1 files changed, 23 insertions, 25 deletions
diff --git a/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
index 8532ef1b27..1ffafd69ed 100644
--- a/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
+++ b/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
@@ -1,10 +1,9 @@
-.\"     $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
+.\"     $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.3 2016/11/24 19:45:16 jmc Exp $
 .\"
-.Dd $Mdocdate: November 6 2016 $
+.Dd $Mdocdate: November 24 2016 $
 .Dt PEM_READ_BIO_PRIVATEKEY 3
 .Os
 .Sh NAME
-.Nm PEM ,
 .Nm PEM_read_bio_PrivateKey ,
 .Nm PEM_read_PrivateKey ,
 .Nm PEM_write_bio_PrivateKey ,
@@ -516,7 +515,7 @@
 .Fc
 .Sh DESCRIPTION
 The PEM functions read or write structures in PEM format.
-In this sense PEM format is simply base64 encoded data surrounded by
+In this sense PEM format is simply base64-encoded data surrounded by
 header lines.
 .Pp
 For more details about the meaning of arguments see the
@@ -542,7 +541,7 @@ structure.
 The write routines use "traditional" private key format and can handle
 both RSA and DSA private keys.
 The read functions can additionally transparently handle PKCS#8 format
-encrypted and unencrypted keys, too.
+encrypted and unencrypted keys too.
 .Pp
 .Fn PEM_write_bio_PKCS8PrivateKey
 and
@@ -570,8 +569,7 @@ also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo.
 However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
 The algorithm to use is specified in the
 .Fa nid
-parameter and should be the NID of the corresponding OBJECT IDENTIFIER
+parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
-(see NOTES section).
 .Pp
 The
 .Sy PUBKEY
@@ -754,7 +752,7 @@ if an error occurred.
 .Pp
 The PEM functions which write private keys take an
 .Fa enc
-parameter which specifies the encryption algorithm to use.
+parameter, which specifies the encryption algorithm to use.
 Encryption is done at the PEM level.
 If this parameter is set to
 .Dv NULL ,
@@ -779,7 +777,7 @@ is ignored.
 .Pp
 If the
 .Fa cb
-parameters is set to
+parameter is set to
 .Dv NULL
 and the
 .Fa u
@@ -795,7 +793,7 @@ and
 .Fa u
 are
 .Dv NULL ,
-then the default callback routine is used which will typically
+then the default callback routine is used, which will typically
 prompt for the passphrase on the current terminal with echoing
 turned off.
 .Pp
@@ -835,7 +833,7 @@ or 0 if an error occurred.
 .Ss PEM encryption format
 This old
 .Sy PrivateKey
-routines use a non standard technique for encryption.
+routines use a non-standard technique for encryption.
 .Pp
 The private key (or other data) takes the following form:
 .Bd -literal -offset indent
@@ -852,9 +850,9 @@ The line beginning with
 contains two comma separated pieces of information:
 the encryption algorithm name as used by
 .Xr EVP_get_cipherbyname 3
-and an 8 byte salt encoded as a set of hexadecimal digits.
+and an 8-byte salt encoded as a set of hexadecimal digits.
 .Pp
-After this is the base64 encoded encrypted data.
+After this is the base64-encoded encrypted data.
 .Pp
 The encryption key is determined using
 .Xr EVP_BytesToKey 3 ,
@@ -874,7 +872,7 @@ applications most of them are set to 0 or
 .Pp
 Read a certificate in PEM format from a
 .Vt BIO :
-.Bd -literal
+.Bd -literal -offset indent
 X509 *x;
 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
 if (x == NULL) {
@@ -883,7 +881,7 @@ if (x == NULL) {
 .Ed
 .Pp
 Alternative method:
-.Bd -literal
+.Bd -literal -offset indent
 X509 *x = NULL;
 if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
        /* Error */
@@ -892,7 +890,7 @@ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
 .Pp
 Write a certificate to a
 .Vt BIO :
-.Bd -literal
+.Bd -literal -offset indent
 if (!PEM_write_bio_X509(bp, x)) {
        /* Error */
 }
@@ -900,7 +898,7 @@ if (!PEM_write_bio_X509(bp, x)) {
 .Pp
 Write an unencrypted private key to a
 .Vt FILE :
-.Bd -literal
+.Bd -literal -offset indent
 if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
        /* Error */
 }
@@ -908,8 +906,8 @@ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
 .Pp
 Write a private key (using traditional format) to a
 .Vt BIO
-using triple DES encryption, the pass phrase is prompted for:
+using triple DES encryption; the pass phrase is prompted for:
-.Bd -literal
+.Bd -literal -offset indent
 if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
    NULL, 0, 0, NULL)) {
        /* Error */
@@ -919,7 +917,7 @@ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
 Write a private key (using PKCS#8 format) to a
 .Vt BIO
 using triple DES encryption, using the pass phrase "hello":
-.Bd -literal
+.Bd -literal -offset indent
 if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
    NULL, 0, 0, "hello")) {
        /* Error */
@@ -929,7 +927,7 @@ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
 Read a private key from a
 .Vt BIO
 using the pass phrase "hello":
-.Bd -literal
+.Bd -literal -offset indent
 key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
 if (key == NULL) {
        /* Error */
@@ -939,7 +937,7 @@ if (key == NULL) {
 Read a private key from a
 .Vt BIO
 using a pass phrase callback:
-.Bd -literal
+.Bd -literal -offset indent
 key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
 if (key == NULL) {
        /* Error */
@@ -947,7 +945,7 @@ if (key == NULL) {
 .Ed
 .Pp
 Skeleton pass phrase callback:
-.Bd -literal
+.Bd -literal -offset indent
 int
 pass_cb(char *buf, int size, int rwflag, void *u)
 {
@@ -973,13 +971,13 @@ pass_cb(char *buf, int size, int rwflag, void *u)
 .Sh CAVEATS
 A frequent cause of problems is attempting to use the PEM routines like
 this:
-.Bd -literal
+.Bd -literal -offset indent
 X509 *x;
 PEM_read_bio_X509(bp, &x, 0, NULL);
 .Ed
 .Pp
 This is a bug because an attempt will be made to reuse the data at
-.Fa x
+.Fa x ,
 which is an uninitialised pointer.
 .Sh BUGS
 The PEM read routines in some versions of OpenSSL will not correctly

diff --git a/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 index 8532ef1b27..1ffafd69ed 100644 --- a/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 +++ b/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
@@ -1,10 +1,9 @@
1	.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.2 2016/11/06 15:52:50 jmc Exp $	1	.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.3 2016/11/24 19:45:16 jmc Exp $
2	.\"	2	.\"
3	.Dd $Mdocdate: November 6 2016 $	3	.Dd $Mdocdate: November 24 2016 $
4	.Dt PEM_READ_BIO_PRIVATEKEY 3	4	.Dt PEM_READ_BIO_PRIVATEKEY 3
5	.Os	5	.Os
6	.Sh NAME	6	.Sh NAME
7	.Nm PEM ,
8	.Nm PEM_read_bio_PrivateKey ,	7	.Nm PEM_read_bio_PrivateKey ,
9	.Nm PEM_read_PrivateKey ,	8	.Nm PEM_read_PrivateKey ,
10	.Nm PEM_write_bio_PrivateKey ,	9	.Nm PEM_write_bio_PrivateKey ,
@@ -516,7 +515,7 @@
516	.Fc	515	.Fc
517	.Sh DESCRIPTION	516	.Sh DESCRIPTION
518	The PEM functions read or write structures in PEM format.	517	The PEM functions read or write structures in PEM format.
519	In this sense PEM format is simply base64 encoded data surrounded by	518	In this sense PEM format is simply base64-encoded data surrounded by
520	header lines.	519	header lines.
521	.Pp	520	.Pp
522	For more details about the meaning of arguments see the	521	For more details about the meaning of arguments see the
@@ -542,7 +541,7 @@ structure.
542	The write routines use "traditional" private key format and can handle	541	The write routines use "traditional" private key format and can handle
543	both RSA and DSA private keys.	542	both RSA and DSA private keys.
544	The read functions can additionally transparently handle PKCS#8 format	543	The read functions can additionally transparently handle PKCS#8 format
545	encrypted and unencrypted keys, too.	544	encrypted and unencrypted keys too.
546	.Pp	545	.Pp
547	.Fn PEM_write_bio_PKCS8PrivateKey	546	.Fn PEM_write_bio_PKCS8PrivateKey
548	and	547	and
@@ -570,8 +569,7 @@ also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo.
570	However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.	569	However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
571	The algorithm to use is specified in the	570	The algorithm to use is specified in the
572	.Fa nid	571	.Fa nid
573	parameter and should be the NID of the corresponding OBJECT IDENTIFIER	572	parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
574	(see NOTES section).
575	.Pp	573	.Pp
576	The	574	The
577	.Sy PUBKEY	575	.Sy PUBKEY
@@ -754,7 +752,7 @@ if an error occurred.
754	.Pp	752	.Pp
755	The PEM functions which write private keys take an	753	The PEM functions which write private keys take an
756	.Fa enc	754	.Fa enc
757	parameter which specifies the encryption algorithm to use.	755	parameter, which specifies the encryption algorithm to use.
758	Encryption is done at the PEM level.	756	Encryption is done at the PEM level.
759	If this parameter is set to	757	If this parameter is set to
760	.Dv NULL ,	758	.Dv NULL ,
@@ -779,7 +777,7 @@ is ignored.
779	.Pp	777	.Pp
780	If the	778	If the
781	.Fa cb	779	.Fa cb
782	parameters is set to	780	parameter is set to
783	.Dv NULL	781	.Dv NULL
784	and the	782	and the
785	.Fa u	783	.Fa u
@@ -795,7 +793,7 @@ and
795	.Fa u	793	.Fa u
796	are	794	are
797	.Dv NULL ,	795	.Dv NULL ,
798	then the default callback routine is used which will typically	796	then the default callback routine is used, which will typically
799	prompt for the passphrase on the current terminal with echoing	797	prompt for the passphrase on the current terminal with echoing
800	turned off.	798	turned off.
801	.Pp	799	.Pp
@@ -835,7 +833,7 @@ or 0 if an error occurred.
835	.Ss PEM encryption format	833	.Ss PEM encryption format
836	This old	834	This old
837	.Sy PrivateKey	835	.Sy PrivateKey
838	routines use a non standard technique for encryption.	836	routines use a non-standard technique for encryption.
839	.Pp	837	.Pp
840	The private key (or other data) takes the following form:	838	The private key (or other data) takes the following form:
841	.Bd -literal -offset indent	839	.Bd -literal -offset indent
@@ -852,9 +850,9 @@ The line beginning with
852	contains two comma separated pieces of information:	850	contains two comma separated pieces of information:
853	the encryption algorithm name as used by	851	the encryption algorithm name as used by
854	.Xr EVP_get_cipherbyname 3	852	.Xr EVP_get_cipherbyname 3
855	and an 8 byte salt encoded as a set of hexadecimal digits.	853	and an 8-byte salt encoded as a set of hexadecimal digits.
856	.Pp	854	.Pp
857	After this is the base64 encoded encrypted data.	855	After this is the base64-encoded encrypted data.
858	.Pp	856	.Pp
859	The encryption key is determined using	857	The encryption key is determined using
860	.Xr EVP_BytesToKey 3 ,	858	.Xr EVP_BytesToKey 3 ,
@@ -874,7 +872,7 @@ applications most of them are set to 0 or
874	.Pp	872	.Pp
875	Read a certificate in PEM format from a	873	Read a certificate in PEM format from a
876	.Vt BIO :	874	.Vt BIO :
877	.Bd -literal	875	.Bd -literal -offset indent
878	X509 *x;	876	X509 *x;
879	x = PEM_read_bio_X509(bp, NULL, 0, NULL);	877	x = PEM_read_bio_X509(bp, NULL, 0, NULL);
880	if (x == NULL) {	878	if (x == NULL) {
@@ -883,7 +881,7 @@ if (x == NULL) {
883	.Ed	881	.Ed
884	.Pp	882	.Pp
885	Alternative method:	883	Alternative method:
886	.Bd -literal	884	.Bd -literal -offset indent
887	X509 *x = NULL;	885	X509 *x = NULL;
888	if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {	886	if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
889	/* Error */	887	/* Error */
@@ -892,7 +890,7 @@ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
892	.Pp	890	.Pp
893	Write a certificate to a	891	Write a certificate to a
894	.Vt BIO :	892	.Vt BIO :
895	.Bd -literal	893	.Bd -literal -offset indent
896	if (!PEM_write_bio_X509(bp, x)) {	894	if (!PEM_write_bio_X509(bp, x)) {
897	/* Error */	895	/* Error */
898	}	896	}
@@ -900,7 +898,7 @@ if (!PEM_write_bio_X509(bp, x)) {
900	.Pp	898	.Pp
901	Write an unencrypted private key to a	899	Write an unencrypted private key to a
902	.Vt FILE :	900	.Vt FILE :
903	.Bd -literal	901	.Bd -literal -offset indent
904	if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {	902	if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
905	/* Error */	903	/* Error */
906	}	904	}
@@ -908,8 +906,8 @@ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
908	.Pp	906	.Pp
909	Write a private key (using traditional format) to a	907	Write a private key (using traditional format) to a
910	.Vt BIO	908	.Vt BIO
911	using triple DES encryption, the pass phrase is prompted for:	909	using triple DES encryption; the pass phrase is prompted for:
912	.Bd -literal	910	.Bd -literal -offset indent
913	if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),	911	if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
914	NULL, 0, 0, NULL)) {	912	NULL, 0, 0, NULL)) {
915	/* Error */	913	/* Error */
@@ -919,7 +917,7 @@ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
919	Write a private key (using PKCS#8 format) to a	917	Write a private key (using PKCS#8 format) to a
920	.Vt BIO	918	.Vt BIO
921	using triple DES encryption, using the pass phrase "hello":	919	using triple DES encryption, using the pass phrase "hello":
922	.Bd -literal	920	.Bd -literal -offset indent
923	if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),	921	if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
924	NULL, 0, 0, "hello")) {	922	NULL, 0, 0, "hello")) {
925	/* Error */	923	/* Error */
@@ -929,7 +927,7 @@ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
929	Read a private key from a	927	Read a private key from a
930	.Vt BIO	928	.Vt BIO
931	using the pass phrase "hello":	929	using the pass phrase "hello":
932	.Bd -literal	930	.Bd -literal -offset indent
933	key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");	931	key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
934	if (key == NULL) {	932	if (key == NULL) {
935	/* Error */	933	/* Error */
@@ -939,7 +937,7 @@ if (key == NULL) {
939	Read a private key from a	937	Read a private key from a
940	.Vt BIO	938	.Vt BIO
941	using a pass phrase callback:	939	using a pass phrase callback:
942	.Bd -literal	940	.Bd -literal -offset indent
943	key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");	941	key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
944	if (key == NULL) {	942	if (key == NULL) {
945	/* Error */	943	/* Error */
@@ -947,7 +945,7 @@ if (key == NULL) {
947	.Ed	945	.Ed
948	.Pp	946	.Pp
949	Skeleton pass phrase callback:	947	Skeleton pass phrase callback:
950	.Bd -literal	948	.Bd -literal -offset indent
951	int	949	int
952	pass_cb(char buf, int size, int rwflag, void u)	950	pass_cb(char buf, int size, int rwflag, void u)
953	{	951	{
@@ -973,13 +971,13 @@ pass_cb(char buf, int size, int rwflag, void u)
973	.Sh CAVEATS	971	.Sh CAVEATS
974	A frequent cause of problems is attempting to use the PEM routines like	972	A frequent cause of problems is attempting to use the PEM routines like
975	this:	973	this:
976	.Bd -literal	974	.Bd -literal -offset indent
977	X509 *x;	975	X509 *x;
978	PEM_read_bio_X509(bp, &x, 0, NULL);	976	PEM_read_bio_X509(bp, &x, 0, NULL);
979	.Ed	977	.Ed
980	.Pp	978	.Pp
981	This is a bug because an attempt will be made to reuse the data at	979	This is a bug because an attempt will be made to reuse the data at
982	.Fa x	980	.Fa x ,
983	which is an uninitialised pointer.	981	which is an uninitialised pointer.
984	.Sh BUGS	982	.Sh BUGS
985	The PEM read routines in some versions of OpenSSL will not correctly	983	The PEM read routines in some versions of OpenSSL will not correctly