Merge OpenSSL 1.0.1k.

1 files changed, 33 insertions, 24 deletions

diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index 644cb67..a5df03f 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS8 1"
-.TH PKCS8 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS8 1 "2015-01-08" "1.0.1k" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -180,7 +189,7 @@ prompted for.
 .IP "\fB\-passin arg\fR" 4
 .IX Item "-passin arg"
 the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
 .IP "\fB\-out filename\fR" 4
 .IX Item "-out filename"
 This specifies the output filename to write a key to or standard output by
@@ -190,7 +199,7 @@ filename.
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
 the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
 .IP "\fB\-nocrypt\fR" 4
 .IX Item "-nocrypt"
 PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
@@ -202,15 +211,15 @@ code signing software used unencrypted private keys.
 .IP "\fB\-nooct\fR" 4
 .IX Item "-nooct"
 This option generates \s-1RSA\s0 private keys in a broken format that some software
-uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0
+uses. Specifically the private key should be enclosed in a \s-1OCTET STRING\s0
 but some software just includes the structure itself without the
-surrounding \s-1OCTET\s0 \s-1STRING\s0.
+surrounding \s-1OCTET STRING.\s0
 .IP "\fB\-embed\fR" 4
 .IX Item "-embed"
 This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
-embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0
-contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
-the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key.
+embedded inside the PrivateKey structure. In this form the \s-1OCTET STRING\s0
+contains an \s-1ASN1 SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
+the parameters and an \s-1ASN1 INTEGER\s0 containing the private key.
 .IP "\fB\-nsdb\fR" 4
 .IX Item "-nsdb"
 This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
@@ -276,17 +285,17 @@ level whereas the traditional format includes them at a \s-1PEM\s0 level.
 Various algorithms can be used with the \fB\-v1\fR command line option,
 including PKCS#5 v1.5 and PKCS#12. These are described in more detail
 below.
-.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4
+.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4
 .IX Item "PBE-MD2-DES PBE-MD5-DES"
 These algorithms were included in the original PKCS#5 v1.5 specification.
-They only offer 56 bits of protection since they both use \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0 \s-1PBE\-MD2\-RC2\-64\s0 \s-1PBE\-MD5\-RC2\-64\s0 \s-1PBE\-SHA1\-DES\s0\fR" 4
+They only offer 56 bits of protection since they both use \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC2\-64 PBE\-MD2\-RC2\-64 PBE\-MD5\-RC2\-64 PBE\-SHA1\-DES\s0\fR" 4
 .IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
 These algorithms are not mentioned in the original PKCS#5 v1.5 specification
 but they use the same key derivation algorithm and are supported by some
 software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
-56 bit \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0 \s-1PBE\-SHA1\-RC4\-40\s0 \s-1PBE\-SHA1\-3DES\s0 \s-1PBE\-SHA1\-2DES\s0 \s-1PBE\-SHA1\-RC2\-128\s0 \s-1PBE\-SHA1\-RC2\-40\s0\fR" 4
+56 bit \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC4\-128 PBE\-SHA1\-RC4\-40 PBE\-SHA1\-3DES PBE\-SHA1\-2DES PBE\-SHA1\-RC2\-128 PBE\-SHA1\-RC2\-40\s0\fR" 4
 .IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
 These algorithms use the PKCS#12 password based encryption algorithm and
 allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
@@ -327,13 +336,13 @@ Convert a private key from any PKCS#8 format to traditional format:
 .SH "STANDARDS"
 .IX Header "STANDARDS"
 Test vectors from this PKCS#5 v2.0 implementation were posted to the
-pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
+pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration
 counts, several people confirmed that they could decrypt the private
 keys produced and Therefore it can be assumed that the PKCS#5 v2.0
 implementation is reasonably accurate at least as far as these
 algorithms are concerned.
 .PP
-The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
+The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented:
 it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
 PKCS#8 private key format complies with this standard.
 .SH "BUGS"