1 files changed, 32 insertions, 84 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index acee5d3bb3..ee384aa20f 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.43 2016/08/01 07:23:29 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.44 2016/08/03 06:43:21 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: August 1 2016 $
+.Dd $Mdocdate: August 3 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1170,47 +1170,44 @@ or
 File or files to digest.
 If no files are specified then standard input is used.
 .El
-.\"
-.\" DHPARAM
-.\"
 .Sh DHPARAM
 .nr nS 1
 .Nm "openssl dhparam"
-.Bk -words
 .Op Fl 2 | 5
 .Op Fl C
 .Op Fl check
 .Op Fl dsaparam
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl noout
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl text
 .Op Ar numbits
-.Ek
 .nr nS 0
 .Pp
 The
 .Nm dhparam
 command is used to manipulate DH parameter files.
+Only the older PKCS#3 DH is supported,
+not the newer X9.42 DH.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl 2 , 5
-The generator to use, either 2 or 5.
+The generator to use;
 2 is the default.
 If present, the input file is ignored and parameters are generated instead.
 .It Fl C
-This option converts the parameters into C code.
+Convert the parameters into C code.
 The parameters can then be loaded by calling the
-.Cm get_dh Ns Ar numbits Ns Li ()
+.No get_dh Ns Ar numbits
 function.
 .It Fl check
 Check the DH parameters.
 .It Fl dsaparam
-If this option is used, DSA rather than DH parameters are read or created;
+Read or create DSA parameters,
-they are converted to DH format.
+converted to DH format on output.
 Otherwise,
 .Qq strong
 primes
@@ -1226,87 +1223,38 @@ Beware that with such DSA-style DH parameters,
 a fresh DH key should be created for each use to
 avoid small-subgroup attacks that may be possible otherwise.
 .It Fl in Ar file
-This specifies the input
+The input file to read from,
-.Ar file
+or standard input if not specified.
-to read parameters from, or standard input if this option is not specified.
+.It Fl inform Cm der | pem
-.It Fl inform Ar DER | PEM
+The input format.
-This specifies the input format.
+.Cm der
-The argument
-.Ar DER
 uses an ASN1 DER-encoded form compatible with the PKCS#3 DHparameter
 structure.
-The
+.Cm pem
-.Ar PEM
+is the default:
-form is the default format:
 it consists of the DER format base64-encoded with
-additional header and footer lines.
+additional header and footer lines:
+.Bd -unfilled -offset indent
+-----BEGIN DH PARAMETERS-----
+-----END DH PARAMETERS-----
+.Ed
 .It Fl noout
-This option inhibits the output of the encoded version of the parameters.
+Inhibit the output of the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print out the DH parameters in human readable form.
 .It Ar numbits
-This argument specifies that a parameter set should be generated of size
+Generate a parameter set of size
 .Ar numbits .
 It must be the last option.
 If not present, a value of 2048 is used.
 If this value is present, the input file is ignored and
 parameters are generated instead.
-.It Fl out Ar file
-This specifies the output
-.Ar file
-to write parameters to.
-Standard output is used if this option is not present.
-The output filename should
-.Em not
-be the same as the input filename.
-.It Fl outform Ar DER | PEM
-This specifies the output format; the options have the same meaning as the
-.Fl inform
-option.
-.It Fl text
-This option prints out the DH parameters in human readable form.
 .El
-.Sh DHPARAM WARNINGS
-The program
-.Nm dhparam
-combines the functionality of the programs
-.Nm dh
-and
-.Nm gendh
-in previous versions of
-.Nm OpenSSL
-and
-.Nm SSLeay .
-The
-.Nm dh
-and
-.Nm gendh
-programs are retained for now, but may have different purposes in future
-versions of
-.Nm OpenSSL .
-.Sh DHPARAM NOTES
-PEM format DH parameters use the header and footer lines:
-.Bd -unfilled -offset indent
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
-.Ed
-.Pp
-.Nm OpenSSL
-currently only supports the older PKCS#3 DH,
-not the newer X9.42 DH.
-.Pp
-This program manipulates DH parameters not keys.
-.Sh DHPARAM BUGS
-There should be a way to generate and manipulate DH keys.
-.Sh DHPARAM HISTORY
-The
-.Nm dhparam
-command was added in
-.Nm OpenSSL
-0.9.5.
-The
-.Fl dsaparam
-option was added in
-.Nm OpenSSL
-0.9.6.
 .\"
 .\" DSA
 .\"

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index acee5d3bb3..ee384aa20f 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.43 2016/08/01 07:23:29 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.44 2016/08/03 06:43:21 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: August 1 2016 $	115	.Dd $Mdocdate: August 3 2016 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -1170,47 +1170,44 @@ or
1170	File or files to digest.	1170	File or files to digest.
1171	If no files are specified then standard input is used.	1171	If no files are specified then standard input is used.
1172	.El	1172	.El
1173	.\"
1174	.\" DHPARAM
1175	.\"
1176	.Sh DHPARAM	1173	.Sh DHPARAM
1177	.nr nS 1	1174	.nr nS 1
1178	.Nm "openssl dhparam"	1175	.Nm "openssl dhparam"
1179	.Bk -words
1180	.Op Fl 2 \| 5	1176	.Op Fl 2 \| 5
1181	.Op Fl C	1177	.Op Fl C
1182	.Op Fl check	1178	.Op Fl check
1183	.Op Fl dsaparam	1179	.Op Fl dsaparam
1184	.Op Fl in Ar file	1180	.Op Fl in Ar file
1185	.Op Fl inform Ar DER \| PEM	1181	.Op Fl inform Cm der \| pem
1186	.Op Fl noout	1182	.Op Fl noout
1187	.Op Fl out Ar file	1183	.Op Fl out Ar file
1188	.Op Fl outform Ar DER \| PEM	1184	.Op Fl outform Cm der \| pem
1189	.Op Fl text	1185	.Op Fl text
1190	.Op Ar numbits	1186	.Op Ar numbits
1191	.Ek
1192	.nr nS 0	1187	.nr nS 0
1193	.Pp	1188	.Pp
1194	The	1189	The
1195	.Nm dhparam	1190	.Nm dhparam
1196	command is used to manipulate DH parameter files.	1191	command is used to manipulate DH parameter files.
		1192	Only the older PKCS#3 DH is supported,
		1193	not the newer X9.42 DH.
1197	.Pp	1194	.Pp
1198	The options are as follows:	1195	The options are as follows:
1199	.Bl -tag -width Ds	1196	.Bl -tag -width Ds
1200	.It Fl 2 , 5	1197	.It Fl 2 , 5
1201	The generator to use, either 2 or 5.	1198	The generator to use;
1202	2 is the default.	1199	2 is the default.
1203	If present, the input file is ignored and parameters are generated instead.	1200	If present, the input file is ignored and parameters are generated instead.
1204	.It Fl C	1201	.It Fl C
1205	This option converts the parameters into C code.	1202	Convert the parameters into C code.
1206	The parameters can then be loaded by calling the	1203	The parameters can then be loaded by calling the
1207	.Cm get_dh Ns Ar numbits Ns Li ()	1204	.No get_dh Ns Ar numbits
1208	function.	1205	function.
1209	.It Fl check	1206	.It Fl check
1210	Check the DH parameters.	1207	Check the DH parameters.
1211	.It Fl dsaparam	1208	.It Fl dsaparam
1212	If this option is used, DSA rather than DH parameters are read or created;	1209	Read or create DSA parameters,
1213	they are converted to DH format.	1210	converted to DH format on output.
1214	Otherwise,	1211	Otherwise,
1215	.Qq strong	1212	.Qq strong
1216	primes	1213	primes
@@ -1226,87 +1223,38 @@ Beware that with such DSA-style DH parameters,
1226	a fresh DH key should be created for each use to	1223	a fresh DH key should be created for each use to
1227	avoid small-subgroup attacks that may be possible otherwise.	1224	avoid small-subgroup attacks that may be possible otherwise.
1228	.It Fl in Ar file	1225	.It Fl in Ar file
1229	This specifies the input	1226	The input file to read from,
1230	.Ar file	1227	or standard input if not specified.
1231	to read parameters from, or standard input if this option is not specified.	1228	.It Fl inform Cm der \| pem
1232	.It Fl inform Ar DER \| PEM	1229	The input format.
1233	This specifies the input format.	1230	.Cm der
1234	The argument
1235	.Ar DER
1236	uses an ASN1 DER-encoded form compatible with the PKCS#3 DHparameter	1231	uses an ASN1 DER-encoded form compatible with the PKCS#3 DHparameter
1237	structure.	1232	structure.
1238	The	1233	.Cm pem
1239	.Ar PEM	1234	is the default:
1240	form is the default format:
1241	it consists of the DER format base64-encoded with	1235	it consists of the DER format base64-encoded with
1242	additional header and footer lines.	1236	additional header and footer lines:
		1237	.Bd -unfilled -offset indent
		1238	-----BEGIN DH PARAMETERS-----
		1239	-----END DH PARAMETERS-----
		1240	.Ed
1243	.It Fl noout	1241	.It Fl noout
1244	This option inhibits the output of the encoded version of the parameters.	1242	Inhibit the output of the encoded version of the parameters.
		1243	.It Fl out Ar file
		1244	The output file to write to,
		1245	or standard output if not specified.
		1246	.It Fl outform Cm der \| pem
		1247	The output format.
		1248	.It Fl text
		1249	Print out the DH parameters in human readable form.
1245	.It Ar numbits	1250	.It Ar numbits
1246	This argument specifies that a parameter set should be generated of size	1251	Generate a parameter set of size
1247	.Ar numbits .	1252	.Ar numbits .
1248	It must be the last option.	1253	It must be the last option.
1249	If not present, a value of 2048 is used.	1254	If not present, a value of 2048 is used.
1250	If this value is present, the input file is ignored and	1255	If this value is present, the input file is ignored and
1251	parameters are generated instead.	1256	parameters are generated instead.
1252	.It Fl out Ar file
1253	This specifies the output
1254	.Ar file
1255	to write parameters to.
1256	Standard output is used if this option is not present.
1257	The output filename should
1258	.Em not
1259	be the same as the input filename.
1260	.It Fl outform Ar DER \| PEM
1261	This specifies the output format; the options have the same meaning as the
1262	.Fl inform
1263	option.
1264	.It Fl text
1265	This option prints out the DH parameters in human readable form.
1266	.El	1257	.El
1267	.Sh DHPARAM WARNINGS
1268	The program
1269	.Nm dhparam
1270	combines the functionality of the programs
1271	.Nm dh
1272	and
1273	.Nm gendh
1274	in previous versions of
1275	.Nm OpenSSL
1276	and
1277	.Nm SSLeay .
1278	The
1279	.Nm dh
1280	and
1281	.Nm gendh
1282	programs are retained for now, but may have different purposes in future
1283	versions of
1284	.Nm OpenSSL .
1285	.Sh DHPARAM NOTES
1286	PEM format DH parameters use the header and footer lines:
1287	.Bd -unfilled -offset indent
1288	-----BEGIN DH PARAMETERS-----
1289	-----END DH PARAMETERS-----
1290	.Ed
1291	.Pp
1292	.Nm OpenSSL
1293	currently only supports the older PKCS#3 DH,
1294	not the newer X9.42 DH.
1295	.Pp
1296	This program manipulates DH parameters not keys.
1297	.Sh DHPARAM BUGS
1298	There should be a way to generate and manipulate DH keys.
1299	.Sh DHPARAM HISTORY
1300	The
1301	.Nm dhparam
1302	command was added in
1303	.Nm OpenSSL
1304	0.9.5.
1305	The
1306	.Fl dsaparam
1307	option was added in
1308	.Nm OpenSSL
1309	0.9.6.
1310	.\"	1258	.\"
1311	.\" DSA	1259	.\" DSA
1312	.\"	1260	.\"