1 files changed, 468 insertions, 0 deletions
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
new file mode 100644
index 0000000..f8e9017
--- /dev/null
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -0,0 +1,468 @@
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL 1"
+.TH OPENSSL 1 "2015-12-03" "1.0.2e" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+openssl \- OpenSSL command line tool
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR
+\&\fIcommand\fR
+[ \fIcommand_opts\fR ]
+[ \fIcommand_args\fR ]
+.PP
+\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR | \fBlist-cipher-algorithms\fR | \fBlist-message-digest-algorithms\fR | \fBlist-public-key-algorithms\fR]
+.PP
+\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0
+v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related
+cryptography standards required by them.
+.PP
+The \fBopenssl\fR program is a command line tool for using the various
+cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. 
+It can be used for
+.PP
+.Vb 8
+\& o  Creation and management of private keys, public keys and parameters
+\& o  Public key cryptographic operations
+\& o  Creation of X.509 certificates, CSRs and CRLs 
+\& o  Calculation of Message Digests
+\& o  Encryption and Decryption with Ciphers
+\& o  SSL/TLS Client and Server Tests
+\& o  Handling of S/MIME signed or encrypted mail
+\& o  Time Stamp requests, generation and verification
+.Ve
+.SH "COMMAND SUMMARY"
+.IX Header "COMMAND SUMMARY"
+The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the
+\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments
+(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
+.PP
+The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR,
+and \fBlist-cipher-commands\fR output a list (one entry per line) of the names
+of all standard commands, message digest commands, or cipher commands,
+respectively, that are available in the present \fBopenssl\fR utility.
+.PP
+The pseudo-commands \fBlist-cipher-algorithms\fR and
+\&\fBlist-message-digest-algorithms\fR list all cipher and message digest names, one entry per line. Aliases are listed as:
+.PP
+.Vb 1
+\& from => to
+.Ve
+.PP
+The pseudo-command \fBlist-public-key-algorithms\fR lists all supported public
+key algorithms.
+.PP
+The pseudo-command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the
+specified name is available.  If no command named \fI\s-1XXX\s0\fR exists, it
+returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1
+and prints \fI\s-1XXX\s0\fR.  In both cases, the output goes to \fBstdout\fR and
+nothing is printed to \fBstderr\fR.  Additional command line arguments
+are always ignored.  Since for each cipher there is a command of the
+same name, this provides an easy way for shell scripts to test for the
+availability of ciphers in the \fBopenssl\fR program.  (\fBno\-\fR\fI\s-1XXX\s0\fR is
+not able to detect pseudo-commands such as \fBquit\fR,
+\&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.)
+.SS "\s-1STANDARD COMMANDS\s0"
+.IX Subsection "STANDARD COMMANDS"
+.IP "\fBasn1parse\fR" 10
+.IX Item "asn1parse"
+Parse an \s-1ASN.1\s0 sequence.
+.IP "\fBca\fR" 10
+.IX Item "ca"
+Certificate Authority (\s-1CA\s0) Management.
+.IP "\fBciphers\fR" 10
+.IX Item "ciphers"
+Cipher Suite Description Determination.
+.IP "\fBcms\fR" 10
+.IX Item "cms"
+\&\s-1CMS \s0(Cryptographic Message Syntax) utility
+.IP "\fBcrl\fR" 10
+.IX Item "crl"
+Certificate Revocation List (\s-1CRL\s0) Management.
+.IP "\fBcrl2pkcs7\fR" 10
+.IX Item "crl2pkcs7"
+\&\s-1CRL\s0 to PKCS#7 Conversion.
+.IP "\fBdgst\fR" 10
+.IX Item "dgst"
+Message Digest Calculation.
+.IP "\fBdh\fR" 10
+.IX Item "dh"
+Diffie-Hellman Parameter Management.
+Obsoleted by \fBdhparam\fR.
+.IP "\fBdhparam\fR" 10
+.IX Item "dhparam"
+Generation and Management of Diffie-Hellman Parameters. Superseded by 
+\&\fBgenpkey\fR and \fBpkeyparam\fR
+.IP "\fBdsa\fR" 10
+.IX Item "dsa"
+\&\s-1DSA\s0 Data Management.
+.IP "\fBdsaparam\fR" 10
+.IX Item "dsaparam"
+\&\s-1DSA\s0 Parameter Generation and Management. Superseded by 
+\&\fBgenpkey\fR and \fBpkeyparam\fR
+.IP "\fBec\fR" 10
+.IX Item "ec"
+\&\s-1EC \s0(Elliptic curve) key processing
+.IP "\fBecparam\fR" 10
+.IX Item "ecparam"
+\&\s-1EC\s0 parameter manipulation and generation
+.IP "\fBenc\fR" 10
+.IX Item "enc"
+Encoding with Ciphers.
+.IP "\fBengine\fR" 10
+.IX Item "engine"
+Engine (loadble module) information and manipulation.
+.IP "\fBerrstr\fR" 10
+.IX Item "errstr"
+Error Number to Error String Conversion.
+.IP "\fBgendh\fR" 10
+.IX Item "gendh"
+Generation of Diffie-Hellman Parameters.
+Obsoleted by \fBdhparam\fR.
+.IP "\fBgendsa\fR" 10
+.IX Item "gendsa"
+Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by 
+\&\fBgenpkey\fR and \fBpkey\fR
+.IP "\fBgenpkey\fR" 10
+.IX Item "genpkey"
+Generation of Private Key or Parameters.
+.IP "\fBgenrsa\fR" 10
+.IX Item "genrsa"
+Generation of \s-1RSA\s0 Private Key. Superceded by \fBgenpkey\fR.
+.IP "\fBnseq\fR" 10
+.IX Item "nseq"
+Create or examine a netscape certificate sequence
+.IP "\fBocsp\fR" 10
+.IX Item "ocsp"
+Online Certificate Status Protocol utility.
+.IP "\fBpasswd\fR" 10
+.IX Item "passwd"
+Generation of hashed passwords.
+.IP "\fBpkcs12\fR" 10
+.IX Item "pkcs12"
+PKCS#12 Data Management.
+.IP "\fBpkcs7\fR" 10
+.IX Item "pkcs7"
+PKCS#7 Data Management.
+.IP "\fBpkey\fR" 10
+.IX Item "pkey"
+Public and private key management.
+.IP "\fBpkeyparam\fR" 10
+.IX Item "pkeyparam"
+Public key algorithm parameter management.
+.IP "\fBpkeyutl\fR" 10
+.IX Item "pkeyutl"
+Public key algorithm cryptographic operation utility.
+.IP "\fBrand\fR" 10
+.IX Item "rand"
+Generate pseudo-random bytes.
+.IP "\fBreq\fR" 10
+.IX Item "req"
+PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management.
+.IP "\fBrsa\fR" 10
+.IX Item "rsa"
+\&\s-1RSA\s0 key management.
+.IP "\fBrsautl\fR" 10
+.IX Item "rsautl"
+\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded
+by  \fBpkeyutl\fR
+.IP "\fBs_client\fR" 10
+.IX Item "s_client"
+This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
+connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
+.IP "\fBs_server\fR" 10
+.IX Item "s_server"
+This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
+clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL \fBssl\fR library.  It provides both an own command
+line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
+facility to emulate an SSL/TLS\-aware webserver.
+.IP "\fBs_time\fR" 10
+.IX Item "s_time"
+\&\s-1SSL\s0 Connection Timer.
+.IP "\fBsess_id\fR" 10
+.IX Item "sess_id"
+\&\s-1SSL\s0 Session Data Management.
+.IP "\fBsmime\fR" 10
+.IX Item "smime"
+S/MIME mail processing.
+.IP "\fBspeed\fR" 10
+.IX Item "speed"
+Algorithm Speed Measurement.
+.IP "\fBspkac\fR" 10
+.IX Item "spkac"
+\&\s-1SPKAC\s0 printing and generating utility
+.IP "\fBts\fR" 10
+.IX Item "ts"
+Time Stamping Authority tool (client/server)
+.IP "\fBverify\fR" 10
+.IX Item "verify"
+X.509 Certificate Verification.
+.IP "\fBversion\fR" 10
+.IX Item "version"
+OpenSSL Version Information.
+.IP "\fBx509\fR" 10
+.IX Item "x509"
+X.509 Certificate Data Management.
+.SS "\s-1MESSAGE DIGEST COMMANDS\s0"
+.IX Subsection "MESSAGE DIGEST COMMANDS"
+.IP "\fBmd2\fR" 10
+.IX Item "md2"
+\&\s-1MD2\s0 Digest
+.IP "\fBmd5\fR" 10
+.IX Item "md5"
+\&\s-1MD5\s0 Digest
+.IP "\fBmdc2\fR" 10
+.IX Item "mdc2"
+\&\s-1MDC2\s0 Digest
+.IP "\fBrmd160\fR" 10
+.IX Item "rmd160"
+\&\s-1RMD\-160\s0 Digest
+.IP "\fBsha\fR" 10
+.IX Item "sha"
+\&\s-1SHA\s0 Digest
+.IP "\fBsha1\fR" 10
+.IX Item "sha1"
+\&\s-1SHA\-1\s0 Digest
+.IP "\fBsha224\fR" 10
+.IX Item "sha224"
+\&\s-1SHA\-224\s0 Digest
+.IP "\fBsha256\fR" 10
+.IX Item "sha256"
+\&\s-1SHA\-256\s0 Digest
+.IP "\fBsha384\fR" 10
+.IX Item "sha384"
+\&\s-1SHA\-384\s0 Digest
+.IP "\fBsha512\fR" 10
+.IX Item "sha512"
+\&\s-1SHA\-512\s0 Digest
+.SS "\s-1ENCODING AND CIPHER COMMANDS\s0"
+.IX Subsection "ENCODING AND CIPHER COMMANDS"
+.IP "\fBbase64\fR" 10
+.IX Item "base64"
+Base64 Encoding
+.IP "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10
+.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb"
+Blowfish Cipher
+.IP "\fBcast cast-cbc\fR" 10
+.IX Item "cast cast-cbc"
+\&\s-1CAST\s0 Cipher
+.IP "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10
+.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb"
+\&\s-1CAST5\s0 Cipher
+.IP "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10
+.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb"
+\&\s-1DES\s0 Cipher
+.IP "\fBdes3 desx des\-ede3 des\-ede3\-cbc des\-ede3\-cfb des\-ede3\-ofb\fR" 10
+.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb"
+Triple-DES Cipher
+.IP "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10
+.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb"
+\&\s-1IDEA\s0 Cipher
+.IP "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10
+.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb"
+\&\s-1RC2\s0 Cipher
+.IP "\fBrc4\fR" 10
+.IX Item "rc4"
+\&\s-1RC4\s0 Cipher
+.IP "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10
+.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb"
+\&\s-1RC5\s0 Cipher
+.SH "PASS PHRASE ARGUMENTS"
+.IX Header "PASS PHRASE ARGUMENTS"
+Several commands accept password arguments, typically using \fB\-passin\fR
+and \fB\-passout\fR for input and output passwords respectively. These allow
+the password to be obtained from a variety of sources. Both of these
+options take a single argument whose format is described below. If no
+password argument is given and a password is required then the user is
+prompted to enter one: this will typically be read from the current
+terminal with echoing turned off.
+.IP "\fBpass:password\fR" 10
+.IX Item "pass:password"
+the actual password is \fBpassword\fR. Since the password is visible
+to utilities (like 'ps' under Unix) this form should only be used
+where security is not important.
+.IP "\fBenv:var\fR" 10
+.IX Item "env:var"
+obtain the password from the environment variable \fBvar\fR. Since
+the environment of other processes is visible on certain platforms
+(e.g. ps under certain Unix OSes) this option should be used with caution.
+.IP "\fBfile:pathname\fR" 10
+.IX Item "file:pathname"
+the first line of \fBpathname\fR is the password. If the same \fBpathname\fR
+argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first
+line will be used for the input password and the next line for the output
+password. \fBpathname\fR need not refer to a regular file: it could for example
+refer to a device or named pipe.
+.IP "\fBfd:number\fR" 10
+.IX Item "fd:number"
+read the password from the file descriptor \fBnumber\fR. This can be used to
+send the data via a pipe for example.
+.IP "\fBstdin\fR" 10
+.IX Item "stdin"
+read the password from standard input.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIconfig\fR\|(5),
+\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1),
+\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1),
+\&\fIenc\fR\|(1), \fIgendsa\fR\|(1), \fIgenpkey\fR\|(1),
+\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIopenssl\fR\|(1),
+\&\fIpasswd\fR\|(1),
+\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1),
+\&\fIrand\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1),
+\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1),
+\&\fIs_server\fR\|(1), \fIs_time\fR\|(1),
+\&\fIsmime\fR\|(1), \fIspkac\fR\|(1),
+\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1),
+\&\fIcrypto\fR\|(3), \fIssl\fR\|(3), \fIx509v3_config\fR\|(5)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2.
+The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3;
+The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0;
+the \fBno\-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a.
+For notes on the availability of other commands, see their individual
+manual pages.