NIST_DRBG::Err if a reseed is required
+    /// \throw NIST_DRBG::Err if a reseed is required
-    /// \throws NIST_DRBG::Err if the size exceeds <tt>MAXIMUM_BYTES_PER_REQUEST</tt>
+    /// \throw NIST_DRBG::Err if the size exceeds <tt>MAXIMUM_BYTES_PER_REQUEST</tt>
    virtual void GenerateBlock(byte *output, size_t size)=0;
    /// \brief Generate random array of bytes
@ -77,26 +77,26 @@ public:
    /// \param additionaLength the size of the additional input buffer
    /// \param output the byte buffer
    /// \param size the length of the buffer, in bytes
-    /// \throws NIST_DRBG::Err if a reseed is required
+    /// \throw NIST_DRBG::Err if a reseed is required
-    /// \throws NIST_DRBG::Err if the size exceeds <tt>MAXIMUM_BYTES_PER_REQUEST</tt>
+    /// \throw NIST_DRBG::Err if the size exceeds <tt>MAXIMUM_BYTES_PER_REQUEST</tt>
    /// \details GenerateBlock() is an overload provided to match NIST requirements. The byte
    ///  array for <tt>additional</tt> input is optional. If present the additional randomness
    ///  is mixed before generating the output bytes.
    virtual void GenerateBlock(const byte* additional, size_t additionaLength, byte *output, size_t size)=0;
    /// \brief Provides the security strength
-    /// \returns The security strength of the generator, in bytes
+    /// \return The security strength of the generator, in bytes
    /// \details The equivalent class constant is <tt>SECURITY_STRENGTH</tt>
    virtual unsigned int SecurityStrength() const=0;
    /// \brief Provides the seed length
-    /// \returns The seed size of the generator, in bytes
+    /// \return The seed size of the generator, in bytes
    /// \details The equivalent class constant is <tt>SEED_LENGTH</tt>. The size is
    ///  used to maintain internal state of <tt>V</tt> and <tt>C</tt>.
    virtual unsigned int SeedLength() const=0;
    /// \brief Provides the minimum entropy size
-    /// \returns The minimum entropy size required by the generator, in bytes
+    /// \return The minimum entropy size required by the generator, in bytes
    /// \details The equivalent class constant is <tt>MINIMUM_ENTROPY</tt>. All NIST DRBGs must
    ///  be instaniated with at least <tt>MINIMUM_ENTROPY</tt> bytes of entropy. The bytes must
    ///  meet <A HREF="http://csrc.nist.gov/publications/PubsSPs.html">NIST SP 800-90B or
@ -104,7 +104,7 @@ public:
    virtual unsigned int MinEntropyLength() const=0;
    /// \brief Provides the maximum entropy size
-    /// \returns The maximum entropy size that can be consumed by the generator, in bytes
+    /// \return The maximum entropy size that can be consumed by the generator, in bytes
    /// \details The equivalent class constant is <tt>MAXIMUM_ENTROPY</tt>. The bytes must
    ///  meet <A HREF="http://csrc.nist.gov/publications/PubsSPs.html">NIST SP 800-90B or
    ///  SP 800-90C</A> requirements. <tt>MAXIMUM_ENTROPY</tt> has been reduced from
@ -112,14 +112,14 @@ public:
    virtual unsigned int MaxEntropyLength() const=0;
    /// \brief Provides the minimum nonce size
-    /// \returns The minimum nonce size recommended for the generator, in bytes
+    /// \return The minimum nonce size recommended for the generator, in bytes
    /// \details The equivalent class constant is <tt>MINIMUM_NONCE</tt>. If a nonce is not
    ///  required then <tt>MINIMUM_NONCE</tt> is 0. <tt>Hash_DRBG</tt> does not require a
    ///  nonce, while <tt>HMAC_DRBG</tt> and <tt>CTR_DRBG</tt> require a nonce.
    virtual unsigned int MinNonceLength() const=0;
    /// \brief Provides the maximum nonce size
-    /// \returns The maximum nonce that can be consumed by the generator, in bytes
+    /// \return The maximum nonce that can be consumed by the generator, in bytes
    /// \details The equivalent class constant is <tt>MAXIMUM_NONCE</tt>. <tt>MAXIMUM_NONCE</tt>
    ///  has been reduced from 2<sup>35</sup> to <tt>INT_MAX</tt> to fit the underlying C++ datatype.
    ///  If a nonce is not required then <tt>MINIMUM_NONCE</tt> is 0. <tt>Hash_DRBG</tt> does not
@ -127,12 +127,12 @@ public:
    virtual unsigned int MaxNonceLength() const=0;
    /// \brief Provides the maximum size of a request to GenerateBlock
-    /// \returns The the maximum size of a request to GenerateBlock(), in bytes
+    /// \return The the maximum size of a request to GenerateBlock(), in bytes
    /// \details The equivalent class constant is <tt>MAXIMUM_BYTES_PER_REQUEST</tt>
    virtual unsigned int MaxBytesPerRequest() const=0;
    /// \brief Provides the maximum number of requests before a reseed
-    /// \returns The the maximum number of requests before a reseed, in bytes
+    /// \return The the maximum number of requests before a reseed, in bytes
    /// \details The equivalent class constant is <tt>MAXIMUM_REQUESTS_BEFORE_RESEED</tt>.
    ///  <tt>MAXIMUM_REQUESTS_BEFORE_RESEED</tt> has been reduced from 2<sup>48</sup> to <tt>INT_MAX</tt>
    ///  to fit the underlying C++ datatype.
@ -189,7 +189,7 @@ public:
    /// \param nonceLength the size of the nonce buffer
    /// \param personalization additional input to instantiate the generator
    /// \param personalizationLength the size of the personalization buffer
-    /// \throws NIST_DRBG::Err if the generator is instantiated with insufficient entropy
+    /// \throw NIST_DRBG::Err if the generator is instantiated with insufficient entropy
    /// \details All NIST DRBGs must be instaniated with at least <tt>MINIMUM_ENTROPY</tt> bytes of entropy.
    ///  The byte array for <tt>entropy</tt> must meet <A HREF ="http://csrc.nist.gov/publications/PubsSPs.html">NIST
    ///  SP 800-90B or SP 800-90C</A> requirements.
@ -313,7 +313,7 @@ public:
    /// \param nonceLength the size of the nonce buffer
    /// \param personalization additional input to instantiate the generator
    /// \param personalizationLength the size of the personalization buffer
-    /// \throws NIST_DRBG::Err if the generator is instantiated with insufficient entropy
+    /// \throw NIST_DRBG::Err if the generator is instantiated with insufficient entropy
    /// \details All NIST DRBGs must be instaniated with at least <tt>MINIMUM_ENTROPY</tt> bytes of entropy.
    ///  The byte array for <tt>entropy</tt> must meet <A HREF ="http://csrc.nist.gov/publications/PubsSPs.html">NIST
    ///  SP 800-90B or SP 800-90C</A> requirements.
--- a/ec2n.h
+++ b/ec2n.h
@ -119,7 +119,7 @@ public:
 	void SetCurve(const EC2N &ec) {m_ec = ec;}
 	/// \brief Get the elliptic curve
-	/// \returns EC2N curve
+	/// \return EC2N curve
 	/// \details GetCurve() is not inherited
 	const EC2N & GetCurve() const {return m_ec;}
--- a/ecp.h
+++ b/ecp.h
@ -67,7 +67,7 @@ public:
 	/// \brief Compare two points
 	/// \param P the first point
 	/// \param Q the second point
-	/// \returns true if equal, false otherwise
+	/// \return true if equal, false otherwise
 	bool Equal(const Point &P, const Point &Q) const;
 	const Point& Identity() const;
@ -150,7 +150,7 @@ public:
 	}
 	/// \brief Get the elliptic curve
-	/// \returns ECP curve
+	/// \return ECP curve
 	/// \details GetCurve() is not inherited
 	const ECP & GetCurve() const {return *m_ecOriginal;}
--- a/ecpoint.h
+++ b/ecpoint.h
@ -32,13 +32,13 @@ struct CRYPTOPP_DLL ECPPoint
 	/// \brief Tests points for equality
 	/// \param t the other point
-	/// \returns true if the points are equal, false otherwise
+	/// \return true if the points are equal, false otherwise
 	bool operator==(const ECPPoint &t) const
 		{return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);}
 	/// \brief Tests points for ordering
 	/// \param t the other point
-	/// \returns true if this point is less than other, false otherwise
+	/// \return true if this point is less than other, false otherwise
 	bool operator< (const ECPPoint &t) const
 		{return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));}
@ -65,13 +65,13 @@ struct CRYPTOPP_DLL EC2NPoint
 	/// \brief Tests points for equality
 	/// \param t the other point
-	/// \returns true if the points are equal, false otherwise
+	/// \return true if the points are equal, false otherwise
 	bool operator==(const EC2NPoint &t) const
 		{return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);}
 	/// \brief Tests points for ordering
 	/// \param t the other point
-	/// \returns true if this point is less than other, false otherwise
+	/// \return true if this point is less than other, false otherwise
 	bool operator< (const EC2NPoint &t) const
 		{return identity ? !t.identity : (!t.identity && (x<t.x || (x==t.x && y<t.y)));}
@ -96,24 +96,24 @@ public:
 	/// \param P point which is decoded
 	/// \param bt source BufferedTransformation
 	/// \param len number of bytes to read from the BufferedTransformation
-	/// \returns true if a point was decoded, false otherwise
+	/// \return true if a point was decoded, false otherwise
 	virtual bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const =0;
 	/// \brief Decodes an elliptic curve point
 	/// \param P point which is decoded
 	/// \param encodedPoint byte array with the encoded point
 	/// \param len the size of the array
-	/// \returns true if a point was decoded, false otherwise
+	/// \return true if a point was decoded, false otherwise
 	virtual bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const =0;
 	/// \brief Verifies points on elliptic curve
 	/// \param P point to verify
-	/// \returns true if the point is valid, false otherwise
+	/// \return true if the point is valid, false otherwise
 	virtual bool VerifyPoint(const Point &P) const =0;
 	/// \brief Determines encoded point size
 	/// \param compressed flag indicating if the point is compressed
-	/// \returns the minimum number of bytes required to encode the point
+	/// \return the minimum number of bytes required to encode the point
 	virtual unsigned int EncodedPointSize(bool compressed = false) const =0;
 	/// \brief Encodes an elliptic curve point
@ -131,7 +131,7 @@ public:
 	/// \brief BER Decodes an elliptic curve point
 	/// \param bt source BufferedTransformation
-	/// \returns the decoded elliptic curve point
+	/// \return the decoded elliptic curve point
 	virtual Point BERDecodePoint(BufferedTransformation &bt) const =0;
 	/// \brief DER Encodes an elliptic curve point
--- a/elgamal.h
+++ b/elgamal.h
@ -142,7 +142,7 @@ struct DL_PublicKey_ElGamal : public BASE
 	virtual ~DL_PublicKey_ElGamal() {}
 	/// \brief Retrieves the OID of the algorithm
-	/// \returns OID of the algorithm
+	/// \return OID of the algorithm
 	/// \details DL_PrivateKey_ElGamal provides an override for GetAlgorithmID()
 	///  to utilize 1.3.14.7.2.1.1. Prior to DL_PrivateKey_ElGamal, the ElGamal
 	///  keys [mistakenly] used the OID from DSA due to DL_GroupParmaters_GFP().
@ -173,7 +173,7 @@ struct DL_PrivateKey_ElGamal : public BASE
 	virtual ~DL_PrivateKey_ElGamal() {}
 	/// \brief Retrieves the OID of the algorithm
-	/// \returns OID of the algorithm
+	/// \return OID of the algorithm
 	/// \details DL_PrivateKey_ElGamal provides an override for GetAlgorithmID()
 	///  to utilize 1.3.14.7.2.1.1. Prior to DL_PrivateKey_ElGamal, the ElGamal
 	///  keys [mistakenly] used the OID from DSA due to DL_GroupParmaters_GFP().
@ -283,7 +283,7 @@ struct ElGamal
 	typedef SchemeOptions::PublicKey PublicKey;
 	/// \brief The algorithm name
-	/// \returns the algorithm name
+	/// \return the algorithm name
 	/// \details StaticAlgorithmName returns the algorithm's name as a static
 	///  member function.
 	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "ElgamalEnc/Crypto++Padding";}
--- a/eprecomp.h
+++ b/eprecomp.h
@ -24,28 +24,28 @@ public:
 	virtual ~DL_GroupPrecomputation() {}
 	/// \brief Determines if elements needs conversion
-	/// \returns true if the element needs conversion, false otherwise
+	/// \return true if the element needs conversion, false otherwise
 	/// \details NeedConversions determines if an element must convert between representations.
 	virtual bool NeedConversions() const {return false;}
 	/// \brief Converts an element between representations
 	/// \param v element to convert
-	/// \returns an element converted to an alternate representation for internal use
+	/// \return an element converted to an alternate representation for internal use
 	/// \details ConvertIn is used when an element must convert between representations.
 	virtual Element ConvertIn(const Element &v) const {return v;}
 	/// \brief Converts an element between representations
 	/// \param v element to convert
-	/// \returns an element converted from an alternate representation
+	/// \return an element converted from an alternate representation
 	virtual Element ConvertOut(const Element &v) const {return v;}
 	/// \brief Retrieves AbstractGroup interface
-	/// \returns GetGroup() returns the AbstractGroup interface
+	/// \return GetGroup() returns the AbstractGroup interface
 	virtual const AbstractGroup<Element> & GetGroup() const =0;
 	/// \brief Decodes element in DER format
 	/// \param bt BufferedTransformation object
-	/// \returns element in the group
+	/// \return element in the group
 	virtual Element BERDecodeElement(BufferedTransformation &bt) const =0;
 	/// \brief Encodes element in DER format
@ -65,7 +65,7 @@ public:
 	virtual ~DL_FixedBasePrecomputation() {}
 	/// \brief Determines whether this object is initialized
-	/// \returns true if this object is initialized, false otherwise
+	/// \return true if this object is initialized, false otherwise
 	virtual bool IsInitialized() const =0;
 	/// \brief Set the base element
@ -75,7 +75,7 @@ public:
 	/// \brief Get the base element
 	/// \param group the group
-	/// \returns base element in the group
+	/// \return base element in the group
 	virtual const Element & GetBase(const DL_GroupPrecomputation<Element> &group) const =0;
 	/// \brief Perform precomputation
@ -92,14 +92,14 @@ public:
 	/// \brief Retrieve previously saved precomputation
 	/// \param group the the group
 	/// \param storedPrecomputation BufferedTransformation with the saved precomputation
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \sa SupportsPrecomputation(), Precompute()
 	virtual void Load(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) =0;
 	/// \brief Save precomputation for later use
 	/// \param group the the group
 	/// \param storedPrecomputation BufferedTransformation to write the precomputation
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \sa SupportsPrecomputation(), Precompute()
 	virtual void Save(const DL_GroupPrecomputation<Element> &group, BufferedTransformation &storedPrecomputation) const =0;
@ -114,7 +114,7 @@ public:
 	/// \param exponent1 the first exponent
 	/// \param pc2 the second the group precomputation
 	/// \param exponent2 the first exponent2
-	/// \returns the public element raised to the exponent
+	/// \return the public element raised to the exponent
 	/// \details CascadeExponentiateBaseAndPublicElement raises the public element to
 	///   the base element and precomputation.
 	virtual Element CascadeExponentiate(const DL_GroupPrecomputation<Element> &pc1, const Integer &exponent1, const DL_FixedBasePrecomputation<Element> &pc2, const Integer &exponent2) const =0;
--- a/files.h
+++ b/files.h
@ -55,11 +55,11 @@ public:
 #endif
 	/// \brief Retrieves the internal stream
-	/// \returns the internal stream pointer
+	/// \return the internal stream pointer
 	std::istream* GetStream() {return m_stream;}
 	/// \brief Retrieves the internal stream
-	/// \returns the internal stream pointer
+	/// \return the internal stream pointer
 	const std::istream* GetStream() const {return m_stream;}
 	/// \brief Provides the number of bytes ready for retrieval
@ -121,7 +121,7 @@ public:
 #endif
 	/// \brief Retrieves the internal stream
-	/// \returns the internal stream pointer
+	/// \return the internal stream pointer
 	std::istream* GetStream() {return m_store.GetStream();}
 };
@ -164,7 +164,7 @@ public:
 #endif
 	/// \brief Retrieves the internal stream
-	/// \returns the internal stream pointer
+	/// \return the internal stream pointer
 	std::ostream* GetStream() {return m_stream;}
 	void IsolatedInitialize(const NameValuePairs &parameters);
--- a/fips140.h
+++ b/fips140.h
@ -26,7 +26,7 @@ public:
 };
 /// \brief Determines whether the library provides FIPS validated cryptography
-/// \returns true if FIPS 140-2 validated features were enabled at compile time.
+/// \return true if FIPS 140-2 validated features were enabled at compile time.
 /// \details true if FIPS 140-2 validated features were enabled at compile time,
 ///   false otherwise.
 /// \note FIPS mode is enabled at compile time. A program or other module cannot
@ -68,7 +68,7 @@ CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest();
 CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure();
 /// \brief Provides the current power-up self test status
-/// \returns the current power-up self test status
+/// \return the current power-up self test status
 CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus();
 #ifndef CRYPTOPP_DOXYGEN_PROCESSING
@ -76,7 +76,7 @@ typedef PowerUpSelfTestStatus (CRYPTOPP_API * PGetPowerUpSelfTestStatus)();
 #endif
 /// \brief Class object that calculates the MAC on the module
-/// \returns the MAC for the module
+/// \return the MAC for the module
 CRYPTOPP_DLL MessageAuthenticationCode * CRYPTOPP_API NewIntegrityCheckingMAC();
 /// \brief Verifies the MAC on the module
@ -84,7 +84,7 @@ CRYPTOPP_DLL MessageAuthenticationCode * CRYPTOPP_API NewIntegrityCheckingMAC();
 /// \param expectedModuleMac the expected MAC of the components protected by the integrity check
 /// \param pActualMac the actual MAC of the components calculated by the integrity check
 /// \param pMacFileLocation the offest of the MAC in the PE/PE+ module
-/// \returns true if the MAC is valid, false otherwise
+/// \return true if the MAC is valid, false otherwise
 CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac = NULLPTR, unsigned long *pMacFileLocation = NULLPTR);
 #ifndef CRYPTOPP_DOXYGEN_PROCESSING
--- a/gf2n.h
+++ b/gf2n.h
@ -65,23 +65,23 @@ public:
 			{Randomize(rng, bitcount);}
 		/// \brief Provides x^i
-		/// \returns x^i
+		/// \return x^i
 		static PolynomialMod2 CRYPTOPP_API Monomial(size_t i);
 		/// \brief Provides x^t0 + x^t1 + x^t2
-		/// \returns x^t0 + x^t1 + x^t2
+		/// \return x^t0 + x^t1 + x^t2
 		static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t t1, size_t t2);
 		/// \brief Provides x^t0 + x^t1 + x^t2 + x^t3 + x^t4
-		/// \returns x^t0 + x^t1 + x^t2 + x^t3 + x^t4
+		/// \return x^t0 + x^t1 + x^t2 + x^t3 + x^t4
 		static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4);
 		/// \brief Provides x^(n-1) + ... + x + 1
-		/// \returns x^(n-1) + ... + x + 1
+		/// \return x^(n-1) + ... + x + 1
 		static PolynomialMod2 CRYPTOPP_API AllOnes(size_t n);
 		/// \brief The Zero polinomial
-		/// \returns the zero polynomial
+		/// \return the zero polynomial
 		static const PolynomialMod2 & CRYPTOPP_API Zero();
 		/// \brief The One polinomial
-		/// \returns the one polynomial
+		/// \return the one polynomial
 		static const PolynomialMod2 & CRYPTOPP_API One();
 	//@}
--- a/gfpcrypt.h
+++ b/gfpcrypt.h
@ -74,7 +74,7 @@ public:
    /// \param alg additional initialization parameters
    /// \details Recognised NameValuePairs are ModulusSize and
    ///  SubgroupOrderSize (optional)
-    /// \throws KeyingErr if a key can't be generated or algorithm parameters
+    /// \throw KeyingErr if a key can't be generated or algorithm parameters
    ///  are invalid
    void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
@ -82,7 +82,7 @@ public:
    /// \param name the name of the object or value to retrieve
    /// \param valueType reference to a variable that receives the value
    /// \param pValue void pointer to a variable that receives the value
-    /// \returns true if the value was retrieved, false otherwise
+    /// \return true if the value was retrieved, false otherwise
    /// \details GetVoidValue() retrieves the value of name if it exists.
    /// \note GetVoidValue() is an internal function and should be implemented
    ///   by derived classes. Users should use one of the other functions instead.
@ -101,7 +101,7 @@ public:
    bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation<Integer> *precomp) const;
    /// \brief Determine if subgroup membership check is fast
-    /// \returns true or false
+    /// \return true or false
    bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;}
    /// \brief Encodes the element
@ -117,7 +117,7 @@ public:
    /// \brief Retrieve the encoded element's size
    /// \param reversible flag indicating the encoding format
-    /// \returns encoded element's size, in bytes
+    /// \return encoded element's size, in bytes
    /// \details The format of the encoded element varies by the underlying
    ///  type of the element and the reversible flag.
    /// \sa EncodeElement(), DecodeElement()
@ -126,7 +126,7 @@ public:
    /// \brief Decodes the element
    /// \param encoded byte array with the encoded element
    /// \param checkForGroupMembership flag indicating if the element should be validated
-    /// \returns Element after decoding
+    /// \return Element after decoding
    /// \details DecodeElement() must be implemented in a derived class.
    /// \pre <tt>COUNTOF(encoded) == GetEncodedElementSize()</tt>
    /// \sa GetEncodedElementSize(), EncodeElement()
@ -134,21 +134,21 @@ public:
    /// \brief Converts an element to an Integer
    /// \param element the element to convert to an Integer
-    /// \returns Element after converting to an Integer
+    /// \return Element after converting to an Integer
    /// \details ConvertElementToInteger() must be implemented in a derived class.
    Integer ConvertElementToInteger(const Element &element) const
        {return element;}
    /// \brief Retrieve the maximum exponent for the group
-    /// \returns the maximum exponent for the group
+    /// \return the maximum exponent for the group
    Integer GetMaxExponent() const;
    /// \brief Retrieve the OID of the algorithm
-    /// \returns OID of the algorithm
+    /// \return OID of the algorithm
    OID GetAlgorithmID() const;
    /// \brief Retrieve the modulus for the group
-    /// \returns the modulus for the group
+    /// \return the modulus for the group
    virtual const Integer & GetModulus() const =0;
    /// \brief Set group parameters
@ -201,11 +201,11 @@ public:
    // IntegerGroupParameters
    /// \brief Retrieve the modulus for the group
-    /// \returns the modulus for the group
+    /// \return the modulus for the group
    const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();}
    /// \brief Retrieves a reference to the group generator
-    /// \returns const reference to the group generator
+    /// \return const reference to the group generator
    const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());}
    void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)        // these have to be set together
@ -228,7 +228,7 @@ public:
    /// \brief Determines if an element is an identity
    /// \param element element to check
-    /// \returns true if the element is an identity, false otherwise
+    /// \return true if the element is an identity, false otherwise
    /// \details The identity element or or neutral element is a special element
    ///  in a group that leaves other elements unchanged when combined with it.
    /// \details IsIdentity() must be implemented in a derived class.
@ -251,7 +251,7 @@ public:
    /// \param name the name of the object or value to retrieve
    /// \param valueType reference to a variable that receives the value
    /// \param pValue void pointer to a variable that receives the value
-    /// \returns true if the value was retrieved, false otherwise
+    /// \return true if the value was retrieved, false otherwise
    /// \details GetVoidValue() retrieves the value of name if it exists.
    /// \note GetVoidValue() is an internal function and should be implemented
    ///   by derived classes. Users should use one of the other functions instead.
@ -701,7 +701,7 @@ public:
    /// \brief Check the group for errors
    /// \param rng RandomNumberGenerator for objects which use randomized testing
    /// \param level level of thoroughness
-    /// \returns true if the tests succeed, false otherwise
+    /// \return true if the tests succeed, false otherwise
    /// \details ValidateGroup() also checks that the lengths of p and q are allowed
    ///  by the DSA standard.
    /// \details There are four levels of thoroughness:
@ -729,12 +729,12 @@ public:
    ///   DL_GroupParameters_DSA groupParams;
    ///   groupParams.GenerateRandom(prng, params);
    /// </pre>
-    /// \throws KeyingErr if a key can't be generated or algorithm parameters are invalid.
+    /// \throw KeyingErr if a key can't be generated or algorithm parameters are invalid.
    void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
    /// \brief Check the prime length for errors
    /// \param pbits number of bits in the prime number
-    /// \returns true if the tests succeed, false otherwise
+    /// \return true if the tests succeed, false otherwise
    static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits)
        {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
--- a/hkdf.h
+++ b/hkdf.h
@ -59,8 +59,8 @@ public:
 	/// \param saltLen the size of the salt buffer, in bytes
 	/// \param info the additional input buffer
 	/// \param infoLen the size of the info buffer, in bytes
-	/// \returns the number of iterations performed
+	/// \return the number of iterations performed
-	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throw InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
--- a/integer.h
+++ b/integer.h
@ -164,15 +164,15 @@ public:
 		Integer(RandomNumberGenerator &rng, size_t bitCount);
 		/// \brief Integer representing 0
-		/// \returns an Integer representing 0
+		/// \return an Integer representing 0
 		/// \details Zero() avoids calling constructors for frequently used integers
 		static const Integer & CRYPTOPP_API Zero();
 		/// \brief Integer representing 1
-		/// \returns an Integer representing 1
+		/// \return an Integer representing 1
 		/// \details One() avoids calling constructors for frequently used integers
 		static const Integer & CRYPTOPP_API One();
 		/// \brief Integer representing 2
-		/// \returns an Integer representing 2
+		/// \return an Integer representing 2
 		/// \details Two() avoids calling constructors for frequently used integers
 		static const Integer & CRYPTOPP_API Two();
@ -195,7 +195,7 @@ public:
 		Integer(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType=ANY, const Integer &equiv=Zero(), const Integer &mod=One());
 		/// \brief Exponentiates to a power of 2
-		/// \returns the Integer 2<sup>e</sup>
+		/// \return the Integer 2<sup>e</sup>
 		/// \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		static Integer CRYPTOPP_API Power2(size_t e);
 	//@}
@ -239,14 +239,14 @@ public:
 		/// \brief Encode absolute value in OpenPGP format
 		/// \param output big-endian byte array
 		/// \param bufferSize length of the byte array
-		/// \returns length of the output
+		/// \return length of the output
 		/// \details OpenPGPEncode places result into the buffer and returns the
 		///   number of bytes used for the encoding
 		size_t OpenPGPEncode(byte *output, size_t bufferSize) const;
 		/// \brief Encode absolute value in OpenPGP format
 		/// \param bt BufferedTransformation object
-		/// \returns length of the output
+		/// \return length of the output
 		/// \details OpenPGPEncode places result into a BufferedTransformation object and returns the
 		///   number of bytes used for the encoding
 		size_t OpenPGPEncode(BufferedTransformation &bt) const;
@ -297,7 +297,7 @@ public:
 	/// \name ACCESSORS
 	//@{
 		/// \brief Determines if the Integer is convertable to Long
-		/// \returns true if *this can be represented as a signed long
+		/// \return true if *this can be represented as a signed long
 		/// \sa ConvertToLong()
 		bool IsConvertableToLong() const;
 		/// \brief Convert the Integer to Long
@ -306,51 +306,51 @@ public:
 		signed long ConvertToLong() const;
 		/// \brief Determines the number of bits required to represent the Integer
-		/// \returns number of significant bits
+		/// \return number of significant bits
 		/// \details BitCount is calculated as <tt>floor(log2(abs(*this))) + 1</tt>.
 		unsigned int BitCount() const;
 		/// \brief Determines the number of bytes required to represent the Integer
-		/// \returns number of significant bytes
+		/// \return number of significant bytes
 		/// \details ByteCount is calculated as <tt>ceiling(BitCount()/8)</tt>.
 		unsigned int ByteCount() const;
 		/// \brief Determines the number of words required to represent the Integer
-		/// \returns number of significant words
+		/// \return number of significant words
 		/// \details WordCount is calculated as <tt>ceiling(ByteCount()/sizeof(word))</tt>.
 		unsigned int WordCount() const;
 		/// \brief Provides the i-th bit of the Integer
-		/// \returns the i-th bit, i=0 being the least significant bit
+		/// \return the i-th bit, i=0 being the least significant bit
 		bool GetBit(size_t i) const;
 		/// \brief Provides the i-th byte of the Integer
-		/// \returns the i-th byte
+		/// \return the i-th byte
 		byte GetByte(size_t i) const;
 		/// \brief Provides the low order bits of the Integer
-		/// \returns n lowest bits of *this >> i
+		/// \return n lowest bits of *this >> i
 		lword GetBits(size_t i, size_t n) const;
 		/// \brief Determines if the Integer is 0
-		/// \returns true if the Integer is 0, false otherwise
+		/// \return true if the Integer is 0, false otherwise
 		bool IsZero() const {return !*this;}
 		/// \brief Determines if the Integer is non-0
-		/// \returns true if the Integer is non-0, false otherwise
+		/// \return true if the Integer is non-0, false otherwise
 		bool NotZero() const {return !IsZero();}
 		/// \brief Determines if the Integer is negative
-		/// \returns true if the Integer is negative, false otherwise
+		/// \return true if the Integer is negative, false otherwise
 		bool IsNegative() const {return sign == NEGATIVE;}
 		/// \brief Determines if the Integer is non-negative
-		/// \returns true if the Integer is non-negative, false otherwise
+		/// \return true if the Integer is non-negative, false otherwise
 		bool NotNegative() const {return !IsNegative();}
 		/// \brief Determines if the Integer is positive
-		/// \returns true if the Integer is positive, false otherwise
+		/// \return true if the Integer is positive, false otherwise
 		bool IsPositive() const {return NotNegative() && NotZero();}
 		/// \brief Determines if the Integer is non-positive
-		/// \returns true if the Integer is non-positive, false otherwise
+		/// \return true if the Integer is non-positive, false otherwise
 		bool NotPositive() const {return !IsPositive();}
 		/// \brief Determines if the Integer is even parity
-		/// \returns true if the Integer is even, false otherwise
+		/// \return true if the Integer is even, false otherwise
 		bool IsEven() const {return GetBit(0) == 0;}
 		/// \brief Determines if the Integer is odd parity
-		/// \returns true if the Integer is odd, false otherwise
+		/// \return true if the Integer is odd, false otherwise
 		bool IsOdd() const	{return GetBit(0) == 1;}
 	//@}
@ -358,52 +358,52 @@ public:
 	//@{
 		/// \brief Assignment
 		/// \param t the other Integer
-		/// \returns the result of assignment
+		/// \return the result of assignment
 		Integer&  operator=(const Integer& t);
 		/// \brief Addition Assignment
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this + t</tt>
+		/// \return the result of <tt>*this + t</tt>
 		Integer&  operator+=(const Integer& t);
 		/// \brief Subtraction Assignment
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this - t</tt>
+		/// \return the result of <tt>*this - t</tt>
 		Integer&  operator-=(const Integer& t);
 		/// \brief Multiplication Assignment
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this * t</tt>
+		/// \return the result of <tt>*this * t</tt>
 		/// \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer&  operator*=(const Integer& t)	{return *this = Times(t);}
 		/// \brief Division Assignment
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this / t</tt>
+		/// \return the result of <tt>*this / t</tt>
 		Integer&  operator/=(const Integer& t)	{return *this = DividedBy(t);}
 		/// \brief Remainder Assignment
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this % t</tt>
+		/// \return the result of <tt>*this % t</tt>
 		/// \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer&  operator%=(const Integer& t)	{return *this = Modulo(t);}
 		/// \brief Division Assignment
 		/// \param t the other word
-		/// \returns the result of <tt>*this / t</tt>
+		/// \return the result of <tt>*this / t</tt>
 		Integer&  operator/=(word t)  {return *this = DividedBy(t);}
 		/// \brief Remainder Assignment
 		/// \param t the other word
-		/// \returns the result of <tt>*this % t</tt>
+		/// \return the result of <tt>*this % t</tt>
 		/// \sa a_times_b_mod_c() and a_exp_b_mod_c()
 		Integer&  operator%=(word t)  {return *this = Integer(POSITIVE, 0, Modulo(t));}
 		/// \brief Left-shift Assignment
 		/// \param n number of bits to shift
-		/// \returns reference to this Integer
+		/// \return reference to this Integer
 		Integer&  operator<<=(size_t n);
 		/// \brief Right-shift Assignment
 		/// \param n number of bits to shift
-		/// \returns reference to this Integer
+		/// \return reference to this Integer
 		Integer&  operator>>=(size_t n);
 		/// \brief Bitwise AND Assignment
 		/// \param t the other Integer
-		/// \returns the result of *this & t
+		/// \return the result of *this & t
 		/// \details operator&=() performs a bitwise AND on *this. Missing bits are truncated
 		///   at the most significant bit positions, so the result is as small as the
 		///   smaller of the operands.
@ -415,7 +415,7 @@ public:
 		Integer& operator&=(const Integer& t);
 		/// \brief Bitwise OR Assignment
 		/// \param t the second Integer
-		/// \returns the result of *this | t
+		/// \return the result of *this | t
 		/// \details operator|=() performs a bitwise OR on *this. Missing bits are shifted in
 		///   at the most significant bit positions, so the result is as large as the
 		///   larger of the operands.
@ -427,7 +427,7 @@ public:
 		Integer& operator|=(const Integer& t);
 		/// \brief Bitwise XOR Assignment
 		/// \param t the other Integer
-		/// \returns the result of *this ^ t
+		/// \return the result of *this ^ t
 		/// \details operator^=() performs a bitwise XOR on *this. Missing bits are shifted
 		///   in at the most significant bit positions, so the result is as large as the
 		///   larger of the operands.
@ -472,7 +472,7 @@ public:
 		/// \brief Generate a random number
 		/// \param rng RandomNumberGenerator used to generate material
 		/// \param params additional parameters that cannot be passed directly to the function
-		/// \returns true if a random number was generated, false otherwise
+		/// \return true if a random number was generated, false otherwise
 		/// \details GenerateRandomNoThrow attempts to generate a random number according to the
 		///   parameters specified in params. The function does not throw RandomNumberNotFound.
 		/// \details The example below generates a prime number using NameValuePairs that Integer
@ -577,7 +577,7 @@ public:
 		/// \brief Bitwise AND
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this & t</tt>
+		/// \return the result of <tt>*this & t</tt>
 		/// \details And() performs a bitwise AND on the operands. Missing bits are truncated
 		///   at the most significant bit positions, so the result is as small as the
 		///   smaller of the operands.
@ -590,7 +590,7 @@ public:
 		/// \brief Bitwise OR
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this | t</tt>
+		/// \return the result of <tt>*this | t</tt>
 		/// \details Or() performs a bitwise OR on the operands. Missing bits are shifted in
 		///   at the most significant bit positions, so the result is as large as the
 		///   larger of the operands.
@ -603,7 +603,7 @@ public:
 		/// \brief Bitwise XOR
 		/// \param t the other Integer
-		/// \returns the result of <tt>*this ^ t</tt>
+		/// \return the result of <tt>*this ^ t</tt>
 		/// \details Xor() performs a bitwise XOR on the operands. Missing bits are shifted in
 		///   at the most significant bit positions, so the result is as large as the
 		///   larger of the operands.
@ -636,10 +636,10 @@ public:
 		bool IsSquare() const;
 		/// \brief Determine if 1 or -1
-		/// \returns true if this integer is 1 or -1, false otherwise
+		/// \return true if this integer is 1 or -1, false otherwise
 		bool IsUnit() const;
 		/// \brief Calculate multiplicative inverse
-		/// \returns MultiplicativeInverse inverse if 1 or -1, otherwise return 0.
+		/// \return MultiplicativeInverse inverse if 1 or -1, otherwise return 0.
 		Integer MultiplicativeInverse() const;
 		/// \brief Extended Division
@ -672,12 +672,12 @@ public:
 		/// \brief Calculate greatest common divisor
 		/// \param a a reference to the first number
 		/// \param n a reference to the secind number
-		/// \returns the greatest common divisor <tt>a</tt> and <tt>n</tt>.
+		/// \return the greatest common divisor <tt>a</tt> and <tt>n</tt>.
 		static Integer CRYPTOPP_API Gcd(const Integer &a, const Integer &n);
 		/// \brief Calculate multiplicative inverse
 		/// \param n a reference to the modulus
-		/// \returns an Integer <tt>*this % n</tt>.
+		/// \return an Integer <tt>*this % n</tt>.
 		/// \details InverseMod returns the multiplicative inverse of the Integer <tt>*this</tt>
 		///  modulo the Integer <tt>n</tt>. If no Integer exists then Integer 0 is returned.
 		/// \sa a_times_b_mod_c() and a_exp_b_mod_c()
@ -685,7 +685,7 @@ public:
 		/// \brief Calculate multiplicative inverse
 		/// \param n the modulus
-		/// \returns a word <tt>*this % n</tt>.
+		/// \return a word <tt>*this % n</tt>.
 		/// \details InverseMod returns the multiplicative inverse of the Integer <tt>*this</tt>
 		///  modulo the word <tt>n</tt>. If no Integer exists then word 0 is returned.
 		/// \sa a_times_b_mod_c() and a_exp_b_mod_c()
@ -697,13 +697,13 @@ public:
 		/// \brief Extraction operator
 		/// \param in a reference to a std::istream
 		/// \param a a reference to an Integer
-		/// \returns a reference to a std::istream reference
+		/// \return a reference to a std::istream reference
 		friend CRYPTOPP_DLL std::istream& CRYPTOPP_API operator>>(std::istream& in, Integer &a);
 		/// \brief Insertion operator
 		/// \param out a reference to a std::ostream
 		/// \param a a constant reference to an Integer
-		/// \returns a reference to a std::ostream reference
+		/// \return a reference to a std::ostream reference
 		/// \details The output integer responds to std::hex, std::oct, std::hex, std::upper and
 		///   std::lower. The output includes the suffix \a \b h (for hex), \a \b . (\a \b dot, for dec)
 		///   and \a \b o (for octal). There is currently no way to suppress the suffix.
@ -717,13 +717,13 @@ public:
 	/// \param x a reference to the first term
 	/// \param y a reference to the second term
 	/// \param m a reference to the modulus
-	/// \returns an Integer <tt>(a * b) % m</tt>.
+	/// \return an Integer <tt>(a * b) % m</tt>.
 	CRYPTOPP_DLL friend Integer CRYPTOPP_API a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m);
 	/// \brief Modular exponentiation
 	/// \param x a reference to the base
 	/// \param e a reference to the exponent
 	/// \param m a reference to the modulus
-	/// \returns an Integer <tt>(a ^ b) % m</tt>.
+	/// \return an Integer <tt>(a ^ b) % m</tt>.
 	CRYPTOPP_DLL friend Integer CRYPTOPP_API a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m);
 protected:
@ -784,7 +784,7 @@ inline CryptoPP::word    operator%(const CryptoPP::Integer &a, CryptoPP::word b)
 /// \brief Bitwise AND
 /// \param a the first Integer
 /// \param b the second Integer
-/// \returns the result of a & b
+/// \return the result of a & b
 /// \details operator&() performs a bitwise AND on the operands. Missing bits are truncated
 ///   at the most significant bit positions, so the result is as small as the
 ///   smaller of the operands.
@ -798,7 +798,7 @@ inline CryptoPP::Integer operator&(const CryptoPP::Integer &a, const CryptoPP::I
 /// \brief Bitwise OR
 /// \param a the first Integer
 /// \param b the second Integer
-/// \returns the result of a | b
+/// \return the result of a | b
 /// \details operator|() performs a bitwise OR on the operands. Missing bits are shifted in
 ///   at the most significant bit positions, so the result is as large as the
 ///   larger of the operands.
@ -812,7 +812,7 @@ inline CryptoPP::Integer operator|(const CryptoPP::Integer &a, const CryptoPP::I
 /// \brief Bitwise XOR
 /// \param a the first Integer
 /// \param b the second Integer
-/// \returns the result of a ^ b
+/// \return the result of a ^ b
 /// \details operator^() performs a bitwise XOR on the operands. Missing bits are shifted
 ///   in at the most significant bit positions, so the result is as large as the
 ///   larger of the operands.
--- a/iterhash.h
+++ b/iterhash.h
@ -138,7 +138,7 @@ public:
 	unsigned int BlockSize() const {return T_BlockSize;}
 	/// \brief Provides the byte order of the hash
-	/// \returns the byte order of the hash as an enumeration
+	/// \return the byte order of the hash as an enumeration
 	/// \details GetByteOrder() returns <tt>T_Endianness::ToEnum()</tt>.
 	/// \sa ByteOrder()
 	ByteOrder GetByteOrder() const {return T_Endianness::ToEnum();}
--- a/lea.h
+++ b/lea.h
@ -34,7 +34,7 @@ NAMESPACE_BEGIN(CryptoPP)
 struct LEA_Info : public FixedBlockSize<16>, public VariableKeyLength<16,16,32,8>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    static const std::string StaticAlgorithmName()
--- a/mersenne.h
+++ b/mersenne.h
@ -102,7 +102,7 @@ public:
 	}
 	/// \brief Generate a random 32-bit word in the range min to max, inclusive
-	/// \returns random 32-bit word in the range min to max, inclusive
+	/// \return random 32-bit word in the range min to max, inclusive
 	/// \details If the 32-bit candidate is not within the range, then it is discarded
 	///  and a new candidate is used.
 	word32 GenerateWord32(word32 min=0, word32 max=0xffffffffL)
@ -146,7 +146,7 @@ protected:
 	}
 	/// \brief Returns the next 32-bit word from the state array
-	/// \returns the next 32-bit word from the state array
+	/// \return the next 32-bit word from the state array
 	/// \details fetches the next word frm the state array, performs bit operations on
 	///  it, and then returns the value to the caller.
 	word32 NextMersenneWord()
--- a/misc.h
+++ b/misc.h
@ -490,7 +490,7 @@ size_t BytePtrSize(const SecByteBlock& str);
 /// \param sizeInBytes size of the desination memory block, in bytes
 /// \param src pointer to the source memory block
 /// \param count the number of bytes to copy
-/// \throws InvalidArgument
+/// \throw InvalidArgument
 /// \details ISO/IEC TR-24772 provides bounds checking interfaces for potentially
 ///  unsafe functions like memcpy(), strcpy() and memmove(). However,
 ///  not all standard libraries provides them, like Glibc. The library's
@ -536,7 +536,7 @@ inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t cou
 /// \param sizeInBytes size of the desination memory block, in bytes
 /// \param src pointer to the source memory block
 /// \param count the number of bytes to copy
-/// \throws InvalidArgument
+/// \throw InvalidArgument
 /// \details ISO/IEC TR-24772 provides bounds checking interfaces for potentially
 ///  unsafe functions like memcpy(), strcpy() and memmove(). However,
 ///  not all standard libraries provides them, like Glibc. The library's
@ -613,7 +613,7 @@ inline void vec_swap(T& a, T& b)
 /// \details Internally the function calls memset with the value <tt>val</tt>.
 ///  memset_z can be used to initialize a freshly allocated memory block.
 ///  To zeroize a memory block on destruction use <tt>SecureWipeBuffer</tt>.
-/// \returns the pointer to the memory block
+/// \return the pointer to the memory block
 /// \sa SecureWipeBuffer
 inline void * memset_z(void *ptr, int val, size_t num)
 {
@ -630,7 +630,7 @@ inline void * memset_z(void *ptr, int val, size_t num)
 /// \tparam T class or type
 /// \param a the first value
 /// \param b the second value
-/// \returns the minimum value based on a comparison of <tt>b \< a</tt> using <tt>operator\<</tt>
+/// \return the minimum value based on a comparison of <tt>b \< a</tt> using <tt>operator\<</tt>
 /// \details STDMIN was provided because the library could not easily use std::min or std::max in Windows or Cygwin 1.1.0
 template <class T> inline const T& STDMIN(const T& a, const T& b)
 {
@ -641,7 +641,7 @@ template <class T> inline const T& STDMIN(const T& a, const T& b)
 /// \tparam T class or type
 /// \param a the first value
 /// \param b the second value
-/// \returns the minimum value based on a comparison of <tt>a \< b</tt> using <tt>operator\<</tt>
+/// \return the minimum value based on a comparison of <tt>a \< b</tt> using <tt>operator\<</tt>
 /// \details STDMAX was provided because the library could not easily use std::min or std::max in Windows or Cygwin 1.1.0
 template <class T> inline const T& STDMAX(const T& a, const T& b)
 {
@ -669,7 +669,7 @@ template <class T> inline const T& STDMAX(const T& a, const T& b)
 /// \tparam T2 class or type
 /// \param a the first value
 /// \param b the second value
-/// \returns the minimum value based on a comparison a and b using <tt>operator&lt;</tt>.
+/// \return the minimum value based on a comparison a and b using <tt>operator&lt;</tt>.
 /// \details The comparison <tt>b \< a</tt> is performed and the value returned is a's type T1.
 template <class T1, class T2> inline const T1 UnsignedMin(const T1& a, const T2& b)
 {
@ -685,7 +685,7 @@ template <class T1, class T2> inline const T1 UnsignedMin(const T1& a, const T2&
 /// \tparam T2 class or type
 /// \param from the first value
 /// \param to the second value
-/// \returns true if its safe to convert from into to, false otherwise.
+/// \return true if its safe to convert from into to, false otherwise.
 template <class T1, class T2>
 inline bool SafeConvert(T1 from, T2 &to)
 {
@ -699,7 +699,7 @@ inline bool SafeConvert(T1 from, T2 &to)
 /// \tparam T class or type
 /// \param value the value to convert
 /// \param base the base to use during the conversion
-/// \returns the string representation of value in base.
+/// \return the string representation of value in base.
 template <class T>
 std::string IntToString(T value, unsigned int base = 10)
 {
@ -733,7 +733,7 @@ std::string IntToString(T value, unsigned int base = 10)
 /// \brief Converts an unsigned value to a string
 /// \param value the value to convert
 /// \param base the base to use during the conversion
-/// \returns the string representation of value in base.
+/// \return the string representation of value in base.
 /// \details this template function specialization was added to suppress
 ///   Coverity findings on IntToString() with unsigned types.
 template <> CRYPTOPP_DLL
@ -742,7 +742,7 @@ std::string IntToString<word64>(word64 value, unsigned int base);
 /// \brief Converts an Integer to a string
 /// \param value the Integer to convert
 /// \param base the base to use during the conversion
-/// \returns the string representation of value in base.
+/// \return the string representation of value in base.
 /// \details This is a template specialization of IntToString(). Use it
 ///  like IntToString():
 /// <pre>
@ -782,7 +782,7 @@ std::string IntToString<Integer>(Integer value, unsigned int base);
 /// \brief Returns the parity of a value
 /// \tparam T class or type
 /// \param value the value to provide the parity
-/// \returns 1 if the number 1-bits in the value is odd, 0 otherwise
+/// \return 1 if the number 1-bits in the value is odd, 0 otherwise
 template <class T>
 unsigned int Parity(T value)
 {
@ -794,7 +794,7 @@ unsigned int Parity(T value)
 /// \brief Returns the number of 8-bit bytes or octets required for a value
 /// \tparam T class or type
 /// \param value the value to test
-/// \returns the minimum number of 8-bit bytes or octets required to represent a value
+/// \return the minimum number of 8-bit bytes or octets required to represent a value
 template <class T>
 unsigned int BytePrecision(const T &value)
 {
@ -817,7 +817,7 @@ unsigned int BytePrecision(const T &value)
 /// \brief Returns the number of bits required for a value
 /// \tparam T class or type
 /// \param value the value to test
-/// \returns the maximum number of bits required to represent a value.
+/// \return the maximum number of bits required to represent a value.
 template <class T>
 unsigned int BitPrecision(const T &value)
 {
@ -840,7 +840,7 @@ unsigned int BitPrecision(const T &value)
 /// Determines the number of trailing 0-bits in a value
 /// \param v the 32-bit value to test
-/// \returns the number of trailing 0-bits in v, starting at the least significant bit position
+/// \return the number of trailing 0-bits in v, starting at the least significant bit position
 /// \details TrailingZeros returns the number of trailing 0-bits in v, starting at the least
 ///  significant bit position. The return value is undefined if there are no 1-bits set in the value v.
 /// \note The function does not return 0 if no 1-bits are set because 0 collides with a 1-bit at the 0-th position.
@ -871,7 +871,7 @@ inline unsigned int TrailingZeros(word32 v)
 /// Determines the number of trailing 0-bits in a value
 /// \param v the 64-bit value to test
-/// \returns the number of trailing 0-bits in v, starting at the least significant bit position
+/// \return the number of trailing 0-bits in v, starting at the least significant bit position
 /// \details TrailingZeros returns the number of trailing 0-bits in v, starting at the least
 ///  significant bit position. The return value is undefined if there are no 1-bits set in the value v.
 /// \note The function does not return 0 if no 1-bits are set because 0 collides with a 1-bit at the 0-th position.
@ -898,7 +898,7 @@ inline unsigned int TrailingZeros(word64 v)
 /// \tparam T class or type
 /// \param value the value to truncate or mask
 /// \param bits the number of bits to truncate or mask
-/// \returns the value truncated to the specified number of bits, starting at the least
+/// \return the value truncated to the specified number of bits, starting at the least
 ///  significant bit position
 /// \details This function masks the low-order bits of value and returns the result. The
 ///  mask is created with <tt>(1 << bits) - 1</tt>.
@ -913,7 +913,7 @@ inline T Crop(T value, size_t bits)
 /// \brief Returns the number of 8-bit bytes or octets required for the specified number of bits
 /// \param bitCount the number of bits
-/// \returns the minimum number of 8-bit bytes or octets required by bitCount
+/// \return the minimum number of 8-bit bytes or octets required by bitCount
 /// \details BitsToBytes is effectively a ceiling function based on 8-bit bytes.
 inline size_t BitsToBytes(size_t bitCount)
 {
@ -922,7 +922,7 @@ inline size_t BitsToBytes(size_t bitCount)
 /// \brief Returns the number of words required for the specified number of bytes
 /// \param byteCount the number of bytes
-/// \returns the minimum number of words required by byteCount
+/// \return the minimum number of words required by byteCount
 /// \details BytesToWords is effectively a ceiling function based on <tt>WORD_SIZE</tt>.
 ///  <tt>WORD_SIZE</tt> is defined in config.h
 inline size_t BytesToWords(size_t byteCount)
@ -932,7 +932,7 @@ inline size_t BytesToWords(size_t byteCount)
 /// \brief Returns the number of words required for the specified number of bits
 /// \param bitCount the number of bits
-/// \returns the minimum number of words required by bitCount
+/// \return the minimum number of words required by bitCount
 /// \details BitsToWords is effectively a ceiling function based on <tt>WORD_BITS</tt>.
 ///  <tt>WORD_BITS</tt> is defined in config.h
 inline size_t BitsToWords(size_t bitCount)
@ -942,7 +942,7 @@ inline size_t BitsToWords(size_t bitCount)
 /// \brief Returns the number of double words required for the specified number of bits
 /// \param bitCount the number of bits
-/// \returns the minimum number of double words required by bitCount
+/// \return the minimum number of double words required by bitCount
 /// \details BitsToDwords is effectively a ceiling function based on <tt>2*WORD_BITS</tt>.
 ///  <tt>WORD_BITS</tt> is defined in config.h
 inline size_t BitsToDwords(size_t bitCount)
@ -982,7 +982,7 @@ CRYPTOPP_DLL bool CRYPTOPP_API VerifyBufsEqual(const byte *buf1, const byte *buf
 /// \brief Tests whether a value is a power of 2
 /// \param value the value to test
-/// \returns true if value is a power of 2, false otherwise
+/// \return true if value is a power of 2, false otherwise
 /// \details The function creates a mask of <tt>value - 1</tt> and returns the result
 ///  of an AND operation compared to 0. If value is 0 or less than 0, then the function
 ///  returns false.
@ -1010,7 +1010,7 @@ inline bool IsPowerOf2<word64>(const word64 &value)
 /// \brief Provide the minimum value for a type
 /// \tparam T type of class
-/// \returns the minimum value of the type or class
+/// \return the minimum value of the type or class
 /// \details NumericLimitsMin() was introduced for Clang at <A
 ///  HREF="http://github.com/weidai11/cryptopp/issues/364">Issue 364,
 ///  Apple Clang 6.0 and numeric_limits<word128>::max() returns 0</A>.
@ -1028,7 +1028,7 @@ inline T NumericLimitsMin()
 /// \brief Provide the maximum value for a type
 /// \tparam T type of class
-/// \returns the maximum value of the type or class
+/// \return the maximum value of the type or class
 /// \details NumericLimitsMax() was introduced for Clang at <A
 ///  HREF="http://github.com/weidai11/cryptopp/issues/364">Issue 364,
 ///  Apple Clang 6.0 and numeric_limits<word128>::max() returns 0</A>.
@ -1064,7 +1064,7 @@ inline word128 NumericLimitsMax()
 /// \tparam T2 class or type
 /// \param a the minuend
 /// \param b the subtrahend
-/// \returns the difference produced by the saturating subtract
+/// \return the difference produced by the saturating subtract
 /// \details Saturating arithmetic restricts results to a fixed range. Results that are
 ///  less than 0 are clamped at 0.
 /// \details Use of saturating arithmetic in places can be advantageous because it can
@ -1081,7 +1081,7 @@ inline T1 SaturatingSubtract(const T1 &a, const T2 &b)
 /// \tparam T2 class or type
 /// \param a the minuend
 /// \param b the subtrahend
-/// \returns the difference produced by the saturating subtract
+/// \return the difference produced by the saturating subtract
 /// \details Saturating arithmetic restricts results to a fixed range. Results that are
 ///  less than 1 are clamped at 1.
 /// \details Use of saturating arithmetic in places can be advantageous because it can
@ -1098,7 +1098,7 @@ inline T1 SaturatingSubtract1(const T1 &a, const T2 &b)
 /// \tparam T2 class or type
 /// \param a the first value
 /// \param b the second value
-/// \returns ModPowerOf2() returns <tt>a & (b-1)</tt>. <tt>b</tt> must be a power of 2.
+/// \return ModPowerOf2() returns <tt>a & (b-1)</tt>. <tt>b</tt> must be a power of 2.
 ///  Use IsPowerOf2() to determine if <tt>b</tt> is a suitable candidate.
 /// \sa IsPowerOf2
 template <class T1, class T2>
@ -1114,7 +1114,7 @@ inline T2 ModPowerOf2(const T1 &a, const T2 &b)
 /// \tparam T2 class or type
 /// \param n the value to reduce
 /// \param m the value to reduce \n to to a multiple
-/// \returns the possibly unmodified value \n
+/// \return the possibly unmodified value \n
 /// \details RoundDownToMultipleOf is effectively a floor function based on m. The function returns
 ///  the value <tt>n - n\%m</tt>. If n is a multiple of m, then the original value is returned.
 /// \note <tt>T1</tt> and <tt>T2</tt> should be usigned arithmetic types. If <tt>T1</tt> or
@ -1143,7 +1143,7 @@ inline T1 RoundDownToMultipleOf(const T1 &n, const T2 &m)
 /// \tparam T2 class or type
 /// \param n the value to reduce
 /// \param m the value to reduce \n to to a multiple
-/// \returns the possibly unmodified value \n
+/// \return the possibly unmodified value \n
 /// \details RoundUpToMultipleOf is effectively a ceiling function based on m. The function
 ///  returns the value <tt>n + n\%m</tt>. If n is a multiple of m, then the original value is
 ///  returned. If the value n would overflow, then an InvalidArgument exception is thrown.
@ -1169,7 +1169,7 @@ inline T1 RoundUpToMultipleOf(const T1 &n, const T2 &m)
 /// \brief Returns the minimum alignment requirements of a type
 /// \tparam T class or type
-/// \returns the minimum alignment requirements of <tt>T</tt>, in bytes
+/// \return the minimum alignment requirements of <tt>T</tt>, in bytes
 /// \details Internally the function calls C++11's <tt>alignof</tt> if available. If not
 ///  available, then the function uses compiler specific extensions such as
 ///  <tt>__alignof</tt> and <tt>_alignof_</tt>. If an extension is not available, then
@ -1199,7 +1199,7 @@ inline unsigned int GetAlignmentOf()
 /// \brief Determines whether ptr is aligned to a minimum value
 /// \param ptr the pointer being checked for alignment
 /// \param alignment the alignment value to test the pointer against
-/// \returns true if <tt>ptr</tt> is aligned on at least <tt>alignment</tt>
+/// \return true if <tt>ptr</tt> is aligned on at least <tt>alignment</tt>
 ///  boundary, false otherwise
 /// \details Internally the function tests whether alignment is 1. If so,
 ///  the function returns true. If not, then the function effectively
@ -1213,7 +1213,7 @@ inline bool IsAlignedOn(const void *ptr, unsigned int alignment)
 /// \brief Determines whether ptr is minimally aligned
 /// \tparam T class or type
 /// \param ptr the pointer to check for alignment
-/// \returns true if <tt>ptr</tt> is aligned to at least <tt>T</tt>
+/// \return true if <tt>ptr</tt> is aligned to at least <tt>T</tt>
 ///  boundary, false otherwise
 /// \details Internally the function calls IsAlignedOn with a second
 ///  parameter of GetAlignmentOf<T>.
@ -1232,7 +1232,7 @@ typedef BigEndian NativeByteOrder;
 #endif
 /// \brief Returns NativeByteOrder as an enumerated ByteOrder value
-/// \returns LittleEndian if the native byte order is little-endian,
+/// \return LittleEndian if the native byte order is little-endian,
 ///  and BigEndian if the native byte order is big-endian
 /// \details NativeByteOrder is a typedef depending on the platform.
 ///  If CRYPTOPP_LITTLE_ENDIAN is set in config.h, then
@ -1248,7 +1248,7 @@ inline ByteOrder GetNativeByteOrder()
 /// \brief Determines whether order follows native byte ordering
 /// \param order the ordering being tested against native byte ordering
-/// \returns true if order follows native byte ordering, false otherwise
+/// \return true if order follows native byte ordering, false otherwise
 inline bool NativeByteOrderIs(ByteOrder order)
 {
 	return order == GetNativeByteOrder();
@ -1257,7 +1257,7 @@ inline bool NativeByteOrderIs(ByteOrder order)
 /// \brief Returns the direction the cipher is being operated
 /// \tparam T class or type
 /// \param obj the cipher object being queried
-/// \returns ENCRYPTION if the cipher obj is being operated in its forward direction,
+/// \return ENCRYPTION if the cipher obj is being operated in its forward direction,
 ///  DECRYPTION otherwise
 /// \details A cipher can be operated in a "forward" direction (encryption) or a "reverse"
 ///  direction (decryption). The operations do not have to be symmetric, meaning a second
@ -1483,7 +1483,7 @@ inline void SecureWipeArray(T *buf, size_t n)
 /// \brief Converts a wide character C-string to a multibyte string
 /// \param str C-string consisting of wide characters
 /// \param throwOnError flag indicating the function should throw on error
-/// \returns str converted to a multibyte string or an empty string.
+/// \return str converted to a multibyte string or an empty string.
 /// \details StringNarrow() converts a wide string to a narrow string using C++ std::wcstombs() under
 ///  the executing thread's locale. A locale must be set before using this function, and it can be
 ///  set with std::setlocale() if needed. Upon success, the converted string is returned.
@ -1497,7 +1497,7 @@ std::string StringNarrow(const wchar_t *str, bool throwOnError = true);
 /// \brief Converts a multibyte C-string to a wide character string
 /// \param str C-string consisting of wide characters
 /// \param throwOnError flag indicating the function should throw on error
-/// \returns str converted to a multibyte string or an empty string.
+/// \return str converted to a multibyte string or an empty string.
 /// \details StringWiden() converts a narrow string to a wide string using C++ std::mbstowcs() under
 ///  the executing thread's locale. A locale must be set before using this function, and it can be
 ///  set with std::setlocale() if needed. Upon success, the converted string is returned.
@ -2426,7 +2426,7 @@ inline void UnalignedbyteNonTemplate(ByteOrder order, byte *block, word64 value,
 /// \param assumeAligned flag indicating alignment
 /// \param order the ByteOrder of the data
 /// \param block the byte buffer to be processed
-/// \returns the word in the specified byte order
+/// \return the word in the specified byte order
 /// \details GetWord() provides alternate read access to a block of memory. The flag assumeAligned indicates
 ///  if the memory block is aligned for class or type T. The enumeration ByteOrder is BIG_ENDIAN_ORDER or
 ///  LITTLE_ENDIAN_ORDER.
@ -2517,7 +2517,7 @@ public:
 	/// \brief Access a block of memory
 	/// \tparam U class or type
 	/// \param x the value to read
-	/// \returns pointer to the remainder of the block after reading x
+	/// \return pointer to the remainder of the block after reading x
 	template <class U>
 	inline GetBlock<T, B, A> & operator()(U &x)
 	{
@ -2559,7 +2559,7 @@ public:
 	/// \brief Access a block of memory
 	/// \tparam U class or type
 	/// \param x the value to write
-	/// \returns pointer to the remainder of the block after writing x
+	/// \return pointer to the remainder of the block after writing x
 	template <class U>
 	inline PutBlock<T, B, A> & operator()(U x)
 	{
@ -2595,7 +2595,7 @@ struct BlockGetAndPut
 /// \tparam T class or type
 /// \param value the word to convert
 /// \param order byte order
-/// \returns a string representing the value of the word
+/// \return a string representing the value of the word
 template <class T>
 std::string WordToString(T value, ByteOrder order = BIG_ENDIAN_ORDER)
 {
@ -2609,7 +2609,7 @@ std::string WordToString(T value, ByteOrder order = BIG_ENDIAN_ORDER)
 /// \tparam T class or type
 /// \param str the string to convert
 /// \param order byte order
-/// \returns a word representing the value of the string
+/// \return a word representing the value of the string
 template <class T>
 T StringToWord(const std::string &str, ByteOrder order = BIG_ENDIAN_ORDER)
 {
@ -2720,7 +2720,7 @@ inline T SafeLeftShift(T value)
 /// \param first iterator to first element
 /// \param last iterator to last element
 /// \param value the value used as a predicate
-/// \returns iterator to the first element in the range that is not value
+/// \return iterator to the first element in the range that is not value
 template<typename InputIt, typename T>
 inline InputIt FindIfNot(InputIt first, InputIt last, const T &value) {
 #ifdef CRYPTOPP_CXX11_LAMBDA
--- a/modarith.h
+++ b/modarith.h
@ -75,7 +75,7 @@ public:
 	ModularArithmetic(BufferedTransformation &bt);	// construct from BER encoded parameters
 	/// \brief Clone a ModularArithmetic
-	/// \returns pointer to a new ModularArithmetic
+	/// \return pointer to a new ModularArithmetic
 	/// \details Clone effectively copy constructs a new ModularArithmetic. The caller is
 	///   responsible for deleting the pointer returned from this method.
 	virtual ModularArithmetic * Clone() const {return new ModularArithmetic(*this);}
@ -95,7 +95,7 @@ public:
 	void BERDecodeElement(BufferedTransformation &in, Element &a) const;
 	/// \brief Retrieves the modulus
-	/// \returns the modulus
+	/// \return the modulus
 	const Integer& GetModulus() const {return m_modulus;}
 	/// \brief Sets the modulus
@ -104,12 +104,12 @@ public:
 		{m_modulus = newModulus; m_result.reg.resize(m_modulus.reg.size());}
 	/// \brief Retrieves the representation
-	/// \returns true if the if the modulus is in Montgomery form for multiplication, false otherwise
+	/// \return true if the if the modulus is in Montgomery form for multiplication, false otherwise
 	virtual bool IsMontgomeryRepresentation() const {return false;}
 	/// \brief Reduces an element in the congruence class
 	/// \param a element to convert
-	/// \returns the reduced element
+	/// \return the reduced element
 	/// \details ConvertIn is useful for derived classes, like MontgomeryRepresentation, which
 	///   must convert between representations.
 	virtual Integer ConvertIn(const Integer &a) const
@ -117,7 +117,7 @@ public:
 	/// \brief Reduces an element in the congruence class
 	/// \param a element to convert
-	/// \returns the reduced element
+	/// \return the reduced element
 	/// \details ConvertOut is useful for derived classes, like MontgomeryRepresentation, which
 	///   must convert between representations.
 	virtual Integer ConvertOut(const Integer &a) const
@ -130,54 +130,54 @@ public:
 	/// \brief Compare two elements for equality
 	/// \param a first element
 	/// \param b second element
-	/// \returns true if the elements are equal, false otherwise
+	/// \return true if the elements are equal, false otherwise
 	/// \details Equal() tests the elements for equality using <tt>a==b</tt>
 	bool Equal(const Integer &a, const Integer &b) const
 		{return a==b;}
 	/// \brief Provides the Identity element
-	/// \returns the Identity element
+	/// \return the Identity element
 	const Integer& Identity() const
 		{return Integer::Zero();}
 	/// \brief Adds elements in the ring
 	/// \param a first element
 	/// \param b second element
-	/// \returns the sum of <tt>a</tt> and <tt>b</tt>
+	/// \return the sum of <tt>a</tt> and <tt>b</tt>
 	const Integer& Add(const Integer &a, const Integer &b) const;
 	/// \brief TODO
 	/// \param a first element
 	/// \param b second element
-	/// \returns TODO
+	/// \return TODO
 	Integer& Accumulate(Integer &a, const Integer &b) const;
 	/// \brief Inverts the element in the ring
 	/// \param a first element
-	/// \returns the inverse of the element
+	/// \return the inverse of the element
 	const Integer& Inverse(const Integer &a) const;
 	/// \brief Subtracts elements in the ring
 	/// \param a first element
 	/// \param b second element
-	/// \returns the difference of <tt>a</tt> and <tt>b</tt>. The element <tt>a</tt> must provide a Subtract member function.
+	/// \return the difference of <tt>a</tt> and <tt>b</tt>. The element <tt>a</tt> must provide a Subtract member function.
 	const Integer& Subtract(const Integer &a, const Integer &b) const;
 	/// \brief TODO
 	/// \param a first element
 	/// \param b second element
-	/// \returns TODO
+	/// \return TODO
 	Integer& Reduce(Integer &a, const Integer &b) const;
 	/// \brief Doubles an element in the ring
 	/// \param a the element
-	/// \returns the element doubled
+	/// \return the element doubled
 	/// \details Double returns <tt>Add(a, a)</tt>. The element <tt>a</tt> must provide an Add member function.
 	const Integer& Double(const Integer &a) const
 		{return Add(a, a);}
 	/// \brief Retrieves the multiplicative identity
-	/// \returns the multiplicative identity
+	/// \return the multiplicative identity
 	/// \details the base class implementations returns 1.
 	const Integer& MultiplicativeIdentity() const
 		{return Integer::One();}
@ -185,21 +185,21 @@ public:
 	/// \brief Multiplies elements in the ring
 	/// \param a the multiplicand
 	/// \param b the multiplier
-	/// \returns the product of a and b
+	/// \return the product of a and b
 	/// \details Multiply returns <tt>a*b\%n</tt>.
 	const Integer& Multiply(const Integer &a, const Integer &b) const
 		{return m_result1 = a*b%m_modulus;}
 	/// \brief Square an element in the ring
 	/// \param a the element
-	/// \returns the element squared
+	/// \return the element squared
 	/// \details Square returns <tt>a*a\%n</tt>. The element <tt>a</tt> must provide a Square member function.
 	const Integer& Square(const Integer &a) const
 		{return m_result1 = a.Squared()%m_modulus;}
 	/// \brief Determines whether an element is a unit in the ring
 	/// \param a the element
-	/// \returns true if the element is a unit after reduction, false otherwise.
+	/// \return true if the element is a unit after reduction, false otherwise.
 	bool IsUnit(const Integer &a) const
 		{return Integer::Gcd(a, m_modulus).IsUnit();}
@ -213,7 +213,7 @@ public:
 	/// \brief Divides elements in the ring
 	/// \param a the dividend
 	/// \param b the divisor
-	/// \returns the quotient
+	/// \return the quotient
 	/// \details Divide returns <tt>a*b<sup>-1</sup>\%n</tt>.
 	const Integer& Divide(const Integer &a, const Integer &b) const
 		{return Multiply(a, MultiplicativeInverse(b));}
@ -223,7 +223,7 @@ public:
 	/// \param e1 first exponent
 	/// \param y second element
 	/// \param e2 second exponent
-	/// \returns TODO
+	/// \return TODO
 	Integer CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const;
 	/// \brief Exponentiates a base to multiple exponents in the ring
@ -239,19 +239,19 @@ public:
 	void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
 	/// \brief Provides the maximum bit size of an element in the ring
-	/// \returns maximum bit size of an element
+	/// \return maximum bit size of an element
 	unsigned int MaxElementBitLength() const
 		{return (m_modulus-1).BitCount();}
 	/// \brief Provides the maximum byte size of an element in the ring
-	/// \returns maximum byte size of an element
+	/// \return maximum byte size of an element
 	unsigned int MaxElementByteLength() const
 		{return (m_modulus-1).ByteCount();}
 	/// \brief Provides a random element in the ring
 	/// \param rng RandomNumberGenerator used to generate material
 	/// \param ignore_for_now unused
-	/// \returns a random element that is uniformly distributed
+	/// \return a random element that is uniformly distributed
 	/// \details RandomElement constructs a new element in the range <tt>[0,n-1]</tt>, inclusive.
 	///   The element's class must provide a constructor with the signature <tt>Element(RandomNumberGenerator rng,
 	///   Element min, Element max)</tt>.
@ -264,7 +264,7 @@ public:
 	/// \brief Compares two ModularArithmetic for equality
 	/// \param rhs other ModularArithmetic
-	/// \returns true if this is equal to the other, false otherwise
+	/// \return true if this is equal to the other, false otherwise
 	/// \details The operator tests for equality using <tt>this.m_modulus == rhs.m_modulus</tt>.
 	bool operator==(const ModularArithmetic &rhs) const
 		{return m_modulus == rhs.m_modulus;}
@ -303,7 +303,7 @@ public:
 	MontgomeryRepresentation(const Integer &modulus);
 	/// \brief Clone a MontgomeryRepresentation
-	/// \returns pointer to a new MontgomeryRepresentation
+	/// \return pointer to a new MontgomeryRepresentation
 	/// \details Clone effectively copy constructs a new MontgomeryRepresentation. The caller is
 	///   responsible for deleting the pointer returned from this method.
 	virtual ModularArithmetic * Clone() const {return new MontgomeryRepresentation(*this);}
--- a/modes.h
+++ b/modes.h
@ -57,20 +57,20 @@ public:
 	}
 	/// \brief Returns smallest valid key length
-	/// \returns the minimum key length, in bytes
+	/// \return the minimum key length, in bytes
 	size_t MinKeyLength() const {return m_cipher->MinKeyLength();}
 	/// \brief Returns largest valid key length
-	/// \returns the maximum key length, in bytes
+	/// \return the maximum key length, in bytes
 	size_t MaxKeyLength() const {return m_cipher->MaxKeyLength();}
 	/// \brief Returns default key length
-	/// \returns the default key length, in bytes
+	/// \return the default key length, in bytes
 	size_t DefaultKeyLength() const {return m_cipher->DefaultKeyLength();}
 	/// \brief Returns a valid key length for the algorithm
 	/// \param keylength the size of the key, in bytes
-	/// \returns the valid key length, in bytes
+	/// \return the valid key length, in bytes
 	/// \details keylength is provided in bytes, not bits. If keylength is less than MIN_KEYLENGTH,
 	///   then the function returns MIN_KEYLENGTH. If keylength is greater than MAX_KEYLENGTH,
 	///   then the function returns MAX_KEYLENGTH. if If keylength is a multiple of KEYLENGTH_MULTIPLE,
@ -91,7 +91,7 @@ public:
 	/// \brief Returns length of the IV accepted by this object
 	/// \return the size of an IV, in bytes
-	/// \throws NotImplemented() if the object does not support resynchronization
+	/// \throw NotImplemented() if the object does not support resynchronization
 	/// \details The default implementation throws NotImplemented
 	unsigned int IVSize() const {return BlockSize();}
--- a/naclite.h
+++ b/naclite.h
@ -152,7 +152,7 @@ CRYPTOPP_CONSTANT(crypto_scalarmult_SCALARBYTES = 32);
 /// \param y other's public key
 /// \param x private key
 /// \details crypto_box() uses crypto_box_curve25519xsalsa20poly1305
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
 /// \since Crypto++ 6.0
 int crypto_box(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const byte *x);
@ -165,7 +165,7 @@ int crypto_box(byte *c,const byte *m,word64 d,const byte *n,const byte *y,const
 /// \param y other's public key
 /// \param x private key
 /// \details crypto_box_open() uses crypto_box_curve25519xsalsa20poly1305
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
 /// \since Crypto++ 6.0
 int crypto_box_open(byte *m,const byte *c,word64 d,const byte *n,const byte *y,const byte *x);
@ -173,7 +173,7 @@ int crypto_box_open(byte *m,const byte *c,word64 d,const byte *n,const byte *y,c
 /// \brief Generate a keypair for encryption
 /// \param y public key byte buffer
 /// \param x private key byte buffer
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
 /// \since Crypto++ 6.0
 int crypto_box_keypair(byte *y,byte *x);
@ -184,7 +184,7 @@ int crypto_box_keypair(byte *y,byte *x);
 /// \param x private key
 /// \details crypto_box_beforenm() performs message-independent precomputation to derive the key.
 ///   Once the key is derived multiple calls to crypto_box_afternm() can be made to process the message.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
 /// \since Crypto++ 6.0
 int crypto_box_beforenm(byte *k,const byte *y,const byte *x);
@ -198,7 +198,7 @@ int crypto_box_beforenm(byte *k,const byte *y,const byte *x);
 /// \details crypto_box_afternm() performs message-dependent computation using the derived the key.
 ///   Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_afternm()
 ///   can be made to process the message.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
 /// \since Crypto++ 6.0
 int crypto_box_afternm(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
@ -212,7 +212,7 @@ int crypto_box_afternm(byte *c,const byte *m,word64 d,const byte *n,const byte *
 /// \details crypto_box_afternm() performs message-dependent computation using the derived the key.
 ///   Once the key is derived using crypto_box_beforenm() multiple calls to crypto_box_open_afternm()
 ///   can be made to process the message.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>
 /// \since Crypto++ 6.0
 int crypto_box_open_afternm(byte *m,const byte *c,word64 d,const byte *n,const byte *k);
@ -230,7 +230,7 @@ int crypto_box_open_afternm(byte *m,const byte *c,word64 d,const byte *n,const b
 ///   interop with early versions of NaCl, libsodium and other libraries does not exist. The
 ///   downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
 ///   and Zcash.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \warning This version of crypto_box() does not check for small order elements. It should not
 ///   be used in new software.
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
@ -254,7 +254,7 @@ int crypto_box_unchecked(byte *c,const byte *m,word64 d,const byte *n,const byte
 ///   interop with early versions of NaCl, libsodium and other libraries does not exist. The
 ///   downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
 ///   and Zcash.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \warning This version of crypto_box_open() does not check for small order elements. It should not
 ///   be used in new software.
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
@ -276,7 +276,7 @@ int crypto_box_open_unchecked(byte *m,const byte *c,word64 d,const byte *n,const
 ///   interop with early versions of NaCl, libsodium and other libraries does not exist. The
 ///   downlevel interop may also be needed of cryptocurrencies like Bitcoin, Ethereum, Monero
 ///   and Zcash.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \warning This version of crypto_box_beforenm() does not check for small order elements. It should not
 ///   be used in new software.
 /// \sa <A HREF="https://nacl.cr.yp.to/box.html">NaCl crypto_box documentation</A>,
@ -291,60 +291,60 @@ int crypto_box_beforenm_unchecked(byte *k,const byte *y,const byte *x);
 int crypto_core_salsa20(byte *out,const byte *in,const byte *k,const byte *c);
 /// \brief TODO
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \since Crypto++ 6.0
 int crypto_core_hsalsa20(byte *out,const byte *in,const byte *k,const byte *c);
 /// \brief Hash multiple blocks
 /// \details crypto_hashblocks() uses crypto_hashblocks_sha512.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
 /// \since Crypto++ 6.0
 int crypto_hashblocks(byte *x,const byte *m,word64 n);
 /// \brief Hash a message
 /// \details crypto_hash() uses crypto_hash_sha512.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/hash.html">NaCl crypto_hash documentation</A>
 /// \since Crypto++ 6.0
 int crypto_hash(byte *out,const byte *m,word64 n);
 /// \brief Create an authentication tag for a message
 /// \details crypto_onetimeauth() uses crypto_onetimeauth_poly1305.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
 /// \since Crypto++ 6.0
 int crypto_onetimeauth(byte *out,const byte *m,word64 n,const byte *k);
 /// \brief Verify an authentication tag on a message
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/onetimeauth.html">NaCl crypto_onetimeauth documentation</A>
 /// \since Crypto++ 6.0
 int crypto_onetimeauth_verify(const byte *h,const byte *m,word64 n,const byte *k);
 /// \brief Scalar multiplication of a point
 /// \details crypto_scalarmult() uses crypto_scalarmult_curve25519
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
 /// \since Crypto++ 6.0
 int crypto_scalarmult(byte *q,const byte *n,const byte *p);
 /// \brief Scalar multiplication of base point
 /// \details crypto_scalarmult_base() uses crypto_scalarmult_curve25519
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/scalarmult.html">NaCl crypto_scalarmult documentation</A>
 /// \since Crypto++ 6.0
 int crypto_scalarmult_base(byte *q,const byte *n);
 /// \brief Encrypt and authenticate a message
 /// \details crypto_secretbox() uses a symmetric key to encrypt and authenticate a message.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
 /// \since Crypto++ 6.0
 int crypto_secretbox(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
 /// \brief Verify and decrypt a message
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/secretbox.html">NaCl crypto_secretbox documentation</A>
 /// \since Crypto++ 6.0
 int crypto_secretbox_open(byte *m,const byte *c,word64 d,const byte *n,const byte *k);
@ -356,7 +356,7 @@ int crypto_secretbox_open(byte *m,const byte *c,word64 d,const byte *n,const byt
 /// \param n size of the input byte buffer
 /// \param sk private key
 /// \details crypto_sign() uses crypto_sign_ed25519.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
 /// \since Crypto++ 6.0
 int crypto_sign(byte *sm,word64 *smlen,const byte *m,word64 n,const byte *sk);
@ -367,7 +367,7 @@ int crypto_sign(byte *sm,word64 *smlen,const byte *m,word64 n,const byte *sk);
 /// \param sm input byte buffer
 /// \param n size of the input byte buffer
 /// \param pk public key
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
 /// \since Crypto++ 6.0
 int crypto_sign_open(byte *m,word64 *mlen,const byte *sm,word64 n,const byte *pk);
@ -376,7 +376,7 @@ int crypto_sign_open(byte *m,word64 *mlen,const byte *sm,word64 n,const byte *pk
 /// \param pk public key byte buffer
 /// \param sk private key byte buffer
 /// \details crypto_sign_keypair() creates an ed25519 keypair.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
 /// \since Crypto++ 6.0
 int crypto_sign_keypair(byte *pk, byte *sk);
@ -389,44 +389,44 @@ int crypto_sign_keypair(byte *pk, byte *sk);
 ///   secret key with the calculated public key.
 /// \details crypto_sign_sk2pk() is not part of libsodium or Tweet API. It was
 ///   added for interop with some anonymous routing protocols.
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/sign.html">NaCl crypto_sign documentation</A>
 /// \since Crypto++ 8.0
 int crypto_sign_sk2pk(byte *pk, const byte *sk);
 /// \brief Produce a keystream using XSalsa20
 /// \details crypto_stream() uses crypto_stream_xsalsa20
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
 /// \since Crypto++ 6.0
 int crypto_stream(byte *c,word64 d,const byte *n,const byte *k);
 /// \brief Encrypt a message using XSalsa20
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
 /// \since Crypto++ 6.0
 int crypto_stream_xor(byte *c,const byte *m,word64 d,const byte *n,const byte *k);
 /// \brief Produce a keystream using Salsa20
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
 /// \since Crypto++ 6.0
 int crypto_stream_salsa20(byte *c,word64 d,const byte *n,const byte *k);
 /// \brief Encrypt a message using Salsa20
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/stream.html">NaCl crypto_stream documentation</A>
 /// \since Crypto++ 6.0
 int crypto_stream_salsa20_xor(byte *c,const byte *m,word64 b,const byte *n,const byte *k);
 /// \brief Compare 16-byte buffers
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A>
 /// \since Crypto++ 6.0
 int crypto_verify_16(const byte *x,const byte *y);
 /// \brief Compare 32-byte buffers
-/// \returns 0 on success, non-0 otherwise
+/// \return 0 on success, non-0 otherwise
 /// \sa <A HREF="https://nacl.cr.yp.to/verify.html">NaCl crypto_verify documentation</A>
 /// \since Crypto++ 6.0
 int crypto_verify_32(const byte *x,const byte *y);
--- a/nbtheory.h
+++ b/nbtheory.h
@ -21,33 +21,33 @@ CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size);
 /// \brief Generates a provable prime
 /// \param rng a RandomNumberGenerator to produce random material
 /// \param bits the number of bits in the prime number
-/// \returns Integer() meeting Maurer's tests for primality
+/// \return Integer() meeting Maurer's tests for primality
 CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
 /// \brief Generates a provable prime
 /// \param rng a RandomNumberGenerator to produce random material
 /// \param bits the number of bits in the prime number
-/// \returns Integer() meeting Mihailescu's tests for primality
+/// \return Integer() meeting Mihailescu's tests for primality
 /// \details Mihailescu's methods performs a search using algorithmic progressions.
 CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
 /// \brief Tests whether a number is a small prime
 /// \param p a candidate prime to test
-/// \returns true if p is a small prime, false otherwise
+/// \return true if p is a small prime, false otherwise
 /// \details Internally, the library maintains a table of the first 32719 prime numbers
 ///   in sorted order. IsSmallPrime searches the table and returns true if p is
 ///   in the table.
 CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p);
 /// \brief Tests whether a number is divisible by a small prime
-/// \returns true if p is divisible by some prime less than bound.
+/// \return true if p is divisible by some prime less than bound.
 /// \details TrialDivision() returns <tt>true</tt> if <tt>p</tt> is divisible by some prime less
 ///   than <tt>bound</tt>. <tt>bound</tt> should not be greater than the largest entry in the
 ///   prime table, which is 32719.
 CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound);
 /// \brief Tests whether a number is divisible by a small prime
-/// \returns true if p is NOT divisible by small primes.
+/// \return true if p is NOT divisible by small primes.
 /// \details SmallDivisorsTest() returns <tt>true</tt> if <tt>p</tt> is NOT divisible by some
 ///   prime less than 32719.
 CRYPTOPP_DLL bool CRYPTOPP_API SmallDivisorsTest(const Integer &p);
@ -55,7 +55,7 @@ CRYPTOPP_DLL bool CRYPTOPP_API SmallDivisorsTest(const Integer &p);
 /// \brief Determine if a number is probably prime
 /// \param n the number to test
 /// \param b the base to exponentiate
-/// \returns true if the number n is probably prime, false otherwise.
+/// \return true if the number n is probably prime, false otherwise.
 /// \details IsFermatProbablePrime raises <tt>b</tt> to the <tt>n-1</tt> power and checks if
 ///   the result is congruent to 1 modulo <tt>n</tt>.
 /// \details These is no reason to use IsFermatProbablePrime, use IsStrongProbablePrime or
@ -65,7 +65,7 @@ CRYPTOPP_DLL bool CRYPTOPP_API IsFermatProbablePrime(const Integer &n, const Int
 /// \brief Determine if a number is probably prime
 /// \param n the number to test
-/// \returns true if the number n is probably prime, false otherwise.
+/// \return true if the number n is probably prime, false otherwise.
 /// \details These is no reason to use IsLucasProbablePrime, use IsStrongProbablePrime or
 ///   IsStrongLucasProbablePrime instead.
 /// \sa IsStrongProbablePrime, IsStrongLucasProbablePrime
@ -74,12 +74,12 @@ CRYPTOPP_DLL bool CRYPTOPP_API IsLucasProbablePrime(const Integer &n);
 /// \brief Determine if a number is probably prime
 /// \param n the number to test
 /// \param b the base to exponentiate
-/// \returns true if the number n is probably prime, false otherwise.
+/// \return true if the number n is probably prime, false otherwise.
 CRYPTOPP_DLL bool CRYPTOPP_API IsStrongProbablePrime(const Integer &n, const Integer &b);
 /// \brief Determine if a number is probably prime
 /// \param n the number to test
-/// \returns true if the number n is probably prime, false otherwise.
+/// \return true if the number n is probably prime, false otherwise.
 CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n);
 /// \brief Determine if a number is probably prime
@ -94,7 +94,7 @@ CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const
 /// \brief Verifies a number is probably prime
 /// \param p a candidate prime to test
-/// \returns true if p is a probable prime, false otherwise
+/// \return true if p is a probable prime, false otherwise
 /// \details IsPrime() is suitable for testing candidate primes when creating them. Internally,
 ///   IsPrime() utilizes SmallDivisorsTest(), IsStrongProbablePrime() and IsStrongLucasProbablePrime().
 CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p);
@ -103,7 +103,7 @@ CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p);
 /// \param rng a RandomNumberGenerator for randomized testing
 /// \param p a candidate prime to test
 /// \param level the level of thoroughness of testing
-/// \returns true if p is a strong probable prime, false otherwise
+/// \return true if p is a strong probable prime, false otherwise
 /// \details VerifyPrime() is suitable for testing candidate primes created by others. Internally,
 ///   VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candiate passes and
 ///   level is greater than 1, then 10 round RabinMillerTest() primality testing is performed.
@ -124,7 +124,7 @@ public:
 /// \param equiv the equivalence class based on the parameter mod
 /// \param mod the modulus used to reduce the equivalence class
 /// \param pSelector pointer to a PrimeSelector function for the application to signal suitability
-/// \returns true if and only if FirstPrime() finds a prime and returns the prime through p. If FirstPrime()
+/// \return true if and only if FirstPrime() finds a prime and returns the prime through p. If FirstPrime()
 ///   returns false, then no such prime exists and the value of p is undefined
 /// \details FirstPrime() uses a fast sieve to find the first probable prime
 ///   in <tt>{x | p<=x<=max and x%mod==equiv}</tt>
@ -139,28 +139,28 @@ CRYPTOPP_DLL AlgorithmParameters CRYPTOPP_API MakeParametersForTwoPrimesOfEqualS
 /// \brief Calculate the greatest common divisor
 /// \param a the first term
 /// \param b the second term
-/// \returns the greatest common divisor if one exists, 0 otherwise.
+/// \return the greatest common divisor if one exists, 0 otherwise.
 inline Integer GCD(const Integer &a, const Integer &b)
 	{return Integer::Gcd(a,b);}
 /// \brief Determine relative primality
 /// \param a the first term
 /// \param b the second term
-/// \returns true if <tt>a</tt> and <tt>b</tt> are relatively prime, false otherwise.
+/// \return true if <tt>a</tt> and <tt>b</tt> are relatively prime, false otherwise.
 inline bool RelativelyPrime(const Integer &a, const Integer &b)
 	{return Integer::Gcd(a,b) == Integer::One();}
 /// \brief Calculate the least common multiple
 /// \param a the first term
 /// \param b the second term
-/// \returns the least common multiple of <tt>a</tt> and <tt>b</tt>.
+/// \return the least common multiple of <tt>a</tt> and <tt>b</tt>.
 inline Integer LCM(const Integer &a, const Integer &b)
 	{return a/Integer::Gcd(a,b)*b;}
 /// \brief Calculate multiplicative inverse
 /// \param a the number to test
 /// \param b the modulus
-/// \returns an Integer <tt>(a ^ -1) % n</tt> or 0 if none exists.
+/// \return an Integer <tt>(a ^ -1) % n</tt> or 0 if none exists.
 /// \details EuclideanMultiplicativeInverse returns the multiplicative inverse of the Integer
 ///   <tt>*a</tt> modulo the Integer <tt>b</tt>. If no Integer exists then Integer 0 is returned.
 inline Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b)
@ -173,7 +173,7 @@ inline Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b
 /// \param xq the second number, mod q
 /// \param q the second prime modulus
 /// \param u inverse of p mod q
-/// \returns the CRT value of the parameters
+/// \return the CRT value of the parameters
 /// \details CRT uses the Chinese Remainder Theorem to calculate <tt>x</tt> given
 ///   <tt>x mod p</tt> and <tt>x mod q</tt>, and <tt>u</tt> the inverse of <tt>p mod q</tt>.
 CRYPTOPP_DLL Integer CRYPTOPP_API CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u);
@ -181,7 +181,7 @@ CRYPTOPP_DLL Integer CRYPTOPP_API CRT(const Integer &xp, const Integer &p, const
 /// \brief Calculate the Jacobi symbol
 /// \param a the first term
 /// \param b the second term
-/// \returns the the Jacobi symbol.
+/// \return the the Jacobi symbol.
 /// \details Jacobi symbols are calculated using the following rules:
 ///  -# if <tt>b</tt> is prime, then <tt>Jacobi(a, b)</tt>, then return 0
 ///  -# if <tt>a%b</tt>==0 AND <tt>a</tt> is quadratic residue <tt>mod b</tt>, then return 1
@ -190,12 +190,12 @@ CRYPTOPP_DLL Integer CRYPTOPP_API CRT(const Integer &xp, const Integer &p, const
 CRYPTOPP_DLL int CRYPTOPP_API Jacobi(const Integer &a, const Integer &b);
 /// \brief Calculate the Lucas value
-/// \returns the Lucas value
+/// \return the Lucas value
 /// \details Lucas() calculates the Lucas function <tt>V_e(p, 1) mod n</tt>.
 CRYPTOPP_DLL Integer CRYPTOPP_API Lucas(const Integer &e, const Integer &p, const Integer &n);
 /// \brief Calculate the inverse Lucas value
-/// \returns the inverse Lucas value
+/// \return the inverse Lucas value
 /// \details InverseLucas() calculates <tt>x</tt> such that <tt>m==Lucas(e, x, p*q)</tt>,
 ///   <tt>p q</tt> primes, <tt>u</tt> is inverse of <tt>p mod q</tt>.
 CRYPTOPP_DLL Integer CRYPTOPP_API InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u);
@ -204,7 +204,7 @@ CRYPTOPP_DLL Integer CRYPTOPP_API InverseLucas(const Integer &e, const Integer &
 /// \param x the first term
 /// \param y the second term
 /// \param m the modulus
-/// \returns an Integer <tt>(x * y) % m</tt>.
+/// \return an Integer <tt>(x * y) % m</tt>.
 inline Integer ModularMultiplication(const Integer &x, const Integer &y, const Integer &m)
 	{return a_times_b_mod_c(x, y, m);}
@ -212,19 +212,19 @@ inline Integer ModularMultiplication(const Integer &x, const Integer &y, const I
 /// \param x the base
 /// \param e the exponent
 /// \param m the modulus
-/// \returns an Integer <tt>(a ^ b) % m</tt>.
+/// \return an Integer <tt>(a ^ b) % m</tt>.
 inline Integer ModularExponentiation(const Integer &x, const Integer &e, const Integer &m)
 	{return a_exp_b_mod_c(x, e, m);}
 /// \brief Extract a modular square root
 /// \param a the number to extract square root
 /// \param p the prime modulus
-/// \returns the modular square root if it exists
+/// \return the modular square root if it exists
 /// \details ModularSquareRoot returns <tt>x</tt> such that <tt>x*x%p == a</tt>, <tt>p</tt> prime
 CRYPTOPP_DLL Integer CRYPTOPP_API ModularSquareRoot(const Integer &a, const Integer &p);
 /// \brief Extract a modular root
-/// \returns a modular root if it exists
+/// \return a modular root if it exists
 /// \details ModularRoot returns <tt>x</tt> such that <tt>a==ModularExponentiation(x, e, p*q)</tt>,
 ///   <tt>p</tt> <tt>q</tt> primes, and <tt>e</tt> relatively prime to <tt>(p-1)*(q-1)</tt>,
 ///   <tt>dp=d%(p-1)</tt>, <tt>dq=d%(q-1)</tt>, (d is inverse of <tt>e mod (p-1)*(q-1)</tt>)
@ -238,21 +238,21 @@ CRYPTOPP_DLL Integer CRYPTOPP_API ModularRoot(const Integer &a, const Integer &d
 /// \param b the second coefficient
 /// \param c the third constant
 /// \param p the prime modulus
-/// \returns true if solutions exist
+/// \return true if solutions exist
 /// \details SolveModularQuadraticEquation() finds <tt>r1</tt> and <tt>r2</tt> such that <tt>ax^2 +
 ///   bx + c == 0 (mod p)</tt> for x in <tt>{r1, r2}</tt>, <tt>p</tt> prime.
 CRYPTOPP_DLL bool CRYPTOPP_API SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p);
 /// \brief Estimate work factor
 /// \param bitlength the size of the number, in bits
-/// \returns the estimated work factor, in operations
+/// \return the estimated work factor, in operations
 /// \details DiscreteLogWorkFactor returns log base 2 of estimated number of operations to
 ///   calculate discrete log or factor a number.
 CRYPTOPP_DLL unsigned int CRYPTOPP_API DiscreteLogWorkFactor(unsigned int bitlength);
 /// \brief Estimate work factor
 /// \param bitlength the size of the number, in bits
-/// \returns the estimated work factor, in operations
+/// \return the estimated work factor, in operations
 /// \details FactoringWorkFactor returns log base 2 of estimated number of operations to
 ///   calculate discrete log or factor a number.
 CRYPTOPP_DLL unsigned int CRYPTOPP_API FactoringWorkFactor(unsigned int bitlength);
@ -297,15 +297,15 @@ public:
 	void Generate(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits);
 	/// \brief Retrieve first prime
-	/// \returns Prime() returns the prime p.
+	/// \return Prime() returns the prime p.
 	const Integer& Prime() const {return p;}
 	/// \brief Retrieve second prime
-	/// \returns SubPrime() returns the prime q.
+	/// \return SubPrime() returns the prime q.
 	const Integer& SubPrime() const {return q;}
 	/// \brief Retrieve the generator
-	/// \returns Generator() returns the the generator g.
+	/// \return Generator() returns the the generator g.
 	const Integer& Generator() const {return g;}
 private:
--- a/osrng.h
+++ b/osrng.h
@ -57,7 +57,7 @@ public:
 #endif // USE_MS_CRYPTOAPI or USE_MS_CNGAPI
 	/// \brief Retrieves the provider handle
-	/// \returns CryptoAPI provider handle
+	/// \return CryptoAPI provider handle
 	/// \details If USE_MS_CRYPTOAPI is in effect, then CryptAcquireContext()
 	///  acquires then handle and CryptReleaseContext() releases the handle
 	///  upon destruction. If USE_MS_CNGAPI is in effect, then
--- a/padlkrng.h
+++ b/padlkrng.h
@ -100,7 +100,7 @@ public:
 	/// \brief Set the XSTORE divisor
 	/// \param divisor the XSTORE divisor
-	/// \returns the old XSTORE divisor
+	/// \return the old XSTORE divisor
 	word32 SetDivisor(word32 divisor)
 	{
 		word32 old = m_divisor;
@ -109,14 +109,14 @@ public:
 	}
 	/// \brief Get the XSTORE divisor
-	/// \returns the current XSTORE divisor
+	/// \return the current XSTORE divisor
 	word32 GetDivisor() const
 	{
 		return m_divisor;
 	}
 	/// \brief Get the MSR for the last operation
-	/// \returns the MSR for the last read operation
+	/// \return the MSR for the last read operation
 	word32 GetMSR() const
 	{
 		return m_msr;
--- a/ppc_simd.h
+++ b/ppc_simd.h
@ -209,7 +209,7 @@ typedef __vector unsigned long long uint64x2_p;
 #endif  // VSX or ARCH_PWR8
 /// \brief The 0 vector
-/// \returns a 32-bit vector of 0's
+/// \return a 32-bit vector of 0's
 /// \since Crypto++ 8.0
 inline uint32x4_p VecZero()
 {
@ -218,7 +218,7 @@ inline uint32x4_p VecZero()
 }
 /// \brief The 1 vector
-/// \returns a 32-bit vector of 1's
+/// \return a 32-bit vector of 1's
 /// \since Crypto++ 8.0
 inline uint32x4_p VecOne()
 {
@ -229,7 +229,7 @@ inline uint32x4_p VecOne()
 /// \brief Reverse bytes in a vector
 /// \tparam T vector type
 /// \param data the vector
-/// \returns vector
+/// \return vector
 /// \details VecReverse() reverses the bytes in a vector
 /// \par Wraps
 ///  vec_perm
@ -249,7 +249,7 @@ inline T VecReverse(const T data)
 /// \brief Reverse bytes in a vector
 /// \tparam T vector type
 /// \param data the vector
-/// \returns vector
+/// \return vector
 /// \details VecReverseLE() reverses the bytes in a vector on
 ///  little-endian systems.
 /// \par Wraps
@ -269,7 +269,7 @@ inline T VecReverseLE(const T data)
 /// \brief Reverse bytes in a vector
 /// \tparam T vector type
 /// \param data the vector
-/// \returns vector
+/// \return vector
 /// \details VecReverseBE() reverses the bytes in a vector on
 ///  big-endian systems.
 /// \par Wraps
@ -1360,7 +1360,7 @@ inline void VecStoreBE(const T data, int off, word32 dest[4])
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecAnd() performs <tt>vec1 & vec2</tt>.
 ///  vec2 is cast to the same type as vec1. The return vector
 ///  is the same type as vec1.
@ -1379,7 +1379,7 @@ inline T1 VecAnd(const T1 vec1, const T2 vec2)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecOr() performs <tt>vec1 | vec2</tt>.
 ///  vec2 is cast to the same type as vec1. The return vector
 ///  is the same type as vec1.
@ -1398,7 +1398,7 @@ inline T1 VecOr(const T1 vec1, const T2 vec2)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecXor() performs <tt>vec1 ^ vec2</tt>.
 ///  vec2 is cast to the same type as vec1. The return vector
 ///  is the same type as vec1.
@ -1422,7 +1422,7 @@ inline T1 VecXor(const T1 vec1, const T2 vec2)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecAdd() performs <tt>vec1 + vec2</tt>.
 ///  vec2 is cast to the same type as vec1. The return vector
 ///  is the same type as vec1.
@ -1464,7 +1464,7 @@ inline T1 VecSub(const T1 vec1, const T2 vec2)
 /// \tparam T2 vector type
 /// \param vec the vector
 /// \param mask vector mask
-/// \returns vector
+/// \return vector
 /// \details VecPermute() creates a new vector from vec according to mask.
 ///  mask is an uint8x16_p vector. The return vector is the same type as vec.
 /// \par Wraps
@ -1482,7 +1482,7 @@ inline T1 VecPermute(const T1 vec, const T2 mask)
 /// \param vec1 the first vector
 /// \param vec2 the second vector
 /// \param mask vector mask
-/// \returns vector
+/// \return vector
 /// \details VecPermute() creates a new vector from vec1 and vec2 according to mask.
 ///  mask is an uint8x16_p vector. The return vector is the same type as vec.
 /// \par Wraps
@ -1503,7 +1503,7 @@ inline T1 VecPermute(const T1 vec1, const T1 vec2, const T2 mask)
 /// \tparam C shift byte count
 /// \tparam T vector type
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecShiftLeftOctet() returns a new vector after shifting the
 ///  concatenation of the zero vector and the source vector by the specified
 ///  number of bytes. The return vector is the same type as vec.
@ -1550,7 +1550,7 @@ inline T VecShiftLeftOctet(const T vec)
 /// \tparam C shift byte count
 /// \tparam T vector type
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecShiftRightOctet() returns a new vector after shifting the
 ///  concatenation of the zero vector and the source vector by the specified
 ///  number of bytes. The return vector is the same type as vec.
@ -1597,7 +1597,7 @@ inline T VecShiftRightOctet(const T vec)
 /// \tparam C shift byte count
 /// \tparam T vector type
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateLeftOctet() returns a new vector after rotating the
 ///  concatenation of the source vector with itself by the specified
 ///  number of bytes. The return vector is the same type as vec.
@ -1622,7 +1622,7 @@ inline T VecRotateLeftOctet(const T vec)
 /// \tparam C shift byte count
 /// \tparam T vector type
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateRightOctet() returns a new vector after rotating the
 ///  concatenation of the source vector with itself by the specified
 ///  number of bytes. The return vector is the same type as vec.
@ -1646,7 +1646,7 @@ inline T VecRotateRightOctet(const T vec)
 /// \brief Rotate a vector left
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateLeft() rotates each element in a vector by
 ///  bit count. The return vector is the same type as vec.
 /// \par Wraps
@ -1662,7 +1662,7 @@ inline uint32x4_p VecRotateLeft(const uint32x4_p vec)
 /// \brief Rotate a vector right
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateRight() rotates each element in a vector
 ///  by bit count. The return vector is the same type as vec.
 /// \par Wraps
@ -1678,7 +1678,7 @@ inline uint32x4_p VecRotateRight(const uint32x4_p vec)
 /// \brief Shift a vector left
 /// \tparam C shift bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecShiftLeft() rotates each element in a vector
 ///  by bit count. The return vector is the same type as vec.
 /// \par Wraps
@ -1694,7 +1694,7 @@ inline uint32x4_p VecShiftLeft(const uint32x4_p vec)
 /// \brief Shift a vector right
 /// \tparam C shift bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecShiftRight() rotates each element in a vector
 ///  by bit count. The return vector is the same type as vec.
 /// \par Wraps
@ -1713,7 +1713,7 @@ inline uint32x4_p VecShiftRight(const uint32x4_p vec)
 /// \brief Rotate a vector left
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateLeft() rotates each element in a vector
 ///  by bit count. The return vector is the same type as vec.
 /// \details VecRotateLeft() with 64-bit elements is available on
@ -1731,7 +1731,7 @@ inline uint64x2_p VecRotateLeft(const uint64x2_p vec)
 /// \brief Shift a vector left
 /// \tparam C shift bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecShiftLeft() rotates each element in a vector
 ///  by bit count. The return vector is the same type as vec.
 /// \details VecShiftLeft() with 64-bit elements is available on
@ -1749,7 +1749,7 @@ inline uint64x2_p VecShiftLeft(const uint64x2_p vec)
 /// \brief Rotate a vector right
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateRight() rotates each element in a vector
 ///  by bit count. The return vector is the same type as vec.
 /// \details VecRotateRight() with 64-bit elements is available on
@ -1767,7 +1767,7 @@ inline uint64x2_p VecRotateRight(const uint64x2_p vec)
 /// \brief Shift a vector right
 /// \tparam C shift bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecShiftRight() rotates each element in a vector
 ///  by bit count. The return vector is the same type as vec.
 /// \details VecShiftRight() with 64-bit elements is available on
@ -1793,7 +1793,7 @@ inline uint64x2_p VecShiftRight(const uint64x2_p vec)
 /// \tparam T vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_mergel
 /// \since Crypto++ 8.1
@ -1807,7 +1807,7 @@ inline T VecMergeLow(const T vec1, const T vec2)
 /// \tparam T vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_mergeh
 /// \since Crypto++ 8.1
@ -1819,7 +1819,7 @@ inline T VecMergeHigh(const T vec1, const T vec2)
 /// \brief Broadcast 32-bit word to a vector
 /// \param val the 32-bit value
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_splats
 /// \since Crypto++ 8.3
@ -1840,7 +1840,7 @@ inline uint32x4_p VecSplatWord(word32 val)
 /// \brief Broadcast 32-bit element to a vector
 /// \tparam the element number
 /// \param val the 32-bit value
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_splat
 /// \since Crypto++ 8.3
@ -1853,7 +1853,7 @@ inline uint32x4_p VecSplatElement(const uint32x4_p val)
 #if defined(__VSX__) || defined(_ARCH_PWR8) || defined(CRYPTOPP_DOXYGEN_PROCESSING)
 /// \brief Broadcast 64-bit double word to a vector
 /// \param val the 64-bit value
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_splats
 /// \since Crypto++ 8.3
@ -1866,7 +1866,7 @@ inline uint64x2_p VecSplatWord(word64 val)
 /// \brief Broadcast 64-bit element to a vector
 /// \tparam the element number
 /// \param val the 64-bit value
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_splat
 /// \since Crypto++ 8.3
@ -1894,7 +1894,7 @@ inline uint64x2_p VecSplatElement(const uint64x2_p val)
 /// \brief Extract a dword from a vector
 /// \tparam T vector type
 /// \param val the vector
-/// \returns vector created from low dword
+/// \return vector created from low dword
 /// \details VecGetLow() extracts the low dword from a vector. The low dword
 ///  is composed of the least significant bits and occupies bytes 8 through 15
 ///  when viewed as a big endian array. The return vector is the same type as
@ -1916,7 +1916,7 @@ inline T VecGetLow(const T val)
 /// \brief Extract a dword from a vector
 /// \tparam T vector type
 /// \param val the vector
-/// \returns vector created from high dword
+/// \return vector created from high dword
 /// \details VecGetHigh() extracts the high dword from a vector. The high dword
 ///  is composed of the most significant bits and occupies bytes 0 through 7
 ///  when viewed as a big endian array. The return vector is the same type as
@ -1938,7 +1938,7 @@ inline T VecGetHigh(const T val)
 /// \brief Exchange high and low double words
 /// \tparam T vector type
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_sld
 /// \since Crypto++ 7.0
@ -1958,7 +1958,7 @@ inline T VecSwapWords(const T vec)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns true if vec1 equals vec2, false otherwise
+/// \return true if vec1 equals vec2, false otherwise
 /// \details VecEqual() performs a bitwise compare. The vector element types do
 ///  not matter.
 /// \par Wraps
@ -1975,7 +1975,7 @@ inline bool VecEqual(const T1 vec1, const T2 vec2)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns true if vec1 does not equal vec2, false otherwise
+/// \return true if vec1 does not equal vec2, false otherwise
 /// \details VecNotEqual() performs a bitwise compare. The vector element types do
 ///  not matter.
 /// \par Wraps
@ -1997,7 +1997,7 @@ inline bool VecNotEqual(const T1 vec1, const T2 vec2)
 /// \brief Add two vectors as if uint64x2_p
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecAdd64() performs <tt>vec1 + vec2</tt>. VecAdd64() performs as
 ///  if adding two uint64x2_p vectors. On POWER7 and below VecAdd64() manages
 ///  the carries from the elements.
@ -2033,7 +2033,7 @@ inline uint32x4_p VecAdd64(const uint32x4_p& vec1, const uint32x4_p& vec2)
 /// \brief Add two vectors as if uint64x2_p
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecAdd64() performs <tt>vec1 + vec2</tt>. VecAdd64() performs as
 ///  if adding two uint64x2_p vectors. On POWER7 and below VecAdd64() manages
 ///  the carries from the elements.
@ -2125,7 +2125,7 @@ inline uint64x2_p VecSub64(const uint64x2_p& vec1, const uint64x2_p& vec2)
 /// \brief Rotate a vector left as if uint64x2_p
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateLeft() rotates each element in a vector by bit count.
 ///  vec is rotated as if uint64x2_p.
 /// \par Wraps
@ -2173,7 +2173,7 @@ inline uint32x4_p VecRotateLeft64(const uint32x4_p vec)
 /// \brief Rotate a vector left as if uint64x2_p
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateLeft<8>() rotates each element in a vector
 ///  by 8-bits. vec is rotated as if uint64x2_p. This specialization
 ///  is used by algorithms like Speck128.
@ -2196,7 +2196,7 @@ inline uint32x4_p VecRotateLeft64<8>(const uint32x4_p vec)
 /// \brief Rotate a vector left as if uint64x2_p
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateLeft64() rotates each element in a vector by
 ///  bit count. vec is rotated as if uint64x2_p.
 /// \par Wraps
@ -2223,7 +2223,7 @@ inline uint64x2_p VecRotateLeft64(const uint64x2_p vec)
 /// \brief Rotate a vector right as if uint64x2_p
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateRight64() rotates each element in a vector by
 ///  bit count. vec is rotated as if uint64x2_p.
 /// \par Wraps
@ -2271,7 +2271,7 @@ inline uint32x4_p VecRotateRight64(const uint32x4_p vec)
 /// \brief Rotate a vector right as if uint64x2_p
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateRight64<8>() rotates each element in a vector
 ///  by 8-bits. vec is rotated as if uint64x2_p. This specialization
 ///  is used by algorithms like Speck128.
@ -2295,7 +2295,7 @@ inline uint32x4_p VecRotateRight64<8>(const uint32x4_p vec)
 /// \brief Rotate a vector right as if uint64x2_p
 /// \tparam C rotate bit count
 /// \param vec the vector
-/// \returns vector
+/// \return vector
 /// \details VecRotateRight64() rotates each element in a vector by
 ///  bit count. vec is rotated as if uint64x2_p.
 /// \par Wraps
@ -2324,7 +2324,7 @@ inline uint64x2_p VecRotateRight64(const uint64x2_p vec)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecAnd64() performs <tt>vec1 & vec2</tt>.
 ///  vec2 is cast to the same type as vec1. The return vector
 ///  is the same type as vec1.
@ -2343,7 +2343,7 @@ inline T1 VecAnd64(const T1 vec1, const T2 vec2)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecOr64() performs <tt>vec1 | vec2</tt>.
 ///  vec2 is cast to the same type as vec1. The return vector
 ///  is the same type as vec1.
@ -2362,7 +2362,7 @@ inline T1 VecOr64(const T1 vec1, const T2 vec2)
 /// \tparam T2 vector type
 /// \param vec1 the first vector
 /// \param vec2 the second vector
-/// \returns vector
+/// \return vector
 /// \details VecXor64() performs <tt>vec1 ^ vec2</tt>.
 ///  vec2 is cast to the same type as vec1. The return vector
 ///  is the same type as vec1.
@ -2378,7 +2378,7 @@ inline T1 VecXor64(const T1 vec1, const T2 vec2)
 /// \brief Broadcast 64-bit double word to a vector
 /// \param val the 64-bit value
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_splats
 /// \since Crypto++ 8.3
@ -2396,7 +2396,7 @@ inline uint32x4_p VecSplatWord64(word64 val)
 /// \brief Broadcast 64-bit element to a vector as if uint64x2_p
 /// \tparam the element number
 /// \param val the 64-bit value
-/// \returns vector
+/// \return vector
 /// \par Wraps
 ///  vec_splat
 /// \since Crypto++ 8.3
@ -2424,7 +2424,7 @@ inline uint32x4_p VecSplatElement64(const uint32x4_p val)
 /// \brief Broadcast 64-bit element to a vector
 /// \tparam the element number
 /// \param val the 64-bit value
-/// \returns vector
+/// \return vector
 /// \since Crypto++ 8.3
 template <unsigned int N>
 inline uint64x2_p VecSplatElement64(const uint64x2_p val)
@ -2447,7 +2447,7 @@ inline uint64x2_p VecSplatElement64(const uint64x2_p val)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details VecPolyMultiply() performs polynomial multiplication. POWER8
 ///  polynomial multiplication multiplies the high and low terms, and then
 ///  XOR's the high and low products. That is, the result is <tt>ah*bh XOR
@ -2472,7 +2472,7 @@ inline uint32x4_p VecPolyMultiply(const uint32x4_p& a, const uint32x4_p& b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details VecPolyMultiply() performs polynomial multiplication. POWER8
 ///  polynomial multiplication multiplies the high and low terms, and then
 ///  XOR's the high and low products. That is, the result is <tt>ah*bh XOR
@ -2497,7 +2497,7 @@ inline uint64x2_p VecPolyMultiply(const uint64x2_p& a, const uint64x2_p& b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details VecIntelMultiply00() performs polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x00)</tt>.
 ///  The <tt>0x00</tt> indicates the low 64-bits of <tt>a</tt> and <tt>b</tt>
@ -2519,7 +2519,7 @@ inline uint64x2_p VecIntelMultiply00(const uint64x2_p& a, const uint64x2_p& b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details VecIntelMultiply01 performs() polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x01)</tt>.
 ///  The <tt>0x01</tt> indicates the low 64-bits of <tt>a</tt> and high
@ -2541,7 +2541,7 @@ inline uint64x2_p VecIntelMultiply01(const uint64x2_p& a, const uint64x2_p& b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details VecIntelMultiply10() performs polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x10)</tt>.
 ///  The <tt>0x10</tt> indicates the high 64-bits of <tt>a</tt> and low
@ -2563,7 +2563,7 @@ inline uint64x2_p VecIntelMultiply10(const uint64x2_p& a, const uint64x2_p& b)
 /// \brief Polynomial multiplication
 /// \param a the first term
 /// \param b the second term
-/// \returns vector product
+/// \return vector product
 /// \details VecIntelMultiply11() performs polynomial multiplication and presents
 ///  the result like Intel's <tt>c = _mm_clmulepi64_si128(a, b, 0x11)</tt>.
 ///  The <tt>0x11</tt> indicates the high 64-bits of <tt>a</tt> and <tt>b</tt>
--- a/pubkey.h
+++ b/pubkey.h
@ -75,19 +75,19 @@ public:
 	virtual ~TrapdoorFunctionBounds() {}
 	/// \brief Returns the maximum size of a message before the trapdoor function is applied
-	/// \returns the maximum size of a message before the trapdoor function is applied
+	/// \return the maximum size of a message before the trapdoor function is applied
 	/// \details Derived classes must implement PreimageBound().
 	virtual Integer PreimageBound() const =0;
 	/// \brief Returns the maximum size of a message after the trapdoor function is applied
-	/// \returns the maximum size of a message after the trapdoor function is applied
+	/// \return the maximum size of a message after the trapdoor function is applied
 	/// \details Derived classes must implement ImageBound().
 	virtual Integer ImageBound() const =0;
 	/// \brief Returns the maximum size of a message before the trapdoor function is applied bound to a public key
-	/// \returns the maximum size of a message before the trapdoor function is applied bound to a public key
+	/// \return the maximum size of a message before the trapdoor function is applied bound to a public key
 	/// \details The default implementation returns <tt>PreimageBound() - 1</tt>.
 	virtual Integer MaxPreimage() const {return --PreimageBound();}
 	/// \brief Returns the maximum size of a message after the trapdoor function is applied bound to a public key
-	/// \returns the the maximum size of a message after the trapdoor function is applied bound to a public key
+	/// \return the the maximum size of a message after the trapdoor function is applied bound to a public key
 	/// \details The default implementation returns <tt>ImageBound() - 1</tt>.
 	virtual Integer MaxImage() const {return --ImageBound();}
 };
@ -105,14 +105,14 @@ public:
 	/// \brief Applies the trapdoor function, using random data if required
 	/// \param rng a RandomNumberGenerator derived class
 	/// \param x the message on which the encryption function is applied
-	/// \returns the message x encrypted under the public key
+	/// \return the message x encrypted under the public key
 	/// \details ApplyRandomizedFunction is a generalization of encryption under a public key
 	///    cryptosystem. The RandomNumberGenerator may (or may not) be required.
 	///    Derived classes must implement it.
 	virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0;
 	/// \brief Determines if the encryption algorithm is randomized
-	/// \returns true if the encryption algorithm is randomized, false otherwise
+	/// \return true if the encryption algorithm is randomized, false otherwise
 	/// \details If IsRandomized() returns false, then NullRNG() can be used.
 	virtual bool IsRandomized() const {return true;}
 };
@ -140,7 +140,7 @@ public:
 	/// \brief Applies the trapdoor
 	/// \param x the message on which the encryption function is applied
-	/// \returns the message x encrypted under the public key
+	/// \return the message x encrypted under the public key
 	/// \details ApplyFunction is a generalization of encryption under a public key
 	///    cryptosystem. Derived classes must implement it.
 	virtual Integer ApplyFunction(const Integer &x) const =0;
@ -159,13 +159,13 @@ public:
 	/// \brief Applies the inverse of the trapdoor function, using random data if required
 	/// \param rng a RandomNumberGenerator derived class
 	/// \param x the message on which the decryption function is applied
-	/// \returns the message x decrypted under the private key
+	/// \return the message x decrypted under the private key
 	/// \details CalculateRandomizedInverse is a generalization of decryption using the private key
 	///    The RandomNumberGenerator may (or may not) be required. Derived classes must implement it.
 	virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
 	/// \brief Determines if the decryption algorithm is randomized
-	/// \returns true if the decryption algorithm is randomized, false otherwise
+	/// \return true if the decryption algorithm is randomized, false otherwise
 	/// \details If IsRandomized() returns false, then NullRNG() can be used.
 	virtual bool IsRandomized() const {return true;}
 };
@ -183,7 +183,7 @@ public:
 	/// \brief Applies the inverse of the trapdoor function
 	/// \param rng a RandomNumberGenerator derived class
 	/// \param x the message on which the decryption function is applied
-	/// \returns the message x decrypted under the private key
+	/// \return the message x decrypted under the private key
 	/// \details CalculateRandomizedInverse is a generalization of decryption using the private key
 	/// \details Internally, CalculateRandomizedInverse() calls CalculateInverse() \a
 	///   without the RandomNumberGenerator.
@ -191,14 +191,14 @@ public:
 		{return CalculateInverse(rng, x);}
 	/// \brief Determines if the decryption algorithm is randomized
-	/// \returns true if the decryption algorithm is randomized, false otherwise
+	/// \return true if the decryption algorithm is randomized, false otherwise
 	/// \details If IsRandomized() returns false, then NullRNG() can be used.
 	bool IsRandomized() const {return false;}
 	/// \brief Calculates the inverse of an element
 	/// \param rng a RandomNumberGenerator derived class
 	/// \param x the element
-	/// \returns the inverse of the element in the group
+	/// \return the inverse of the element in the group
 	virtual Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
 };
@ -719,7 +719,7 @@ class P1363_MGF1 : public MaskGeneratingFunction
 {
 public:
 	/// \brief The algorithm name
-	/// \returns the algorithm name
+	/// \return the algorithm name
 	/// \details StaticAlgorithmName returns the algorithm's name as a static
 	///   member function.
 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "MGF1";}
@ -823,7 +823,7 @@ public:
 	/// \brief Perform precomputation
 	/// \param precomputationStorage the suggested number of objects for the precompute table
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \details The exact semantics of Precompute() varies, but it typically means calculate
 	///   a table of n objects that can be used later to speed up computation.
 	/// \details If a derived class does not override Precompute(), then the base class throws
@ -836,7 +836,7 @@ public:
 	/// \brief Retrieve previously saved precomputation
 	/// \param storedPrecomputation BufferedTransformation with the saved precomputation
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \sa SupportsPrecomputation(), Precompute()
 	void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
 	{
@ -846,7 +846,7 @@ public:
 	/// \brief Save precomputation for later use
 	/// \param storedPrecomputation BufferedTransformation to write the precomputation
-	/// \throws NotImplemented
+	/// \throw NotImplemented
 	/// \sa SupportsPrecomputation(), Precompute()
 	void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
 	{
@ -1068,7 +1068,7 @@ public:
 	/// \param name the name of the object or value to retrieve
 	/// \param valueType reference to a variable that receives the value
 	/// \param pValue void pointer to a variable that receives the value
-	/// \returns true if the value was retrieved, false otherwise
+	/// \return true if the value was retrieved, false otherwise
 	/// \details GetVoidValue() retrieves the value of name if it exists.
 	/// \note GetVoidValue() is an internal function and should be implemented
 	///   by derived classes. Users should use one of the other functions instead.
@ -1085,7 +1085,7 @@ public:
 	void AssignFrom(const NameValuePairs &source);
 	/// \brief Retrieves the public element
-	/// \returns the public element
+	/// \return the public element
 	virtual const Element & GetPublicElement() const {return GetPublicPrecomputation().GetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation());}
 	/// \brief Sets the public element
@ -1094,7 +1094,7 @@ public:
 	/// \brief Exponentiates this element
 	/// \param exponent the exponent to raise the base
-	/// \returns the public element raised to the exponent
+	/// \return the public element raised to the exponent
 	virtual Element ExponentiatePublicElement(const Integer &exponent) const
 	{
 		const DL_GroupParameters<T> &params = this->GetAbstractGroupParameters();
@ -1104,7 +1104,7 @@ public:
 	/// \brief Exponentiates an element
 	/// \param baseExp the first exponent
 	/// \param publicExp the second exponent
-	/// \returns the public element raised to the exponent
+	/// \return the public element raised to the exponent
 	/// \details CascadeExponentiateBaseAndPublicElement raises the public element to
 	///   the base element and precomputation.
 	virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
@ -1153,7 +1153,7 @@ public:
 	/// \param name the name of the object or value to retrieve
 	/// \param valueType reference to a variable that receives the value
 	/// \param pValue void pointer to a variable that receives the value
-	/// \returns true if the value was retrieved, false otherwise
+	/// \return true if the value was retrieved, false otherwise
 	/// \details GetVoidValue() retrieves the value of name if it exists.
 	/// \note GetVoidValue() is an internal function and should be implemented
 	///   by derived classes. Users should use one of the other functions instead.
@ -1175,7 +1175,7 @@ public:
 	}
 	/// \brief Retrieves the private exponent
-	/// \returns the private exponent
+	/// \return the private exponent
 	/// \details Must be overridden in derived classes.
 	virtual const Integer & GetPrivateExponent() const =0;
 	/// \brief Sets the private exponent
@ -1447,7 +1447,7 @@ public:
 		{return params.GetSubgroupOrder().ByteCount();}
 	/// \brief Signature scheme flag
-	/// \returns true if the signature scheme is deterministic, false otherwise
+	/// \return true if the signature scheme is deterministic, false otherwise
 	/// \details IsDeterministic() is provided for DL signers. It is used by RFC 6979 signature schemes.
 	virtual bool IsDeterministic() const
 		{return false;}
@ -1539,7 +1539,7 @@ public:
 	virtual ~DL_SignatureSchemeBase() {}
 	/// \brief Provides the signature length
-	/// \returns signature length, in bytes
+	/// \return signature length, in bytes
 	/// \details SignatureLength returns the size required for <tt>r+s</tt>.
 	size_t SignatureLength() const
 	{
@ -1548,29 +1548,29 @@ public:
 	}
 	/// \brief Provides the maximum recoverable length
-	/// \returns maximum recoverable length, in bytes
+	/// \return maximum recoverable length, in bytes
 	size_t MaxRecoverableLength() const
 		{return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
 	/// \brief Provides the maximum recoverable length
 	/// \param signatureLength the size fo the signature
-	/// \returns maximum recoverable length based on signature length, in bytes
+	/// \return maximum recoverable length based on signature length, in bytes
 	/// \details this function is not implemented and always returns 0.
 	size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
 		{CRYPTOPP_UNUSED(signatureLength); CRYPTOPP_ASSERT(false); return 0;}	// TODO
 	/// \brief Determines if the scheme is probabilistic
-	/// \returns true if the scheme is probabilistic, false otherwise
+	/// \return true if the scheme is probabilistic, false otherwise
 	bool IsProbabilistic() const
 		{return true;}
 	/// \brief Determines if the scheme has non-recoverable part
-	/// \returns true if the message encoding has a non-recoverable part, false otherwise.
+	/// \return true if the message encoding has a non-recoverable part, false otherwise.
 	bool AllowNonrecoverablePart() const
 		{return GetMessageEncodingInterface().AllowNonrecoverablePart();}
 	/// \brief Determines if the scheme allows recoverable part first
-	/// \returns true if the message encoding allows the recoverable part, false otherwise.
+	/// \return true if the message encoding allows the recoverable part, false otherwise.
 	bool RecoverablePartFirst() const
 		{return GetMessageEncodingInterface().RecoverablePartFirst();}
@ -2097,7 +2097,7 @@ public:
 	}
 	/// \brief Retrieves a reference to the group generator
-	/// \returns const reference to the group generator
+	/// \return const reference to the group generator
 	const Element &GetGenerator() const {return GetAbstractGroupParameters().GetSubgroupGenerator();}
 protected:
--- a/pwdbased.h
+++ b/pwdbased.h
@ -64,8 +64,8 @@ public:
 	/// \param saltLen the size of the salt buffer, in bytes
 	/// \param iterations the number of iterations
 	/// \param timeInSeconds the in seconds
-	/// \returns the number of iterations performed
+	/// \return the number of iterations performed
-	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throw InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
@ -194,8 +194,8 @@ public:
 	/// \param saltLen the size of the salt buffer, in bytes
 	/// \param iterations the number of iterations
 	/// \param timeInSeconds the in seconds
-	/// \returns the number of iterations performed
+	/// \return the number of iterations performed
-	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throw InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
@ -355,8 +355,8 @@ public:
 	/// \param saltLen the size of the salt buffer, in bytes
 	/// \param iterations the number of iterations
 	/// \param timeInSeconds the in seconds
-	/// \returns the number of iterations performed
+	/// \return the number of iterations performed
-	/// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
+	/// \throw InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
 	/// \details DeriveKey() provides a standard interface to derive a key from
 	///   a seed and other parameters. Each class that derives from KeyDerivationFunction
 	///   provides an overload that accepts most parameters used by the derivation function.
--- a/rdrand.h
+++ b/rdrand.h
@ -56,7 +56,7 @@ public:
    /// \details According to DJ of Intel, the Intel RDRAND circuit does not underflow.
    ///   If it did hypothetically underflow, then it would return 0 for the random value.
    ///   AMD's RDRAND implementation appears to provide the same behavior.
-     /// \throws RDRAND_Err if the random number generator is not available
+     /// \throw RDRAND_Err if the random number generator is not available
    RDRAND();
    /// \brief Generate random array of bytes
@ -110,7 +110,7 @@ public:
    /// \details Empirical testing under a 6th generaton i7 (6200U) shows RDSEED fails
    ///   to fulfill requests at about once every for every 256 bytes requested.
    ///   The generator runs about 4 times slower than RDRAND.
-     /// \throws RDSEED_Err if the random number generator is not available
+     /// \throw RDSEED_Err if the random number generator is not available
    RDSEED();
    /// \brief Generate random array of bytes
--- a/rng.h
+++ b/rng.h
@ -90,7 +90,7 @@ public:
 	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
 	/// \brief Provides the number of bytes of input is needed by the test
-	/// \returns how many more bytes of input is needed by the test
+	/// \return how many more bytes of input is needed by the test
 	// BytesNeeded() returns how many more bytes of input is needed by the test
 	// GetTestValue() should not be called before BytesNeeded()==0
 	unsigned int BytesNeeded() const {return n >= (Q+K) ? 0 : Q+K-n;}
--- a/scrypt.h
+++ b/scrypt.h
@ -66,8 +66,8 @@ public:
    /// \param cost the CPU/memory cost factor
    /// \param blockSize the block size
    /// \param parallelization the parallelization factor
-    /// \returns the number of iterations performed
+    /// \return the number of iterations performed
-    /// \throws InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
+    /// \throw InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
    /// \details DeriveKey() provides a standard interface to derive a key from
    ///   a seed and other parameters. Each class that derives from KeyDerivationFunction
    ///   provides an overload that accepts most parameters used by the derivation function.
--- a/secblock.h
+++ b/secblock.h
@ -65,7 +65,7 @@ public:
 #endif
 	/// \brief Returns the maximum number of elements the allocator can provide
-	/// \returns the maximum number of elements the allocator can provide
+	/// \return the maximum number of elements the allocator can provide
 	/// \details Internally, preprocessor macros are used rather than std::numeric_limits
 	///  because the latter is not a constexpr. Some compilers, like Clang, do not
 	///  optimize it well under all circumstances. Compilers like GCC, ICC and MSVC appear
@ -103,7 +103,7 @@ protected:
 	/// \brief Verifies the allocator can satisfy a request based on size
 	/// \param size the size of the allocation, in elements
-	/// \throws InvalidArgument
+	/// \throw InvalidArgument
 	/// \details CheckSize verifies the number of elements requested is valid.
 	/// \details If size is greater than max_size(), then InvalidArgument is thrown.
 	///  The library throws InvalidArgument if the size is too large to satisfy.
@ -192,8 +192,8 @@ public:
 	/// \brief Allocates a block of memory
 	/// \param ptr the size of the allocation
 	/// \param size the size of the allocation, in elements
-	/// \returns a memory block
+	/// \return a memory block
-	/// \throws InvalidArgument
+	/// \throw InvalidArgument
 	/// \details allocate() first checks the size of the request. If it is non-0
 	///  and less than max_size(), then an attempt is made to fulfill the request
 	///  using either AlignedAllocate() or UnalignedAllocate(). AlignedAllocate() is
@ -248,7 +248,7 @@ public:
 	/// \param oldSize the size of the previous allocation
 	/// \param newSize the new, requested size
 	/// \param preserve flag that indicates if the old allocation should be preserved
-	/// \returns pointer to the new memory block
+	/// \return pointer to the new memory block
 	/// \details Internally, reallocate() calls StandardReallocate().
 	/// \details If preserve is true, then index 0 is used to begin copying the
 	///  old memory block to the new one. If the block grows, then the old array
@ -446,7 +446,7 @@ public:
 	/// \param newSize the new, requested size
 	/// \param preserve flag that indicates if the old allocation should
 	///  be preserved
-	/// \returns pointer to the new memory block
+	/// \return pointer to the new memory block
 	/// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
 	///  based allocation at compile time. If size is less than or equal to
 	///  S, then a pointer to the static array is returned.
@ -650,7 +650,7 @@ public:
 	/// \param newSize the new, requested size
 	/// \param preserve flag that indicates if the old allocation should
 	///  be preserved
-	/// \returns pointer to the new memory block
+	/// \return pointer to the new memory block
 	/// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
 	///  based allocation at compile time. If size is less than or equal to
 	///  S, then a pointer to the static array is returned.
@ -738,7 +738,7 @@ public:
 	/// \brief Construct a SecBlock with space for size elements.
 	/// \param size the size of the allocation, in elements
-	/// \throws std::bad_alloc
+	/// \throw std::bad_alloc
 	/// \details The elements are not initialized.
 	/// \note size is the count of elements, and not the number of bytes
 	explicit SecBlock(size_type size=0)
@ -746,7 +746,7 @@ public:
 	/// \brief Copy construct a SecBlock from another SecBlock
 	/// \param t the other SecBlock
-	/// \throws std::bad_alloc
+	/// \throw std::bad_alloc
 	SecBlock(const SecBlock<T, A> &t)
 		: m_mark(t.m_mark), m_size(t.m_size), m_ptr(m_alloc.allocate(t.m_size, NULLPTR)) {
 			CRYPTOPP_ASSERT((!t.m_ptr && !m_size) || (t.m_ptr && m_size));
@ -757,7 +757,7 @@ public:
 	/// \brief Construct a SecBlock from an array of elements.
 	/// \param ptr a pointer to an array of T
 	/// \param len the number of elements in the memory block
-	/// \throws std::bad_alloc
+	/// \throw std::bad_alloc
 	/// \details If <tt>ptr!=NULL</tt> and <tt>len!=0</tt>, then the block is initialized from the pointer
 	///  <tt>ptr</tt>. If <tt>ptr==NULL</tt> and <tt>len!=0</tt>, then the block is initialized to 0.
 	///  Otherwise, the block is empty and not initialized.
@ -776,68 +776,68 @@ public:
 #ifdef __BORLANDC__
 	/// \brief Cast operator
-        /// \returns block pointer cast to non-const <tt>T *</tt>
+        /// \return block pointer cast to non-const <tt>T *</tt>
 	operator T *() const
 		{return (T*)m_ptr;}
 #else
 	/// \brief Cast operator
-        /// \returns block pointer cast to <tt>const void *</tt>
+        /// \return block pointer cast to <tt>const void *</tt>
 	operator const void *() const
 		{return m_ptr;}
 	/// \brief Cast operator
-        /// \returns block pointer cast to non-const <tt>void *</tt>
+        /// \return block pointer cast to non-const <tt>void *</tt>
 	operator void *()
 		{return m_ptr;}
 	/// \brief Cast operator
-        /// \returns block pointer cast to <tt>const T *</tt>
+        /// \return block pointer cast to <tt>const T *</tt>
 	operator const T *() const
 		{return m_ptr;}
 	/// \brief Cast operator
-        /// \returns block pointer cast to non-const <tt>T *</tt>
+        /// \return block pointer cast to non-const <tt>T *</tt>
 	operator T *()
 		{return m_ptr;}
 #endif
 	/// \brief Provides an iterator pointing to the first element in the memory block
-	/// \returns iterator pointing to the first element in the memory block
+	/// \return iterator pointing to the first element in the memory block
 	iterator begin()
 		{return m_ptr;}
 	/// \brief Provides a constant iterator pointing to the first element in the memory block
-	/// \returns constant iterator pointing to the first element in the memory block
+	/// \return constant iterator pointing to the first element in the memory block
 	const_iterator begin() const
 		{return m_ptr;}
 	/// \brief Provides an iterator pointing beyond the last element in the memory block
-	/// \returns iterator pointing beyond the last element in the memory block
+	/// \return iterator pointing beyond the last element in the memory block
 	iterator end()
 		{return m_ptr+m_size;}
 	/// \brief Provides a constant iterator pointing beyond the last element in the memory block
-	/// \returns constant iterator pointing beyond the last element in the memory block
+	/// \return constant iterator pointing beyond the last element in the memory block
 	const_iterator end() const
 		{return m_ptr+m_size;}
 	/// \brief Provides a pointer to the first element in the memory block
-	/// \returns pointer to the first element in the memory block
+	/// \return pointer to the first element in the memory block
 	typename A::pointer data() {return m_ptr;}
 	/// \brief Provides a pointer to the first element in the memory block
-	/// \returns constant pointer to the first element in the memory block
+	/// \return constant pointer to the first element in the memory block
 	typename A::const_pointer data() const {return m_ptr;}
 	/// \brief Provides the count of elements in the SecBlock
-	/// \returns number of elements in the memory block
+	/// \return number of elements in the memory block
 	/// \note the return value is the count of elements, and not the number of bytes
 	size_type size() const {return m_size;}
 	/// \brief Determines if the SecBlock is empty
-	/// \returns true if number of elements in the memory block is 0, false otherwise
+	/// \return true if number of elements in the memory block is 0, false otherwise
 	bool empty() const {return m_size == 0;}
 	/// \brief Provides a byte pointer to the first element in the memory block
-	/// \returns byte pointer to the first element in the memory block
+	/// \return byte pointer to the first element in the memory block
 	byte * BytePtr() {return (byte *)m_ptr;}
 	/// \brief Return a byte pointer to the first element in the memory block
-	/// \returns constant byte pointer to the first element in the memory block
+	/// \return constant byte pointer to the first element in the memory block
 	const byte * BytePtr() const {return (const byte *)m_ptr;}
 	/// \brief Provides the number of bytes in the SecBlock
 	/// \return the number of bytes in the memory block
@ -952,7 +952,7 @@ public:
 	/// \brief Construct a SecBlock from this and another SecBlock
 	/// \param t the other SecBlock
-	/// \returns a newly constructed SecBlock that is a conacentation of this and t
+	/// \return a newly constructed SecBlock that is a conacentation of this and t
 	/// \details Internally, a new SecBlock is created from this and a concatenation of t.
 	SecBlock<T, A> operator+(const SecBlock<T, A> &t)
 	{
@ -970,7 +970,7 @@ public:
 	/// \brief Bitwise compare two SecBlocks
 	/// \param t the other SecBlock
-	/// \returns true if the size and bits are equal, false otherwise
+	/// \return true if the size and bits are equal, false otherwise
 	/// \details Uses a constant time compare if the arrays are equal size. The constant time
 	///  compare is VerifyBufsEqual() found in misc.h.
 	/// \sa operator!=()
@ -983,7 +983,7 @@ public:
 	/// \brief Bitwise compare two SecBlocks
 	/// \param t the other SecBlock
-	/// \returns true if the size and bits are equal, false otherwise
+	/// \return true if the size and bits are equal, false otherwise
 	/// \details Uses a constant time compare if the arrays are equal size. The constant time
 	///  compare is VerifyBufsEqual() found in misc.h.
 	/// \details Internally, operator!=() returns the inverse of operator==().
--- a/seckey.h
+++ b/seckey.h
@ -28,7 +28,7 @@ NAMESPACE_BEGIN(CryptoPP)
 /// \brief Inverts the cipher's direction
 /// \param dir the cipher's direction
-/// \returns DECRYPTION if \ref CipherDir "dir" is ENCRYPTION, DECRYPTION otherwise
+/// \return DECRYPTION if \ref CipherDir "dir" is ENCRYPTION, DECRYPTION otherwise
 inline CipherDir ReverseCipherDir(CipherDir dir)
 {
 	return (dir == ENCRYPTION) ? DECRYPTION : ENCRYPTION;
@ -83,7 +83,7 @@ protected:
 	/// \brief Validates the number of rounds for an algorithm.
 	/// \param rounds the candidate number of rounds
 	/// \param alg an Algorithm object used if the number of rounds are invalid
-	/// \throws InvalidRounds if the number of rounds are invalid
+	/// \throw InvalidRounds if the number of rounds are invalid
 	/// \details ThrowIfInvalidRounds() validates the number of rounds and throws if invalid.
 	inline void ThrowIfInvalidRounds(int rounds, const Algorithm *alg)
 	{
@ -102,8 +102,8 @@ protected:
 	/// \brief Validates the number of rounds for an algorithm
 	/// \param param the candidate number of rounds
 	/// \param alg an Algorithm object used if the number of rounds are invalid
-	/// \returns the number of rounds for the algorithm
+	/// \return the number of rounds for the algorithm
-	/// \throws InvalidRounds if the number of rounds are invalid
+	/// \throw InvalidRounds if the number of rounds are invalid
 	/// \details GetRoundsAndThrowIfInvalid() validates the number of rounds and throws if invalid.
 	inline unsigned int GetRoundsAndThrowIfInvalid(const NameValuePairs &param, const Algorithm *alg)
 	{
@ -258,23 +258,23 @@ class CRYPTOPP_NO_VTABLE SimpleKeyingInterfaceImpl : public BASE
 {
 public:
 	/// \brief The minimum key length used by the algorithm
-	/// \returns minimum key length used by the algorithm, in bytes
+	/// \return minimum key length used by the algorithm, in bytes
 	size_t MinKeyLength() const
 		{return INFO::MIN_KEYLENGTH;}
 	/// \brief The maximum key length used by the algorithm
-	/// \returns maximum key length used by the algorithm, in bytes
+	/// \return maximum key length used by the algorithm, in bytes
 	size_t MaxKeyLength() const
 		{return static_cast<size_t>(INFO::MAX_KEYLENGTH);}
 	/// \brief The default key length used by the algorithm
-	/// \returns default key length used by the algorithm, in bytes
+	/// \return default key length used by the algorithm, in bytes
 	size_t DefaultKeyLength() const
 		{return INFO::DEFAULT_KEYLENGTH;}
 	/// \brief Provides a valid key length for the algorithm
 	/// \param keylength the size of the key, in bytes
-	/// \returns the valid key length, in bytes
+	/// \return the valid key length, in bytes
 	/// \details keylength is provided in bytes, not bits. If keylength is less than MIN_KEYLENGTH,
 	///   then the function returns MIN_KEYLENGTH. If keylength is greater than MAX_KEYLENGTH,
 	///   then the function returns MAX_KEYLENGTH. if If keylength is a multiple of KEYLENGTH_MULTIPLE,
@ -306,7 +306,7 @@ class CRYPTOPP_NO_VTABLE BlockCipherImpl : public AlgorithmImpl<SimpleKeyingInte
 {
 public:
 	/// Provides the block size of the algorithm
-	/// \returns the block size of the algorithm, in bytes
+	/// \return the block size of the algorithm, in bytes
 	unsigned int BlockSize() const {return this->BLOCKSIZE;}
 };
@ -346,7 +346,7 @@ public:
 		{this->SetKeyWithRounds(key, length, rounds);}
 	/// \brief Provides the direction of the cipher
-	/// \returns true if DIR is ENCRYPTION, false otherwise
+	/// \return true if DIR is ENCRYPTION, false otherwise
 	/// \sa GetCipherDirection(), IsPermutation()
 	bool IsForwardTransformation() const {return DIR == ENCRYPTION;}
 };
--- a/sha.h
+++ b/sha.h
@ -48,7 +48,7 @@ public:
 	/// \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.
 	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data);
 	/// \brief The algorithm name
-	/// \returns C-style string "SHA-1"
+	/// \return C-style string "SHA-1"
 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";}
 	// Algorithm class
 	std::string AlgorithmProvider() const;
@ -86,7 +86,7 @@ public:
 	/// \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.
 	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data);
 	/// \brief The algorithm name
-	/// \returns C-style string "SHA-256"
+	/// \return C-style string "SHA-256"
 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-256";}
 	// Algorithm class
@ -125,7 +125,7 @@ public:
 	/// \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.
 	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data) {SHA256::Transform(digest, data);}
 	/// \brief The algorithm name
-	/// \returns C-style string "SHA-224"
+	/// \return C-style string "SHA-224"
 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-224";}
 	// Algorithm class
@ -163,7 +163,7 @@ public:
 	/// \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.
 	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data);
 	/// \brief The algorithm name
-	/// \returns C-style string "SHA-512"
+	/// \return C-style string "SHA-512"
 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-512";}
 	// Algorithm class
@ -198,7 +198,7 @@ public:
 	/// \note On Intel platforms the state array and data must be 16-byte aligned for SSE2.
 	static void CRYPTOPP_API Transform(HashWordType *digest, const HashWordType *data) {SHA512::Transform(digest, data);}
 	/// \brief The algorithm name
-	/// \returns C-style string "SHA-384"
+	/// \return C-style string "SHA-384"
 	CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-384";}
 	// Algorithm class
--- a/simeck.h
+++ b/simeck.h
@ -24,7 +24,7 @@ NAMESPACE_BEGIN(CryptoPP)
 struct SIMECK32_Info : public FixedBlockSize<4>, public FixedKeyLength<8>, public FixedRounds<32>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    static const std::string StaticAlgorithmName()
@ -39,7 +39,7 @@ struct SIMECK32_Info : public FixedBlockSize<4>, public FixedKeyLength<8>, publi
 struct SIMECK64_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public FixedRounds<44>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    static const std::string StaticAlgorithmName()
--- a/simon.h
+++ b/simon.h
@ -43,7 +43,7 @@ template <unsigned int L, unsigned int D, unsigned int N, unsigned int M>
 struct SIMON_Info : public FixedBlockSize<L>, VariableKeyLength<D, N, M>
 {
 	/// \brief The algorithm name
-	/// \returns the algorithm name
+	/// \return the algorithm name
 	/// \details StaticAlgorithmName returns the algorithm's name as a static
 	///  member function.
    static const std::string StaticAlgorithmName()
@ -90,7 +90,7 @@ public:
    {
    public:
        /// \brief The algorithm name
-        /// \returns the algorithm name
+        /// \return the algorithm name
        /// \details AlgorithmName returns the algorithm's name as a
        ///  member function.
        std::string AlgorithmName() const {
@ -152,7 +152,7 @@ public:
    {
    public:
        /// \brief The algorithm name
-        /// \returns the algorithm name
+        /// \return the algorithm name
        /// \details AlgorithmName returns the algorithm's name as a
        ///  member function.
        std::string AlgorithmName() const {
--- a/simple.h
+++ b/simple.h
@ -205,7 +205,7 @@ public:
 	/// \param length the size of the string, in bytes
 	/// \param messageEnd means how many filters to signal MessageEnd() to, including this one
 	/// \param blocking specifies whether the object should block when processing input
-	/// \throws InputRejected
+	/// \throw InputRejected
 	/// \return the number of bytes that remain to be processed (i.e., bytes not processed)
 	/// \details Internally, the default implementation throws InputRejected.
 	size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking)
--- a/sm3.h
+++ b/sm3.h
@ -49,7 +49,7 @@ public:
    static void Transform(HashWordType *digest, const HashWordType *data);
    /// \brief The algorithm name
-    /// \returns C-style string "SM3"
+    /// \return C-style string "SM3"
    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "SM3"; }
 protected:
--- a/speck.h
+++ b/speck.h
@ -43,7 +43,7 @@ template <unsigned int L, unsigned int D, unsigned int N, unsigned int M>
 struct SPECK_Info : public FixedBlockSize<L>, VariableKeyLength<D, N, M>
 {
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    static const std::string StaticAlgorithmName()
@ -90,7 +90,7 @@ public:
    {
    public:
        /// \brief The algorithm name
-        /// \returns the algorithm name
+        /// \return the algorithm name
        /// \details AlgorithmName returns the algorithm's name as a
        ///   member function.
        std::string AlgorithmName() const {
@ -152,7 +152,7 @@ public:
    {
    public:
        /// \brief The algorithm name
-        /// \returns the algorithm name
+        /// \return the algorithm name
        /// \details AlgorithmName returns the algorithm's name as a
        ///   member function.
        std::string AlgorithmName() const {
--- a/strciphr.h
+++ b/strciphr.h
@ -106,24 +106,24 @@ struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy
 	virtual ~AdditiveCipherAbstractPolicy() {}
 	/// \brief Provides data alignment requirements
-	/// \returns data alignment requirements, in bytes
+	/// \return data alignment requirements, in bytes
 	/// \details Internally, the default implementation returns 1. If the stream cipher is implemented
 	///   using an SSE2 ASM or intrinsics, then the value returned is usually 16.
 	virtual unsigned int GetAlignment() const {return 1;}
 	/// \brief Provides number of bytes operated upon during an iteration
-	/// \returns bytes operated upon during an iteration, in bytes
+	/// \return bytes operated upon during an iteration, in bytes
 	/// \sa GetOptimalBlockSize()
 	virtual unsigned int GetBytesPerIteration() const =0;
 	/// \brief Provides number of ideal bytes to process
-	/// \returns the ideal number of bytes to process
+	/// \return the ideal number of bytes to process
 	/// \details Internally, the default implementation returns GetBytesPerIteration()
 	/// \sa GetBytesPerIteration()
 	virtual unsigned int GetOptimalBlockSize() const {return GetBytesPerIteration();}
 	/// \brief Provides buffer size based on iterations
-	/// \returns the buffer size based on iterations, in bytes
+	/// \return the buffer size based on iterations, in bytes
 	virtual unsigned int GetIterationsToBuffer() const =0;
 	/// \brief Generate the keystream
@ -134,7 +134,7 @@ struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy
 		{OperateKeystream(KeystreamOperation(INPUT_NULL | static_cast<KeystreamOperationFlags>(IsAlignedOn(keystream, GetAlignment()))), keystream, NULLPTR, iterationCount);}
 	/// \brief Flag indicating
-	/// \returns true if the stream can be generated independent of the transformation input, false otherwise
+	/// \return true if the stream can be generated independent of the transformation input, false otherwise
 	/// \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream()
 	virtual bool CanOperateKeystream() const {return false;}
@ -165,7 +165,7 @@ struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy
 		throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");}
 	/// \brief Flag indicating random access
-	/// \returns true if the cipher is seekable, false otherwise
+	/// \return true if the cipher is seekable, false otherwise
 	/// \sa SeekToIteration()
 	virtual bool CipherIsRandomAccess() const =0;
@ -214,7 +214,7 @@ struct CRYPTOPP_NO_VTABLE AdditiveCipherConcretePolicy : public BASE
 #if !(CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64)
 	/// \brief Provides data alignment requirements
-	/// \returns data alignment requirements, in bytes
+	/// \return data alignment requirements, in bytes
 	/// \details Internally, the default implementation returns 1. If the stream
 	///  cipher is implemented using an SSE2 ASM or intrinsics, then the value
 	///  returned is usually 16.
@ -222,16 +222,16 @@ struct CRYPTOPP_NO_VTABLE AdditiveCipherConcretePolicy : public BASE
 #endif
 	/// \brief Provides number of bytes operated upon during an iteration
-	/// \returns bytes operated upon during an iteration, in bytes
+	/// \return bytes operated upon during an iteration, in bytes
 	/// \sa GetOptimalBlockSize()
 	unsigned int GetBytesPerIteration() const {return BYTES_PER_ITERATION;}
 	/// \brief Provides buffer size based on iterations
-	/// \returns the buffer size based on iterations, in bytes
+	/// \return the buffer size based on iterations, in bytes
 	unsigned int GetIterationsToBuffer() const {return X;}
 	/// \brief Flag indicating
-	/// \returns true if the stream can be generated independent of the
+	/// \return true if the stream can be generated independent of the
 	///  transformation input, false otherwise
 	/// \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream()
 	bool CanOperateKeystream() const {return true;}
@ -330,32 +330,32 @@ public:
 	void Resynchronize(const byte *iv, int length=-1);
 	/// \brief Provides number of ideal bytes to process
-	/// \returns the ideal number of bytes to process
+	/// \return the ideal number of bytes to process
 	/// \details Internally, the default implementation returns GetBytesPerIteration()
 	/// \sa GetBytesPerIteration() and GetOptimalNextBlockSize()
 	unsigned int OptimalBlockSize() const {return this->GetPolicy().GetOptimalBlockSize();}
 	/// \brief Provides number of ideal bytes to process
-	/// \returns the ideal number of bytes to process
+	/// \return the ideal number of bytes to process
 	/// \details Internally, the default implementation returns remaining unprocessed bytes
 	/// \sa GetBytesPerIteration() and OptimalBlockSize()
 	unsigned int GetOptimalNextBlockSize() const {return (unsigned int)this->m_leftOver;}
 	/// \brief Provides number of ideal data alignment
-	/// \returns the ideal data alignment, in bytes
+	/// \return the ideal data alignment, in bytes
 	/// \sa GetAlignment() and OptimalBlockSize()
 	unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();}
 	/// \brief Determines if the cipher is self inverting
-	/// \returns true if the stream cipher is self inverting, false otherwise
+	/// \return true if the stream cipher is self inverting, false otherwise
 	bool IsSelfInverting() const {return true;}
 	/// \brief Determines if the cipher is a forward transformation
-	/// \returns true if the stream cipher is a forward transformation, false otherwise
+	/// \return true if the stream cipher is a forward transformation, false otherwise
 	bool IsForwardTransformation() const {return true;}
 	/// \brief Flag indicating random access
-	/// \returns true if the cipher is seekable, false otherwise
+	/// \return true if the cipher is seekable, false otherwise
 	/// \sa Seek()
 	bool IsRandomAccess() const {return this->GetPolicy().CipherIsRandomAccess();}
@ -401,25 +401,25 @@ public:
 	virtual ~CFB_CipherAbstractPolicy() {}
 	/// \brief Provides data alignment requirements
-	/// \returns data alignment requirements, in bytes
+	/// \return data alignment requirements, in bytes
 	/// \details Internally, the default implementation returns 1. If the stream cipher is implemented
 	///   using an SSE2 ASM or intrinsics, then the value returned is usually 16.
 	virtual unsigned int GetAlignment() const =0;
 	/// \brief Provides number of bytes operated upon during an iteration
-	/// \returns bytes operated upon during an iteration, in bytes
+	/// \return bytes operated upon during an iteration, in bytes
 	/// \sa GetOptimalBlockSize()
 	virtual unsigned int GetBytesPerIteration() const =0;
 	/// \brief Access the feedback register
-	/// \returns pointer to the first byte of the feedback register
+	/// \return pointer to the first byte of the feedback register
 	virtual byte * GetRegisterBegin() =0;
 	/// \brief TODO
 	virtual void TransformRegister() =0;
 	/// \brief Flag indicating iteration support
-	/// \returns true if the cipher supports iteration, false otherwise
+	/// \return true if the cipher supports iteration, false otherwise
 	virtual bool CanIterate() const {return false;}
 	/// \brief Iterate the cipher
@ -475,18 +475,18 @@ struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE
 	virtual ~CFB_CipherConcretePolicy() {}
 	/// \brief Provides data alignment requirements
-	/// \returns data alignment requirements, in bytes
+	/// \return data alignment requirements, in bytes
 	/// \details Internally, the default implementation returns 1. If the stream cipher is implemented
 	///   using an SSE2 ASM or intrinsics, then the value returned is usually 16.
 	unsigned int GetAlignment() const {return sizeof(WordType);}
 	/// \brief Provides number of bytes operated upon during an iteration
-	/// \returns bytes operated upon during an iteration, in bytes
+	/// \return bytes operated upon during an iteration, in bytes
 	/// \sa GetOptimalBlockSize()
 	unsigned int GetBytesPerIteration() const {return sizeof(WordType) * W;}
 	/// \brief Flag indicating iteration support
-	/// \returns true if the cipher supports iteration, false otherwise
+	/// \return true if the cipher supports iteration, false otherwise
 	bool CanIterate() const {return true;}
 	/// \brief Perform one iteration in the forward direction
@ -505,7 +505,7 @@ struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE
 		/// \brief XOR feedback register with data
 		/// \param registerWord data represented as a word type
-		/// \returns reference to the next feedback register word
+		/// \return reference to the next feedback register word
 		inline RegisterOutput& operator()(WordType &registerWord)
 		{
 			//CRYPTOPP_ASSERT(IsAligned<WordType>(m_output));
@ -587,29 +587,29 @@ public:
 	void Resynchronize(const byte *iv, int length=-1);
 	/// \brief Provides number of ideal bytes to process
-	/// \returns the ideal number of bytes to process
+	/// \return the ideal number of bytes to process
 	/// \details Internally, the default implementation returns GetBytesPerIteration()
 	/// \sa GetBytesPerIteration() and GetOptimalNextBlockSize()
 	unsigned int OptimalBlockSize() const {return this->GetPolicy().GetBytesPerIteration();}
 	/// \brief Provides number of ideal bytes to process
-	/// \returns the ideal number of bytes to process
+	/// \return the ideal number of bytes to process
 	/// \details Internally, the default implementation returns remaining unprocessed bytes
 	/// \sa GetBytesPerIteration() and OptimalBlockSize()
 	unsigned int GetOptimalNextBlockSize() const {return (unsigned int)m_leftOver;}
 	/// \brief Provides number of ideal data alignment
-	/// \returns the ideal data alignment, in bytes
+	/// \return the ideal data alignment, in bytes
 	/// \sa GetAlignment() and OptimalBlockSize()
 	unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();}
 	/// \brief Flag indicating random access
-	/// \returns true if the cipher is seekable, false otherwise
+	/// \return true if the cipher is seekable, false otherwise
 	/// \sa Seek()
 	bool IsRandomAccess() const {return false;}
 	/// \brief Determines if the cipher is self inverting
-	/// \returns true if the stream cipher is self inverting, false otherwise
+	/// \return true if the stream cipher is self inverting, false otherwise
 	bool IsSelfInverting() const {return false;}
 	/// \brief Retrieve the provider of this algorithm
@ -698,7 +698,7 @@ public:
 		{this->SetKeyWithIV(key, length, iv);}
 	/// \brief Clone a SymmetricCipher
-	/// \returns a new SymmetricCipher based on this object
+	/// \return a new SymmetricCipher based on this object
 	Clonable * Clone() const {return static_cast<SymmetricCipher *>(new SymmetricCipherFinal<BASE, INFO>(*this));}
 };
--- a/tea.h
+++ b/tea.h
@ -16,7 +16,7 @@ NAMESPACE_BEGIN(CryptoPP)
 struct TEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32>
 {
 	/// \brief The algorithm name
-	/// \returns the algorithm name
+	/// \return the algorithm name
 	/// \details StaticAlgorithmName returns the algorithm's name as a static
 	///   member function.
 	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "TEA";}
@ -63,7 +63,7 @@ typedef TEA::Decryption TEADecryption;
 struct XTEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32>
 {
 	/// \brief The algorithm name
-	/// \returns the algorithm name
+	/// \return the algorithm name
 	/// \details StaticAlgorithmName returns the algorithm's name as a static
 	///   member function.
 	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "XTEA";}
@ -107,7 +107,7 @@ public:
 struct BTEA_Info : public FixedKeyLength<16>
 {
 	/// \brief The algorithm name
-	/// \returns the algorithm name
+	/// \return the algorithm name
 	/// \details StaticAlgorithmName returns the algorithm's name as a static
 	///   member function.
 	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BTEA";}
--- a/words.h
+++ b/words.h
@ -14,7 +14,7 @@ NAMESPACE_BEGIN(CryptoPP)
 /// \brief Count the number of words
 /// \param x word array
 /// \param n size of the word array, in elements
-/// \returns number of words used in the array.
+/// \return number of words used in the array.
 /// \details CountWords counts the number of words in a word array.
 ///  Leading 0-words are not included in the count.
 /// \since Crypto++ 1.0
@ -140,7 +140,7 @@ inline void OrWords(word *r, const word *a, size_t n)
 /// \param r word array
 /// \param n size of the word array, in elements
 /// \param shiftBits number of bits to shift
-/// \returns word shifted out
+/// \return word shifted out
 /// \details ShiftWordsLeftByBits shifts the word array left by
 ///  shiftBits. ShiftWordsLeftByBits shifts bits out on the left;
 ///  it does not extend the array.
@ -164,7 +164,7 @@ inline word ShiftWordsLeftByBits(word *r, size_t n, unsigned int shiftBits)
 /// \param r word array
 /// \param n size of the word array, in elements
 /// \param shiftBits number of bits to shift
-/// \returns word shifted out
+/// \return word shifted out
 /// \details ShiftWordsRightByBits shifts the word array shight by
 ///  shiftBits. ShiftWordsRightByBits shifts bits out on the right.
 /// \note shiftBits must be less than WORD_BITS.
--- a/xed25519.h
+++ b/xed25519.h
@ -132,7 +132,7 @@ public:
    bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const;
    /// \brief Get the Object Identifier
-    /// \returns the Object Identifier
+    /// \return the Object Identifier
    /// \details The default OID is from RFC 8410 using <tt>id-X25519</tt>.
    ///   The default private key format is RFC 5208.
    OID GetAlgorithmID() const {
@ -307,25 +307,25 @@ struct ed25519_MessageAccumulator : public PK_MessageAccumulator
    }
    /// \brief Retrieve pointer to signature buffer
-    /// \returns pointer to signature buffer
+    /// \return pointer to signature buffer
    byte* signature() {
        return &m_msg[0];
    }
    /// \brief Retrieve pointer to signature buffer
-    /// \returns pointer to signature buffer
+    /// \return pointer to signature buffer
    const byte* signature() const {
        return &m_msg[0];
    }
    /// \brief Retrieve pointer to data buffer
-    /// \returns pointer to data buffer
+    /// \return pointer to data buffer
    const byte* data() const {
        return &m_msg[0]+SIGNATURE_LENGTH;
    }
    /// \brief Retrieve size of data buffer
-    /// \returns size of the data buffer, in bytes
+    /// \return size of the data buffer, in bytes
    size_t size() const {
        return m_msg.size()-SIGNATURE_LENGTH;
    }
@ -467,14 +467,14 @@ struct ed25519PrivateKey : public PKCS8PrivateKey
    bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const;
    /// \brief Retrieve private key byte array
-    /// \returns the private key byte array
+    /// \return the private key byte array
    /// \details GetPrivateKeyBytePtr() is used by signing code to call ed25519_sign.
    const byte* GetPrivateKeyBytePtr() const {
        return m_sk.begin();
    }
    /// \brief Retrieve public key byte array
-    /// \returns the public key byte array
+    /// \return the public key byte array
    /// \details GetPublicKeyBytePtr() is used by signing code to call ed25519_sign.
    const byte* GetPublicKeyBytePtr() const {
        return m_pk.begin();
@ -684,7 +684,7 @@ struct ed25519PublicKey : public X509PublicKey
    const Element& GetPublicElement() const;
    /// \brief Retrieve public key byte array
-    /// \returns the public key byte array
+    /// \return the public key byte array
    /// \details GetPublicKeyBytePtr() is used by signing code to call ed25519_sign.
    const byte* GetPublicKeyBytePtr() const {
        return m_pk.begin();
--- a/xts.h
+++ b/xts.h
@ -50,7 +50,7 @@ class CRYPTOPP_NO_VTABLE XTS_ModeBase : public BlockOrientedCipherModeBase
 {
 public:
    /// \brief The algorithm name
-    /// \returns the algorithm name
+    /// \return the algorithm name
    /// \details StaticAlgorithmName returns the algorithm's name as a static
    ///   member function.
    CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName()
@ -76,7 +76,7 @@ public:
    /// \brief Validates the key length
    /// \param length the size of the keying material, in bytes
-    /// \throws InvalidKeyLength if the key length is invalid
+    /// \throw InvalidKeyLength if the key length is invalid
    void ThrowIfInvalidKeyLength(size_t length);
    /// Provides the block size of the cipher
@ -99,7 +99,7 @@ public:
    /// \brief Validates the block size
    /// \param length the block size of the cipher, in bytes
-    /// \throws InvalidArgument if the block size is invalid
+    /// \throw InvalidArgument if the block size is invalid
    /// \details If <tt>CRYPTOPP_XTS_WIDE_BLOCK_CIPHERS</tt> is 0,
    ///  then CIPHER must be a 16-byte block cipher. If
    ///  <tt>CRYPTOPP_XTS_WIDE_BLOCK_CIPHERS</tt> is non-zero then
--- a/zdeflate.h
+++ b/zdeflate.h
@ -114,11 +114,11 @@ public:
 	void SetDeflateLevel(int deflateLevel);
 	/// \brief Retrieves the deflation level
-	/// \returns the level of deflation
+	/// \return the level of deflation
 	int GetDeflateLevel() const {return m_deflateLevel;}
 	/// \brief Retrieves the window size
-	/// \returns the windows size
+	/// \return the windows size
 	int GetLog2WindowSize() const {return m_log2WindowSize;}
 	void IsolatedInitialize(const NameValuePairs &parameters);