1 files changed, 62 insertions, 59 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index 2910cf8b70..86c02fa54a 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.22 2003/10/30 19:12:38 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.23 2003/11/21 15:12:31 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -1986,17 +1986,18 @@ below.
 .Sh DHPARAM
 .Nm openssl dhparam
 .Bk -words
-.Op Fl inform Ar DER | PEM
+.Op Fl 2 | 5
-.Op Fl outform Ar DER | PEM
+.Op Fl C
-.Op Fl in Ar filename
+.Op Fl check
-.Op Fl out Ar filename
 .Op Fl dsaparam
 .Op Fl noout
 .Op Fl text
-.Op Fl C
-.Op Fl 2 | 5
-.Op Fl rand Ar file ...
 .Op Fl engine Ar id
+.Op Fl in Ar filename
+.Op Fl inform Ar DER | PEM
+.Op Fl out Ar filename
+.Op Fl outform Ar DER | PEM
+.Op Fl rand Ar file ...
 .Op Ar numbits
 .Ek
 .Pp
@@ -2006,6 +2007,46 @@ command is used to manipulate DH parameter files.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
+.It Fl 2 , 5
+The generator to use, either 2 or 5.
+2 is the default.
+If present, then the input file is ignored and parameters are generated instead.
+.It Fl C
+This option converts the parameters into C code.
+The parameters can then be loaded by calling the
+.Cm get_dh Ns Ar numbits Ns Li ()
+function.
+.It Fl check
+Check the DH parameters.
+.It Fl dsaparam
+If this option is used, DSA rather than DH parameters are read or created;
+they are converted to DH format.
+Otherwise,
+.Qq strong
+primes
+.Pq such that (p-1)/2 is also prime
+will be used for DH parameter generation.
+.Pp
+DH parameter generation with the
+.Fl dsaparam
+option is much faster,
+and the recommended exponent length is shorter,
+which makes DH key exchange more efficient.
+Beware that with such DSA-style DH parameters,
+a fresh DH key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm dhparam
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default for all available algorithms.
+.It Fl in Ar filename
+This specifies the input
+.Ar filename
+to read parameters from or standard input if this option is not specified.
 .It Fl inform Ar DER | PEM
 This specifies the input format.
 The argument
@@ -2017,14 +2058,15 @@ The
 form is the default format:
 it consists of the DER format base64 encoded with
 additional header and footer lines.
-.It Fl outform Ar DER | PEM
+.It Fl noout
-This specifies the output format; the options have the same meaning as the
+This option inhibits the output of the encoded version of the parameters.
-.Fl inform
+.It Ar numbits
-option.
+This argument specifies that a parameter set should be generated of size
-.It Fl in Ar filename
+.Ar numbits .
-This specifies the input
+It must be the last option.
-.Ar filename
+If not present, then a value of 512 is used.
-to read parameters from or standard input if this option is not specified.
+If this value is present, then the input file is ignored and
+parameters are generated instead.
 .It Fl out Ar filename
 This specifies the output
 .Ar filename
@@ -2033,57 +2075,18 @@ Standard output is used if this option is not present.
 The output filename should
 .Em not
 be the same as the input filename.
-.It Fl dsaparam
+.It Fl outform Ar DER | PEM
-If this option is used, DSA rather than DH parameters are read or created;
+This specifies the output format; the options have the same meaning as the
-they are converted to DH format.
+.Fl inform
-Otherwise,
+option.
-.Qq strong
-primes
-.Pq such that (p-1)/2 is also prime
-will be used for DH parameter generation.
-.Pp
-DH parameter generation with the
-.Fl dsaparam
-option is much faster,
-and the recommended exponent length is shorter,
-which makes DH key exchange more efficient.
-Beware that with such DSA-style DH parameters,
-a fresh DH key should be created for each use to
-avoid small-subgroup attacks that may be possible otherwise.
-.It Fl 2 , 5
-The generator to use, either 2 or 5.
-2 is the default.
-If present, then the input file is ignored and parameters are generated instead.
 .It Fl rand Ar file ...
 A file or files containing random data used to seed the random number generator,
 or an EGD socket (see
 .Xr RAND_egd 3 ) .
 Multiple files can be specified, separated by a
 .Sq \&: .
-.It Ar numbits
-This argument specifies that a parameter set should be generated of size
-.Ar numbits .
-It must be the last option.
-If not present, then a value of 512 is used.
-If this value is present, then the input file is ignored and
-parameters are generated instead.
-.It Fl noout
-This option inhibits the output of the encoded version of the parameters.
 .It Fl text
 This option prints out the DH parameters in human readable form.
-.It Fl C
-This option converts the parameters into C code.
-The parameters can then be loaded by calling the
-.Cm get_dh Ns Ar numbits Ns Li ()
-function.
-.It Fl engine Ar id
-Specifying an engine (by it's unique
-.Ar id
-string) will cause
-.Nm dhparam
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed.
-The engine will then be set as the default for all available algorithms.
 .El
 .Sh DHPARAM WARNINGS
 The program

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index 2910cf8b70..86c02fa54a 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.22 2003/10/30 19:12:38 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.23 2003/11/21 15:12:31 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -1986,17 +1986,18 @@ below.
1986	.Sh DHPARAM	1986	.Sh DHPARAM
1987	.Nm openssl dhparam	1987	.Nm openssl dhparam
1988	.Bk -words	1988	.Bk -words
1989	.Op Fl inform Ar DER \| PEM	1989	.Op Fl 2 \| 5
1990	.Op Fl outform Ar DER \| PEM	1990	.Op Fl C
1991	.Op Fl in Ar filename	1991	.Op Fl check
1992	.Op Fl out Ar filename
1993	.Op Fl dsaparam	1992	.Op Fl dsaparam
1994	.Op Fl noout	1993	.Op Fl noout
1995	.Op Fl text	1994	.Op Fl text
1996	.Op Fl C
1997	.Op Fl 2 \| 5
1998	.Op Fl rand Ar file ...
1999	.Op Fl engine Ar id	1995	.Op Fl engine Ar id
		1996	.Op Fl in Ar filename
		1997	.Op Fl inform Ar DER \| PEM
		1998	.Op Fl out Ar filename
		1999	.Op Fl outform Ar DER \| PEM
		2000	.Op Fl rand Ar file ...
2000	.Op Ar numbits	2001	.Op Ar numbits
2001	.Ek	2002	.Ek
2002	.Pp	2003	.Pp
@@ -2006,6 +2007,46 @@ command is used to manipulate DH parameter files.
2006	.Pp	2007	.Pp
2007	The options are as follows:	2008	The options are as follows:
2008	.Bl -tag -width "XXXX"	2009	.Bl -tag -width "XXXX"
		2010	.It Fl 2 , 5
		2011	The generator to use, either 2 or 5.
		2012	2 is the default.
		2013	If present, then the input file is ignored and parameters are generated instead.
		2014	.It Fl C
		2015	This option converts the parameters into C code.
		2016	The parameters can then be loaded by calling the
		2017	.Cm get_dh Ns Ar numbits Ns Li ()
		2018	function.
		2019	.It Fl check
		2020	Check the DH parameters.
		2021	.It Fl dsaparam
		2022	If this option is used, DSA rather than DH parameters are read or created;
		2023	they are converted to DH format.
		2024	Otherwise,
		2025	.Qq strong
		2026	primes
		2027	.Pq such that (p-1)/2 is also prime
		2028	will be used for DH parameter generation.
		2029	.Pp
		2030	DH parameter generation with the
		2031	.Fl dsaparam
		2032	option is much faster,
		2033	and the recommended exponent length is shorter,
		2034	which makes DH key exchange more efficient.
		2035	Beware that with such DSA-style DH parameters,
		2036	a fresh DH key should be created for each use to
		2037	avoid small-subgroup attacks that may be possible otherwise.
		2038	.It Fl engine Ar id
		2039	Specifying an engine (by it's unique
		2040	.Ar id
		2041	string) will cause
		2042	.Nm dhparam
		2043	to attempt to obtain a functional reference to the specified engine,
		2044	thus initialising it if needed.
		2045	The engine will then be set as the default for all available algorithms.
		2046	.It Fl in Ar filename
		2047	This specifies the input
		2048	.Ar filename
		2049	to read parameters from or standard input if this option is not specified.
2009	.It Fl inform Ar DER \| PEM	2050	.It Fl inform Ar DER \| PEM
2010	This specifies the input format.	2051	This specifies the input format.
2011	The argument	2052	The argument
@@ -2017,14 +2058,15 @@ The
2017	form is the default format:	2058	form is the default format:
2018	it consists of the DER format base64 encoded with	2059	it consists of the DER format base64 encoded with
2019	additional header and footer lines.	2060	additional header and footer lines.
2020	.It Fl outform Ar DER \| PEM	2061	.It Fl noout
2021	This specifies the output format; the options have the same meaning as the	2062	This option inhibits the output of the encoded version of the parameters.
2022	.Fl inform	2063	.It Ar numbits
2023	option.	2064	This argument specifies that a parameter set should be generated of size
2024	.It Fl in Ar filename	2065	.Ar numbits .
2025	This specifies the input	2066	It must be the last option.
2026	.Ar filename	2067	If not present, then a value of 512 is used.
2027	to read parameters from or standard input if this option is not specified.	2068	If this value is present, then the input file is ignored and
		2069	parameters are generated instead.
2028	.It Fl out Ar filename	2070	.It Fl out Ar filename
2029	This specifies the output	2071	This specifies the output
2030	.Ar filename	2072	.Ar filename
@@ -2033,57 +2075,18 @@ Standard output is used if this option is not present.
2033	The output filename should	2075	The output filename should
2034	.Em not	2076	.Em not
2035	be the same as the input filename.	2077	be the same as the input filename.
2036	.It Fl dsaparam	2078	.It Fl outform Ar DER \| PEM
2037	If this option is used, DSA rather than DH parameters are read or created;	2079	This specifies the output format; the options have the same meaning as the
2038	they are converted to DH format.	2080	.Fl inform
2039	Otherwise,	2081	option.
2040	.Qq strong
2041	primes
2042	.Pq such that (p-1)/2 is also prime
2043	will be used for DH parameter generation.
2044	.Pp
2045	DH parameter generation with the
2046	.Fl dsaparam
2047	option is much faster,
2048	and the recommended exponent length is shorter,
2049	which makes DH key exchange more efficient.
2050	Beware that with such DSA-style DH parameters,
2051	a fresh DH key should be created for each use to
2052	avoid small-subgroup attacks that may be possible otherwise.
2053	.It Fl 2 , 5
2054	The generator to use, either 2 or 5.
2055	2 is the default.
2056	If present, then the input file is ignored and parameters are generated instead.
2057	.It Fl rand Ar file ...	2082	.It Fl rand Ar file ...
2058	A file or files containing random data used to seed the random number generator,	2083	A file or files containing random data used to seed the random number generator,
2059	or an EGD socket (see	2084	or an EGD socket (see
2060	.Xr RAND_egd 3 ) .	2085	.Xr RAND_egd 3 ) .
2061	Multiple files can be specified, separated by a	2086	Multiple files can be specified, separated by a
2062	.Sq \&: .	2087	.Sq \&: .
2063	.It Ar numbits
2064	This argument specifies that a parameter set should be generated of size
2065	.Ar numbits .
2066	It must be the last option.
2067	If not present, then a value of 512 is used.
2068	If this value is present, then the input file is ignored and
2069	parameters are generated instead.
2070	.It Fl noout
2071	This option inhibits the output of the encoded version of the parameters.
2072	.It Fl text	2088	.It Fl text
2073	This option prints out the DH parameters in human readable form.	2089	This option prints out the DH parameters in human readable form.
2074	.It Fl C
2075	This option converts the parameters into C code.
2076	The parameters can then be loaded by calling the
2077	.Cm get_dh Ns Ar numbits Ns Li ()
2078	function.
2079	.It Fl engine Ar id
2080	Specifying an engine (by it's unique
2081	.Ar id
2082	string) will cause
2083	.Nm dhparam
2084	to attempt to obtain a functional reference to the specified engine,
2085	thus initialising it if needed.
2086	The engine will then be set as the default for all available algorithms.
2087	.El	2090	.El
2088	.Sh DHPARAM WARNINGS	2091	.Sh DHPARAM WARNINGS
2089	The program	2092	The program