1 files changed, 121 insertions, 125 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index bfa12fe451..9da8f52fce 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.25 2003/12/13 20:10:38 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.26 2003/12/19 14:52:15 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -2404,26 +2404,21 @@ DSA parameters is often used to generate several distinct keys.
 .Nm openssl enc
 .Bk -words
 .Fl ciphername
-.Op Fl in Ar filename
+.Op Fl AadePp
-.Op Fl out Ar filename
+.Op Fl debug
-.Op Fl pass Ar arg
+.Op Fl engine Ar id
-.Op Fl salt
+.Op Fl nopad
 .Op Fl nosalt
-.Op Fl e
+.Op Fl salt
-.Op Fl d
+.Op Fl bufsize Ar number
-.Op Fl a
+.Op Fl in Ar filename
-.Op Fl A
+.Op Fl iv Ar IV
+.Op Fl K Ar key
 .Op Fl k Ar password
 .Op Fl kfile Ar filename
+.Op Fl out Ar filename
+.Op Fl pass Ar arg
 .Op Fl S Ar salt
-.Op Fl K Ar key
-.Op Fl iv Ar IV
-.Op Fl p
-.Op Fl P
-.Op Fl bufsize Ar number
-.Op Fl nopad
-.Op Fl debug
-.Op Fl engine Ar id
 .Ek
 .Pp
 The symmetric cipher commands allow data to be encrypted or decrypted
@@ -2434,79 +2429,53 @@ or in addition to the encryption or decryption.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl in Ar filename
+.It Fl A
-The input
+If the
-.Ar filename ,
+.Fl a
-standard input by default.
+option is set, then base64 process the data on one line.
-.It Fl out Ar filename
-The output
-.Ar filename ,
-standard output by default.
-.It Fl pass Ar arg
-The password source.
-For more information about the format of
-.Ar arg ,
-see the
-.Sx PASS PHRASE ARGUMENTS
-section above.
-.It Fl salt
-Use a
-.Ar salt
-in the key derivation routines.
-This option should
-.Em ALWAYS
-be used unless compatibility with previous versions of
-.Nm OpenSSL
-or
-.Nm SSLeay
-is required.
-This option is only present on
-.Nm OpenSSL
-versions 0.9.5 or above.
-.It Fl nosalt
-Don't use a
-.Ar salt
-in the key derivation routines.
-This is the default for compatibility with previous versions of
-.Nm OpenSSL
-and
-.Nm SSLeay .
-.It Fl e
-Encrypt the input data: this is the default.
-.It Fl d
-Decrypt the input data.
 .It Fl a
 Base64 process the data.
 This means that if encryption is taking place, the data is base64 encoded
 after encryption.
 If decryption is set, then the input data is base64 decoded before
 being decrypted.
-.It Fl A
+.It Fl bufsize Ar number
-If the
+Set the buffer size for I/O.
-.Fl a
+.It Fl d
-option is set, then base64 process the data on one line.
+Decrypt the input data.
-.It Fl k Ar password
+.It Fl debug
-The
+Debug the BIOs used for I/O.
-.Ar password
+.It Fl e
-to derive the key from.
+Encrypt the input data: this is the default.
-This is for compatibility with previous versions of
+.It Fl engine Ar id
-.Nm OpenSSL .
+Specifying an engine (by it's unique
-Superseded by the
+.Ar id
-.Fl pass
+string) will cause
-option.
+.Nm enc
-.It Fl kfile Ar filename
+to attempt to obtain a functional reference to the specified engine,
-Read the password to derive the key from the first line of
+thus initialising it if needed.
-.Ar filename .
+The engine will then be set as the default for all available algorithms.
-This is for compatibility with previous versions of
+.It Fl in Ar filename
-.Nm OpenSSL .
+The input
-Superseded by the
+.Ar filename ;
-.Fl pass
+standard input by default.
-option.
+.It Fl iv Ar IV
-.It Fl S Ar salt
 The actual
-.Ar salt
+.Ar IV
+.Pq initialisation vector
 to use:
 this must be represented as a string comprised only of hex digits.
+When only the
+.Ar key
+is specified using the
+.Fl K
+option, the
+.Ar IV
+must explicitly be defined.
+When a password is being specified using one of the other options,
+the
+.Ar IV
+is generated from this password.
 .It Fl K Ar key
 The actual
 .Ar key
@@ -2514,7 +2483,7 @@ to use:
 this must be represented as a string comprised only of hex digits.
 If only the key is specified, the
 .Ar IV
-must additionally specified using the
+must be additionally specified using the
 .Fl iv
 option.
 When both a
@@ -2532,47 +2501,78 @@ It probably does not make much sense to specify both
 .Ar key
 and
 .Ar password .
-.It Fl iv Ar IV
+.It Fl k Ar password
-The actual
+The
-.Ar IV
+.Ar password
-to use:
+to derive the key from.
-this must be represented as a string comprised only of hex digits.
+This is for compatibility with previous versions of
-When only the
+.Nm OpenSSL .
-.Ar key
+Superseded by the
-is specified using the
+.Fl pass
-.Fl K
+option.
-option, the
+.It Fl kfile Ar filename
-.Ar IV
+Read the password to derive the key from the first line of
-must explicitly be defined.
+.Ar filename .
-When a password is being specified using one of the other options,
+This is for compatibility with previous versions of
-the
+.Nm OpenSSL .
-.Ar IV
+Superseded by the
-is generated from this password.
+.Fl pass
-.It Fl p
+option.
-Print out the key and
+.It Fl nopad
-.Ar IV
+Disable standard block padding.
-used.
+.It Fl nosalt
+Don't use a
+.Ar salt
+in the key derivation routines.
+This is the default for compatibility with previous versions of
+.Nm OpenSSL
+and
+.Nm SSLeay .
+.It Fl out Ar filename
+The output
+.Ar filename ,
+standard output by default.
 .It Fl P
 Print out the
-.Ar key
+.Ar salt ,
+.Ar key ,
 and
 .Ar IV
-used then immediately exit:
+used, then immediately exit;
 don't do any encryption or decryption.
-.It Fl bufsize Ar number
+.It Fl p
-Set the buffer size for I/O.
+Print out the
-.It Fl nopad
+.Ar salt ,
-Disable standard block padding.
+.Ar key ,
-.It Fl debug
+and
-Debug the BIOs used for I/O.
+.Ar IV
-.It Fl engine Ar id
+used.
-Specifying an engine (by it's unique
+.It Fl pass Ar arg
-.Ar id
+The password source.
-string) will cause
+For more information about the format of
-.Nm enc
+.Ar arg ,
-to attempt to obtain a functional reference to the specified engine,
+see the
-thus initialising it if needed.
+.Sx PASS PHRASE ARGUMENTS
-The engine will then be set as the default for all available algorithms.
+section above.
+.It Fl S Ar salt
+The actual
+.Ar salt
+to use:
+this must be represented as a string comprised only of hex digits.
+.It Fl salt
+Use a
+.Ar salt
+in the key derivation routines.
+This option should
+.Em ALWAYS
+be used unless compatibility with previous versions of
+.Nm OpenSSL
+or
+.Nm SSLeay
+is required.
+This option is only present on
+.Nm OpenSSL
+versions 0.9.5 or above.
 .El
 .Sh ENC NOTES
 The program can be called either as
@@ -2668,8 +2668,8 @@ cast5-ofb          CAST5 in OFB mode
 des-cbc            DES in CBC mode
 des                Alias for des-cbc
 des-cfb            DES in CBC mode
-des-ofb            DES in OFB mode
 des-ecb            DES in ECB mode
+des-ofb            DES in OFB mode
 des-ede-cbc        Two key triple DES EDE in CBC mode
 des-ede            Alias for des-ede
@@ -2711,7 +2711,7 @@ Encrypt a file using triple DES in CBC mode using a prompted password:
 .Pp
 Decrypt a file using a supplied password:
 .Pp
-.Dl "$ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword"
+.Dl "$ openssl des3 -d -in file.des3 -out file.txt -k mypassword"
 .Pp
 Encrypt a file then base64 encode it
 (so it can be sent via mail for example)
@@ -2721,11 +2721,7 @@ using Blowfish in CBC mode:
 .Pp
 Base64 decode a file then decrypt it:
 .Pp
-.Dl "$ openssl bf -d -salt -a -in file.bf -out file.txt"
+.Dl "$ openssl bf -d -a -in file.bf -out file.txt"
-.Pp
-Decrypt some data using a supplied 40-bit RC4 key:
-.Pp
-.Dl $ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
 .Sh ENC BUGS
 The
 .Fl A

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index bfa12fe451..9da8f52fce 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.25 2003/12/13 20:10:38 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.26 2003/12/19 14:52:15 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -2404,26 +2404,21 @@ DSA parameters is often used to generate several distinct keys.
2404	.Nm openssl enc	2404	.Nm openssl enc
2405	.Bk -words	2405	.Bk -words
2406	.Fl ciphername	2406	.Fl ciphername
2407	.Op Fl in Ar filename	2407	.Op Fl AadePp
2408	.Op Fl out Ar filename	2408	.Op Fl debug
2409	.Op Fl pass Ar arg	2409	.Op Fl engine Ar id
2410	.Op Fl salt	2410	.Op Fl nopad
2411	.Op Fl nosalt	2411	.Op Fl nosalt
2412	.Op Fl e	2412	.Op Fl salt
2413	.Op Fl d	2413	.Op Fl bufsize Ar number
2414	.Op Fl a	2414	.Op Fl in Ar filename
2415	.Op Fl A	2415	.Op Fl iv Ar IV
		2416	.Op Fl K Ar key
2416	.Op Fl k Ar password	2417	.Op Fl k Ar password
2417	.Op Fl kfile Ar filename	2418	.Op Fl kfile Ar filename
		2419	.Op Fl out Ar filename
		2420	.Op Fl pass Ar arg
2418	.Op Fl S Ar salt	2421	.Op Fl S Ar salt
2419	.Op Fl K Ar key
2420	.Op Fl iv Ar IV
2421	.Op Fl p
2422	.Op Fl P
2423	.Op Fl bufsize Ar number
2424	.Op Fl nopad
2425	.Op Fl debug
2426	.Op Fl engine Ar id
2427	.Ek	2422	.Ek
2428	.Pp	2423	.Pp
2429	The symmetric cipher commands allow data to be encrypted or decrypted	2424	The symmetric cipher commands allow data to be encrypted or decrypted
@@ -2434,79 +2429,53 @@ or in addition to the encryption or decryption.
2434	.Pp	2429	.Pp
2435	The options are as follows:	2430	The options are as follows:
2436	.Bl -tag -width "XXXX"	2431	.Bl -tag -width "XXXX"
2437	.It Fl in Ar filename	2432	.It Fl A
2438	The input	2433	If the
2439	.Ar filename ,	2434	.Fl a
2440	standard input by default.	2435	option is set, then base64 process the data on one line.
2441	.It Fl out Ar filename
2442	The output
2443	.Ar filename ,
2444	standard output by default.
2445	.It Fl pass Ar arg
2446	The password source.
2447	For more information about the format of
2448	.Ar arg ,
2449	see the
2450	.Sx PASS PHRASE ARGUMENTS
2451	section above.
2452	.It Fl salt
2453	Use a
2454	.Ar salt
2455	in the key derivation routines.
2456	This option should
2457	.Em ALWAYS
2458	be used unless compatibility with previous versions of
2459	.Nm OpenSSL
2460	or
2461	.Nm SSLeay
2462	is required.
2463	This option is only present on
2464	.Nm OpenSSL
2465	versions 0.9.5 or above.
2466	.It Fl nosalt
2467	Don't use a
2468	.Ar salt
2469	in the key derivation routines.
2470	This is the default for compatibility with previous versions of
2471	.Nm OpenSSL
2472	and
2473	.Nm SSLeay .
2474	.It Fl e
2475	Encrypt the input data: this is the default.
2476	.It Fl d
2477	Decrypt the input data.
2478	.It Fl a	2436	.It Fl a
2479	Base64 process the data.	2437	Base64 process the data.
2480	This means that if encryption is taking place, the data is base64 encoded	2438	This means that if encryption is taking place, the data is base64 encoded
2481	after encryption.	2439	after encryption.
2482	If decryption is set, then the input data is base64 decoded before	2440	If decryption is set, then the input data is base64 decoded before
2483	being decrypted.	2441	being decrypted.
2484	.It Fl A	2442	.It Fl bufsize Ar number
2485	If the	2443	Set the buffer size for I/O.
2486	.Fl a	2444	.It Fl d
2487	option is set, then base64 process the data on one line.	2445	Decrypt the input data.
2488	.It Fl k Ar password	2446	.It Fl debug
2489	The	2447	Debug the BIOs used for I/O.
2490	.Ar password	2448	.It Fl e
2491	to derive the key from.	2449	Encrypt the input data: this is the default.
2492	This is for compatibility with previous versions of	2450	.It Fl engine Ar id
2493	.Nm OpenSSL .	2451	Specifying an engine (by it's unique
2494	Superseded by the	2452	.Ar id
2495	.Fl pass	2453	string) will cause
2496	option.	2454	.Nm enc
2497	.It Fl kfile Ar filename	2455	to attempt to obtain a functional reference to the specified engine,
2498	Read the password to derive the key from the first line of	2456	thus initialising it if needed.
2499	.Ar filename .	2457	The engine will then be set as the default for all available algorithms.
2500	This is for compatibility with previous versions of	2458	.It Fl in Ar filename
2501	.Nm OpenSSL .	2459	The input
2502	Superseded by the	2460	.Ar filename ;
2503	.Fl pass	2461	standard input by default.
2504	option.	2462	.It Fl iv Ar IV
2505	.It Fl S Ar salt
2506	The actual	2463	The actual
2507	.Ar salt	2464	.Ar IV
		2465	.Pq initialisation vector
2508	to use:	2466	to use:
2509	this must be represented as a string comprised only of hex digits.	2467	this must be represented as a string comprised only of hex digits.
		2468	When only the
		2469	.Ar key
		2470	is specified using the
		2471	.Fl K
		2472	option, the
		2473	.Ar IV
		2474	must explicitly be defined.
		2475	When a password is being specified using one of the other options,
		2476	the
		2477	.Ar IV
		2478	is generated from this password.
2510	.It Fl K Ar key	2479	.It Fl K Ar key
2511	The actual	2480	The actual
2512	.Ar key	2481	.Ar key
@@ -2514,7 +2483,7 @@ to use:
2514	this must be represented as a string comprised only of hex digits.	2483	this must be represented as a string comprised only of hex digits.
2515	If only the key is specified, the	2484	If only the key is specified, the
2516	.Ar IV	2485	.Ar IV
2517	must additionally specified using the	2486	must be additionally specified using the
2518	.Fl iv	2487	.Fl iv
2519	option.	2488	option.
2520	When both a	2489	When both a
@@ -2532,47 +2501,78 @@ It probably does not make much sense to specify both
2532	.Ar key	2501	.Ar key
2533	and	2502	and
2534	.Ar password .	2503	.Ar password .
2535	.It Fl iv Ar IV	2504	.It Fl k Ar password
2536	The actual	2505	The
2537	.Ar IV	2506	.Ar password
2538	to use:	2507	to derive the key from.
2539	this must be represented as a string comprised only of hex digits.	2508	This is for compatibility with previous versions of
2540	When only the	2509	.Nm OpenSSL .
2541	.Ar key	2510	Superseded by the
2542	is specified using the	2511	.Fl pass
2543	.Fl K	2512	option.
2544	option, the	2513	.It Fl kfile Ar filename
2545	.Ar IV	2514	Read the password to derive the key from the first line of
2546	must explicitly be defined.	2515	.Ar filename .
2547	When a password is being specified using one of the other options,	2516	This is for compatibility with previous versions of
2548	the	2517	.Nm OpenSSL .
2549	.Ar IV	2518	Superseded by the
2550	is generated from this password.	2519	.Fl pass
2551	.It Fl p	2520	option.
2552	Print out the key and	2521	.It Fl nopad
2553	.Ar IV	2522	Disable standard block padding.
2554	used.	2523	.It Fl nosalt
		2524	Don't use a
		2525	.Ar salt
		2526	in the key derivation routines.
		2527	This is the default for compatibility with previous versions of
		2528	.Nm OpenSSL
		2529	and
		2530	.Nm SSLeay .
		2531	.It Fl out Ar filename
		2532	The output
		2533	.Ar filename ,
		2534	standard output by default.
2555	.It Fl P	2535	.It Fl P
2556	Print out the	2536	Print out the
2557	.Ar key	2537	.Ar salt ,
		2538	.Ar key ,
2558	and	2539	and
2559	.Ar IV	2540	.Ar IV
2560	used then immediately exit:	2541	used, then immediately exit;
2561	don't do any encryption or decryption.	2542	don't do any encryption or decryption.
2562	.It Fl bufsize Ar number	2543	.It Fl p
2563	Set the buffer size for I/O.	2544	Print out the
2564	.It Fl nopad	2545	.Ar salt ,
2565	Disable standard block padding.	2546	.Ar key ,
2566	.It Fl debug	2547	and
2567	Debug the BIOs used for I/O.	2548	.Ar IV
2568	.It Fl engine Ar id	2549	used.
2569	Specifying an engine (by it's unique	2550	.It Fl pass Ar arg
2570	.Ar id	2551	The password source.
2571	string) will cause	2552	For more information about the format of
2572	.Nm enc	2553	.Ar arg ,
2573	to attempt to obtain a functional reference to the specified engine,	2554	see the
2574	thus initialising it if needed.	2555	.Sx PASS PHRASE ARGUMENTS
2575	The engine will then be set as the default for all available algorithms.	2556	section above.
		2557	.It Fl S Ar salt
		2558	The actual
		2559	.Ar salt
		2560	to use:
		2561	this must be represented as a string comprised only of hex digits.
		2562	.It Fl salt
		2563	Use a
		2564	.Ar salt
		2565	in the key derivation routines.
		2566	This option should
		2567	.Em ALWAYS
		2568	be used unless compatibility with previous versions of
		2569	.Nm OpenSSL
		2570	or
		2571	.Nm SSLeay
		2572	is required.
		2573	This option is only present on
		2574	.Nm OpenSSL
		2575	versions 0.9.5 or above.
2576	.El	2576	.El
2577	.Sh ENC NOTES	2577	.Sh ENC NOTES
2578	The program can be called either as	2578	The program can be called either as
@@ -2668,8 +2668,8 @@ cast5-ofb CAST5 in OFB mode
2668	des-cbc DES in CBC mode	2668	des-cbc DES in CBC mode
2669	des Alias for des-cbc	2669	des Alias for des-cbc
2670	des-cfb DES in CBC mode	2670	des-cfb DES in CBC mode
2671	des-ofb DES in OFB mode
2672	des-ecb DES in ECB mode	2671	des-ecb DES in ECB mode
		2672	des-ofb DES in OFB mode
2673		2673
2674	des-ede-cbc Two key triple DES EDE in CBC mode	2674	des-ede-cbc Two key triple DES EDE in CBC mode
2675	des-ede Alias for des-ede	2675	des-ede Alias for des-ede
@@ -2711,7 +2711,7 @@ Encrypt a file using triple DES in CBC mode using a prompted password:
2711	.Pp	2711	.Pp
2712	Decrypt a file using a supplied password:	2712	Decrypt a file using a supplied password:
2713	.Pp	2713	.Pp
2714	.Dl "$ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword"	2714	.Dl "$ openssl des3 -d -in file.des3 -out file.txt -k mypassword"
2715	.Pp	2715	.Pp
2716	Encrypt a file then base64 encode it	2716	Encrypt a file then base64 encode it
2717	(so it can be sent via mail for example)	2717	(so it can be sent via mail for example)
@@ -2721,11 +2721,7 @@ using Blowfish in CBC mode:
2721	.Pp	2721	.Pp
2722	Base64 decode a file then decrypt it:	2722	Base64 decode a file then decrypt it:
2723	.Pp	2723	.Pp
2724	.Dl "$ openssl bf -d -salt -a -in file.bf -out file.txt"	2724	.Dl "$ openssl bf -d -a -in file.bf -out file.txt"
2725	.Pp
2726	Decrypt some data using a supplied 40-bit RC4 key:
2727	.Pp
2728	.Dl $ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
2729	.Sh ENC BUGS	2725	.Sh ENC BUGS
2730	The	2726	The
2731	.Fl A	2727	.Fl A