1 files changed, 69 insertions, 63 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index 89a41fba10..dc60a2857a 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.16 2003/10/04 22:38:58 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.17 2003/10/08 08:37:50 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -387,11 +387,11 @@ and
 for input and output passwords, respectively.
 These allow the password to be obtained from a variety of sources.
 Both of these options take a single argument whose format is described below.
-If no password argument is given and a password is required then the user is
+If no password argument is given and a password is required,
-prompted to enter one: this will typically be read from the current
+then the user is prompted to enter one:
-terminal with echoing turned off.
+this will typically be read from the current terminal with echoing turned off.
 .Bl -tag -width "fd:number"
-.It Ar pass Ns : Ns Ar password
+.It Ar pass : Ns Ar password
 The actual password is
 .Ar password .
 Since the password is visible to utilities
@@ -400,7 +400,7 @@ Since the password is visible to utilities
 under
 .Ux )
 this form should only be used where security is not important.
-.It Ar env Ns : Ns Ar var
+.It Ar env : Ns Ar var
 Obtain the password from the environment variable
 .Ar var .
 Since the environment of other processes is visible on certain platforms
@@ -409,7 +409,7 @@ Since the environment of other processes is visible on certain platforms
 under certain
 .Ux
 OSes) this option should be used with caution.
-.It Ar file Ns : Ns Ar pathname
+.It Ar file : Ns Ar pathname
 The first line of
 .Ar pathname
 is the password.
@@ -424,7 +424,7 @@ for the output password.
 .Ar pathname
 need not refer to a regular file:
 it could, for example, refer to a device or named pipe.
-.It Ar fd Ns : Ns Ar number
+.It Ar fd : Ns Ar number
 Read the password from the file descriptor
 .Ar number .
 This can be used to send the data via a pipe for example.
@@ -435,18 +435,18 @@ Read the password from standard input.
 .\" ASN1PARSE
 .\"
 .Sh ASN1PARSE
-.Nm "openssl asn1parse"
+.Nm openssl asn1parse
 .Bk -words
-.Op Fl inform Ar DER | PEM | TXT
-.Op Fl in Ar filename
-.Op Fl out Ar filename
-.Op Fl noout
-.Op Fl offset Ar number
-.Op Fl length Ar number
 .Op Fl i
 .Op Fl dump
+.Op Fl noout
 .Op Fl dlimit Ar number
+.Op Fl in Ar filename
+.Op Fl inform Ar DER | PEM | TXT
+.Op Fl length Ar number
+.Op Fl offset Ar number
 .Op Fl oid Ar filename
+.Op Fl out Ar filename
 .Op Fl strparse Ar offset
 .Ek
 .Pp
@@ -456,50 +456,51 @@ command is a diagnostic utility that can parse ASN.1 structures.
 It can also be used to extract data from ASN.1 formatted data.
 .Pp
 The options are as follows:
-.Bl -tag -width "XXXX"
+.Bl -tag -width "-noout"
+.It Fl dlimit Ar number
+Dump the first
+.Ar number
+bytes of unknown data in hex form.
+.It Fl dump
+Dump unknown data in hex form.
+.It Fl i
+Indents the output according to the
+.Qq depth
+of the structures.
+.It Fl in Ar filename
+The input file; default is standard input.
 .It Fl inform Ar DER | PEM | TXT
 The input format.
 .Ar DER
+.Pq Distinguished Encoding Rules
 is binary format and
 .Ar PEM
-.Pq the default
+.Pq Privacy Enhanced Mail ,
-is base64 encoded.
+the default, is base64 encoded.
 .Ar TXT
 is plain text.
-.It Fl in Ar filename
+.It Fl length Ar number
-The input file; default is standard input.
+Number of bytes to parse; default is until end of file.
-.It Fl out Ar filename
-Output file to place the
-.Em DER
-encoded data into.
-If this option is not present then no data will be output.
-This is most useful when combined with the
-.Fl strparse
-option.
 .It Fl noout
 Don't output the parsed version of the input file.
 .It Fl offset Ar number
 Starting offset to begin parsing; default is start of file.
-.It Fl length Ar number
-Number of bytes to parse; default is until end of file.
-.It Fl i
-Indents the output according to the
-.Qq depth
-of the structures.
-.It Fl dump
-Dump unknown data in hex form.
-.It Fl dlimit Ar number
-Dump the first
-.Ar number
-bytes of unknown data in hex form.
 .It Fl oid Ar filename
-A file containing additional OBJECT IDENTIFIERs
+A file containing additional object identifiers
 .Pq OIDs .
 The format of this file is described in the
 .Sx ASN1PARSE NOTES
 section below.
+.It Fl out Ar filename
+Output file to place the
+.Em DER
+encoded data into.
+If this option is not present, then no encoded data will be output.
+This is most useful when combined with the
+.Fl strparse
+option.
 .It Fl strparse Ar offset
-Parse the contents octets of the ASN.1 object starting at
+Parse the content octets of the ASN.1 object starting at
 .Ar offset .
 This option can be used multiple times to
 .Qq drill down
@@ -507,21 +508,21 @@ into a nested structure.
 .El
 .Sh ASN1PARSE OUTPUT
 The output will typically contain lines like this:
-.Bd -literal
+.Bd -literal -offset 2n
-  0:d=0  hl=4 l= 681 cons: SEQUENCE
+0:d=0  hl=4 l= 681 cons: SEQUENCE
 \&.....
-  229:d=3  hl=3 l= 141 prim: BIT STRING
+229:d=3  hl=3 l= 141 prim: BIT STRING
-  373:d=2  hl=3 l= 162 cons: cont [ 3 ]
+373:d=2  hl=3 l= 162 cons: cont [ 3 ]
-  376:d=3  hl=3 l= 159 cons: SEQUENCE
+376:d=3  hl=3 l= 159 cons: SEQUENCE
-  379:d=4  hl=2 l=  29 cons: SEQUENCE
+379:d=4  hl=2 l=  29 cons: SEQUENCE
-  381:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Subject Key Identifier
+381:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Subject Key Identifier
-  386:d=5  hl=2 l=  22 prim: OCTET STRING
+386:d=5  hl=2 l=  22 prim: OCTET STRING
-  410:d=4  hl=2 l= 112 cons: SEQUENCE
+410:d=4  hl=2 l= 112 cons: SEQUENCE
-  412:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Authority Key Identifier
+412:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Authority Key Identifier
-  417:d=5  hl=2 l= 105 prim: OCTET STRING
+417:d=5  hl=2 l= 105 prim: OCTET STRING
-  524:d=4  hl=2 l=  12 cons: SEQUENCE
+524:d=4  hl=2 l=  12 cons: SEQUENCE
 \&.....
 .Ed
@@ -536,7 +537,7 @@ gives the header length
 .Pq tag and length octets
 of the current type.
 .Cm l=XX
-gives the length of the contents octets.
+gives the length of the content octets.
 .Pp
 The
 .Fl i
@@ -544,18 +545,23 @@ option can be used to make the output more readable.
 .Pp
 Some knowledge of the ASN.1 structure is needed to interpret the output.
 .Pp
-In this example the BIT STRING at offset 229 is the certificate public key.
+In this example, the BIT STRING at offset 229 is the certificate public key.
-The contents octets of this will contain the public key information.
+The content octets of this will contain the public key information.
 This can be examined using the option
 .Fl strparse Cm 229
 to yield:
 .Bd -literal
-\&    0:d=0  hl=3 l= 137 cons: SEQUENCE
+    0:d=0  hl=3 l= 137 cons: SEQUENCE
-\&    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FA
-\&  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
+F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A
+9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58
+BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9
+  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
 .Ed
 .Sh ASN1PARSE NOTES
-If an OID is not part of
+If an OID
+.Pq object identifier
+is not part of
 .Nm OpenSSL Ns Li 's
 internal table it will be represented in
 numerical form
@@ -563,7 +569,7 @@ numerical form
 The file passed to the
 .Fl oid
 option allows additional OIDs to be included.
-Each line consists of three columns;
+Each line consists of three columns:
 the first column is the OID in numerical format and should be followed by
 whitespace.
 The second column is the
@@ -575,7 +581,7 @@ The final column is the rest of the line and is the
 displays the long name.
 Example:
 .Pp
-.Dl \&"1.2.3.4  shortName       A long name\&"
+.Dl \&"1.2.3.4  shortname       A long name\&"
 .Sh ASN1PARSE BUGS
 There should be options to change the format of input lines.
 The output of some ASN.1 types is not well handled

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index 89a41fba10..dc60a2857a 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.16 2003/10/04 22:38:58 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.17 2003/10/08 08:37:50 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -387,11 +387,11 @@ and
387	for input and output passwords, respectively.	387	for input and output passwords, respectively.
388	These allow the password to be obtained from a variety of sources.	388	These allow the password to be obtained from a variety of sources.
389	Both of these options take a single argument whose format is described below.	389	Both of these options take a single argument whose format is described below.
390	If no password argument is given and a password is required then the user is	390	If no password argument is given and a password is required,
391	prompted to enter one: this will typically be read from the current	391	then the user is prompted to enter one:
392	terminal with echoing turned off.	392	this will typically be read from the current terminal with echoing turned off.
393	.Bl -tag -width "fd:number"	393	.Bl -tag -width "fd:number"
394	.It Ar pass Ns : Ns Ar password	394	.It Ar pass : Ns Ar password
395	The actual password is	395	The actual password is
396	.Ar password .	396	.Ar password .
397	Since the password is visible to utilities	397	Since the password is visible to utilities
@@ -400,7 +400,7 @@ Since the password is visible to utilities
400	under	400	under
401	.Ux )	401	.Ux )
402	this form should only be used where security is not important.	402	this form should only be used where security is not important.
403	.It Ar env Ns : Ns Ar var	403	.It Ar env : Ns Ar var
404	Obtain the password from the environment variable	404	Obtain the password from the environment variable
405	.Ar var .	405	.Ar var .
406	Since the environment of other processes is visible on certain platforms	406	Since the environment of other processes is visible on certain platforms
@@ -409,7 +409,7 @@ Since the environment of other processes is visible on certain platforms
409	under certain	409	under certain
410	.Ux	410	.Ux
411	OSes) this option should be used with caution.	411	OSes) this option should be used with caution.
412	.It Ar file Ns : Ns Ar pathname	412	.It Ar file : Ns Ar pathname
413	The first line of	413	The first line of
414	.Ar pathname	414	.Ar pathname
415	is the password.	415	is the password.
@@ -424,7 +424,7 @@ for the output password.
424	.Ar pathname	424	.Ar pathname
425	need not refer to a regular file:	425	need not refer to a regular file:
426	it could, for example, refer to a device or named pipe.	426	it could, for example, refer to a device or named pipe.
427	.It Ar fd Ns : Ns Ar number	427	.It Ar fd : Ns Ar number
428	Read the password from the file descriptor	428	Read the password from the file descriptor
429	.Ar number .	429	.Ar number .
430	This can be used to send the data via a pipe for example.	430	This can be used to send the data via a pipe for example.
@@ -435,18 +435,18 @@ Read the password from standard input.
435	.\" ASN1PARSE	435	.\" ASN1PARSE
436	.\"	436	.\"
437	.Sh ASN1PARSE	437	.Sh ASN1PARSE
438	.Nm "openssl asn1parse"	438	.Nm openssl asn1parse
439	.Bk -words	439	.Bk -words
440	.Op Fl inform Ar DER \| PEM \| TXT
441	.Op Fl in Ar filename
442	.Op Fl out Ar filename
443	.Op Fl noout
444	.Op Fl offset Ar number
445	.Op Fl length Ar number
446	.Op Fl i	440	.Op Fl i
447	.Op Fl dump	441	.Op Fl dump
		442	.Op Fl noout
448	.Op Fl dlimit Ar number	443	.Op Fl dlimit Ar number
		444	.Op Fl in Ar filename
		445	.Op Fl inform Ar DER \| PEM \| TXT
		446	.Op Fl length Ar number
		447	.Op Fl offset Ar number
449	.Op Fl oid Ar filename	448	.Op Fl oid Ar filename
		449	.Op Fl out Ar filename
450	.Op Fl strparse Ar offset	450	.Op Fl strparse Ar offset
451	.Ek	451	.Ek
452	.Pp	452	.Pp
@@ -456,50 +456,51 @@ command is a diagnostic utility that can parse ASN.1 structures.
456	It can also be used to extract data from ASN.1 formatted data.	456	It can also be used to extract data from ASN.1 formatted data.
457	.Pp	457	.Pp
458	The options are as follows:	458	The options are as follows:
459	.Bl -tag -width "XXXX"	459	.Bl -tag -width "-noout"
		460	.It Fl dlimit Ar number
		461	Dump the first
		462	.Ar number
		463	bytes of unknown data in hex form.
		464	.It Fl dump
		465	Dump unknown data in hex form.
		466	.It Fl i
		467	Indents the output according to the
		468	.Qq depth
		469	of the structures.
		470	.It Fl in Ar filename
		471	The input file; default is standard input.
460	.It Fl inform Ar DER \| PEM \| TXT	472	.It Fl inform Ar DER \| PEM \| TXT
461	The input format.	473	The input format.
462	.Ar DER	474	.Ar DER
		475	.Pq Distinguished Encoding Rules
463	is binary format and	476	is binary format and
464	.Ar PEM	477	.Ar PEM
465	.Pq the default	478	.Pq Privacy Enhanced Mail ,
466	is base64 encoded.	479	the default, is base64 encoded.
467	.Ar TXT	480	.Ar TXT
468	is plain text.	481	is plain text.
469	.It Fl in Ar filename	482	.It Fl length Ar number
470	The input file; default is standard input.	483	Number of bytes to parse; default is until end of file.
471	.It Fl out Ar filename
472	Output file to place the
473	.Em DER
474	encoded data into.
475	If this option is not present then no data will be output.
476	This is most useful when combined with the
477	.Fl strparse
478	option.
479	.It Fl noout	484	.It Fl noout
480	Don't output the parsed version of the input file.	485	Don't output the parsed version of the input file.
481	.It Fl offset Ar number	486	.It Fl offset Ar number
482	Starting offset to begin parsing; default is start of file.	487	Starting offset to begin parsing; default is start of file.
483	.It Fl length Ar number
484	Number of bytes to parse; default is until end of file.
485	.It Fl i
486	Indents the output according to the
487	.Qq depth
488	of the structures.
489	.It Fl dump
490	Dump unknown data in hex form.
491	.It Fl dlimit Ar number
492	Dump the first
493	.Ar number
494	bytes of unknown data in hex form.
495	.It Fl oid Ar filename	488	.It Fl oid Ar filename
496	A file containing additional OBJECT IDENTIFIERs	489	A file containing additional object identifiers
497	.Pq OIDs .	490	.Pq OIDs .
498	The format of this file is described in the	491	The format of this file is described in the
499	.Sx ASN1PARSE NOTES	492	.Sx ASN1PARSE NOTES
500	section below.	493	section below.
		494	.It Fl out Ar filename
		495	Output file to place the
		496	.Em DER
		497	encoded data into.
		498	If this option is not present, then no encoded data will be output.
		499	This is most useful when combined with the
		500	.Fl strparse
		501	option.
501	.It Fl strparse Ar offset	502	.It Fl strparse Ar offset
502	Parse the contents octets of the ASN.1 object starting at	503	Parse the content octets of the ASN.1 object starting at
503	.Ar offset .	504	.Ar offset .
504	This option can be used multiple times to	505	This option can be used multiple times to
505	.Qq drill down	506	.Qq drill down
@@ -507,21 +508,21 @@ into a nested structure.
507	.El	508	.El
508	.Sh ASN1PARSE OUTPUT	509	.Sh ASN1PARSE OUTPUT
509	The output will typically contain lines like this:	510	The output will typically contain lines like this:
510	.Bd -literal	511	.Bd -literal -offset 2n
511	0:d=0 hl=4 l= 681 cons: SEQUENCE	512	0:d=0 hl=4 l= 681 cons: SEQUENCE
512		513
513	\&.....	514	\&.....
514		515
515	229:d=3 hl=3 l= 141 prim: BIT STRING	516	229:d=3 hl=3 l= 141 prim: BIT STRING
516	373:d=2 hl=3 l= 162 cons: cont [ 3 ]	517	373:d=2 hl=3 l= 162 cons: cont [ 3 ]
517	376:d=3 hl=3 l= 159 cons: SEQUENCE	518	376:d=3 hl=3 l= 159 cons: SEQUENCE
518	379:d=4 hl=2 l= 29 cons: SEQUENCE	519	379:d=4 hl=2 l= 29 cons: SEQUENCE
519	381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier	520	381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
520	386:d=5 hl=2 l= 22 prim: OCTET STRING	521	386:d=5 hl=2 l= 22 prim: OCTET STRING
521	410:d=4 hl=2 l= 112 cons: SEQUENCE	522	410:d=4 hl=2 l= 112 cons: SEQUENCE
522	412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier	523	412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
523	417:d=5 hl=2 l= 105 prim: OCTET STRING	524	417:d=5 hl=2 l= 105 prim: OCTET STRING
524	524:d=4 hl=2 l= 12 cons: SEQUENCE	525	524:d=4 hl=2 l= 12 cons: SEQUENCE
525		526
526	\&.....	527	\&.....
527	.Ed	528	.Ed
@@ -536,7 +537,7 @@ gives the header length
536	.Pq tag and length octets	537	.Pq tag and length octets
537	of the current type.	538	of the current type.
538	.Cm l=XX	539	.Cm l=XX
539	gives the length of the contents octets.	540	gives the length of the content octets.
540	.Pp	541	.Pp
541	The	542	The
542	.Fl i	543	.Fl i
@@ -544,18 +545,23 @@ option can be used to make the output more readable.
544	.Pp	545	.Pp
545	Some knowledge of the ASN.1 structure is needed to interpret the output.	546	Some knowledge of the ASN.1 structure is needed to interpret the output.
546	.Pp	547	.Pp
547	In this example the BIT STRING at offset 229 is the certificate public key.	548	In this example, the BIT STRING at offset 229 is the certificate public key.
548	The contents octets of this will contain the public key information.	549	The content octets of this will contain the public key information.
549	This can be examined using the option	550	This can be examined using the option
550	.Fl strparse Cm 229	551	.Fl strparse Cm 229
551	to yield:	552	to yield:
552	.Bd -literal	553	.Bd -literal
553	\& 0:d=0 hl=3 l= 137 cons: SEQUENCE	554	0:d=0 hl=3 l= 137 cons: SEQUENCE
554	\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897	555	3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FA
555	\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001	556	F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A
		557	9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58
		558	BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9
		559	135:d=1 hl=2 l= 3 prim: INTEGER :010001
556	.Ed	560	.Ed
557	.Sh ASN1PARSE NOTES	561	.Sh ASN1PARSE NOTES
558	If an OID is not part of	562	If an OID
		563	.Pq object identifier
		564	is not part of
559	.Nm OpenSSL Ns Li 's	565	.Nm OpenSSL Ns Li 's
560	internal table it will be represented in	566	internal table it will be represented in
561	numerical form	567	numerical form
@@ -563,7 +569,7 @@ numerical form
563	The file passed to the	569	The file passed to the
564	.Fl oid	570	.Fl oid
565	option allows additional OIDs to be included.	571	option allows additional OIDs to be included.
566	Each line consists of three columns;	572	Each line consists of three columns:
567	the first column is the OID in numerical format and should be followed by	573	the first column is the OID in numerical format and should be followed by
568	whitespace.	574	whitespace.
569	The second column is the	575	The second column is the
@@ -575,7 +581,7 @@ The final column is the rest of the line and is the
575	displays the long name.	581	displays the long name.
576	Example:	582	Example:
577	.Pp	583	.Pp
578	.Dl \&"1.2.3.4 shortName A long name\&"	584	.Dl \&"1.2.3.4 shortname A long name\&"
579	.Sh ASN1PARSE BUGS	585	.Sh ASN1PARSE BUGS
580	There should be options to change the format of input lines.	586	There should be options to change the format of input lines.
581	The output of some ASN.1 types is not well handled	587	The output of some ASN.1 types is not well handled