1 files changed, 35 insertions, 28 deletions

diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index 06b9833fde51..5500dd79dace 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -129,14 +129,13 @@
 .\" ========================================================================
 .\"
 .IX Title "GENRSA 1"
-.TH GENRSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
+.TH GENRSA 1 "2018-09-11" "1.1.1" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH "NAME"
-openssl\-genrsa,
-genrsa \- generate an RSA private key
+openssl\-genrsa, genrsa \- generate an RSA private key
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 \&\fBopenssl\fR \fBgenrsa\fR
@@ -157,8 +156,10 @@ genrsa \- generate an RSA private key
 [\fB\-idea\fR]
 [\fB\-f4\fR]
 [\fB\-3\fR]
-[\fB\-rand file(s)\fR]
+[\fB\-rand file...\fR]
+[\fB\-writerand file\fR]
 [\fB\-engine id\fR]
+[\fB\-primes num\fR]
 [\fBnumbits\fR]
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
@@ -174,57 +175,63 @@ Output the key to the specified file. If this argument is not specified then
 standard output is used.
 .IP "\fB\-passout arg\fR" 4
 .IX Item "-passout arg"
-the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
-.IP "\fB\-aes128|\-aes192|\-aes256|\-aria128|\-aria192|\-aria256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
-.IX Item "-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
+The output file password source. For more information about the format
+of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4
+.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea"
 These options encrypt the private key with specified
 cipher before outputting it. If none of these options is
 specified no encryption is used. If encryption is used a pass phrase is prompted
 for if it is not supplied via the \fB\-passout\fR argument.
 .IP "\fB\-F4|\-3\fR" 4
 .IX Item "-F4|-3"
-the public exponent to use, either 65537 or 3. The default is 65537.
-.IP "\fB\-rand file(s)\fR" 4
-.IX Item "-rand file(s)"
-a file or files containing random data used to seed the random number
-generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+The public exponent to use, either 65537 or 3. The default is 65537.
+.IP "\fB\-rand file...\fR" 4
+.IX Item "-rand file..."
+A file or files containing random data used to seed the random number
+generator.
 Multiple files can be specified separated by an OS-dependent character.
 The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
 all others.
+.IP "[\fB\-writerand file\fR]" 4
+.IX Item "[-writerand file]"
+Writes random data to the specified \fIfile\fR upon exit.
+This can be used with a subsequent \fB\-rand\fR flag.
 .IP "\fB\-engine id\fR" 4
 .IX Item "-engine id"
-specifying an engine (by its unique \fBid\fR string) will cause \fBgenrsa\fR
+Specifying an engine (by its unique \fBid\fR string) will cause \fBgenrsa\fR
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
+.IP "\fB\-primes num\fR" 4
+.IX Item "-primes num"
+Specify the number of primes to use while generating the \s-1RSA\s0 key. The \fBnum\fR
+parameter must be a positive integer that is greater than 1 and less than 16.
+If \fBnum\fR is greater than 2, then the generated key is called a 'multi\-prime'
+\&\s-1RSA\s0 key, which is defined in \s-1RFC 8017.\s0
 .IP "\fBnumbits\fR" 4
 .IX Item "numbits"
-the size of the private key to generate in bits. This must be the last option
-specified. The default is 2048.
+The size of the private key to generate in bits. This must be the last option
+specified. The default is 2048 and values less than 512 are not allowed.
 .SH "NOTES"
 .IX Header "NOTES"
-\&\s-1RSA\s0 private key generation essentially involves the generation of two prime
-numbers. When generating a private key various symbols will be output to
+\&\s-1RSA\s0 private key generation essentially involves the generation of two or more
+prime numbers. When generating a private key various symbols will be output to
 indicate the progress of the generation. A \fB.\fR represents each number which
 has passed an initial sieve test, \fB+\fR means a number has passed a single
-round of the Miller-Rabin primality test. A newline means that the number has
-passed all the prime tests (the actual number depends on the key size).
+round of the Miller-Rabin primality test, \fB*\fR means the current prime starts
+a regenerating progress due to some failed tests. A newline means that the number
+has passed all the prime tests (the actual number depends on the key size).
 .PP
 Because key generation is a random process the time taken to generate a key
-may vary somewhat.
-.SH "BUGS"
-.IX Header "BUGS"
-A quirk of the prime generation algorithm is that it cannot generate small
-primes. Therefore the number of bits should not be less that 64. For typical
-private keys this will not matter because for security reasons they will
-be much larger (typically 1024 bits).
+may vary somewhat. But in general, more primes lead to less generation time
+of a key.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIgendsa\fR\|(1)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy