Repairs.

src/lib/libc/crypt/arc4random.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: arc4random.3,v 1.13 2000/04/15 02:15:22 aaron Exp $
+.\" $OpenBSD: arc4random.3,v 1.14 2000/04/18 02:31:34 aaron Exp $
 .\"
 .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
 .\" All rights reserved.
@@ -50,8 +50,8 @@
 The
 .Fn arc4random
 function uses the key stream generator employed by the
-arc4 cipher, which uses 8*8 8 bit S-Boxes. The S-Boxes
-can be in about (2**1700) states.
+arc4 cipher, which uses 8*8 8 bit S-Boxes.
+The S-Boxes can be in about (2**1700) states.
 .Pp
 The
 .Fn arc4random_stir
@@ -74,8 +74,8 @@ automatically initializes itself.
 .Sh HISTORY
 An algorithm call
 .Pa RC4
-was designed by RSA Data Security, Inc.  It was considered a trade secret,
-but not trademarked.
+was designed by RSA Data Security, Inc.
+It was considered a trade secret, but not trademarked.
 A clone of this was posted anonymously to the USENET and was confirmed to
 be equivalent by several sources who had access to the original cipher.
 Because of the trade secret situation, RSA Data Security, Inc. can do

src/lib/libc/crypt/blowfish.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: blowfish.3,v 1.8 2000/04/15 02:15:22 aaron Exp $
+.\" $OpenBSD: blowfish.3,v 1.9 2000/04/18 02:31:34 aaron Exp $
 .\"
 .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
 .\" All rights reserved.
@@ -63,7 +63,8 @@ The block size is 64 bit and the key size is maximal 448 bit.
 The
 .Fn blf_key
 function initializes the 4 8bit S-boxes and the 18 Subkeys with
-the hexadecimal digits of Pi. The key is used for further randomization.
+the hexadecimal digits of Pi.
+The key is used for further randomization.
 The first argument to
 .Fn blf_enc
 is the initialized state derived from

src/lib/libc/crypt/crypt.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt.3,v 1.15 2000/04/15 02:15:22 aaron Exp $
+.\" $OpenBSD: crypt.3,v 1.16 2000/04/18 02:31:34 aaron Exp $
 .\"
 .\" FreeSec: libcrypt
 .\"
@@ -56,24 +56,32 @@
 .Sh DESCRIPTION
 The
 .Fn crypt
-function performs password encryption, based on the
+function performs password encryption based on the
 .Tn NBS
 Data Encryption Standard (DES).
 Additional code has been added to deter key search attempts and to use
 stronger hashing algorithms.
+.Pp
 The first argument to
 .Fn crypt
 is a
 .Dv null Ns -terminated
 string, typically a user's typed password.
 The second is in one of three forms:
-if it begins with an underscore (``_'') then an extended format is used
-in interpreting both the key and the setting, as outlined below. If it begins
-with an string character (``$'') and a number then a different algorithm
-is used depending on the number. At the moment a ``$1'' chooses MD5 hashing
-and a ``$2'' chooses Blowfish hashing, see below for more information.
-.Ss Extended crypt:
-.Pp
+if it begins with an underscore
+.Pq Ql _
+then an extended format is used
+in interpreting both the key and the setting, as outlined below.
+If it begins
+with a string character
+.Pq Ql $
+and a number then a different algorithm is used depending on the number.
+At the moment a
+.Ql $1
+chooses MD5 hashing and a
+.Ql $2
+chooses Blowfish hashing; see below for more information.
+.Ss Extended crypt
 The
 .Ar key
 is divided into groups of 8 characters (the last group is null-padded)
@@ -87,61 +95,68 @@ The setting is a 9-character array consisting of an underscore followed
 by 4 bytes of iteration count and 4 bytes of salt.
 These are encoded as printable characters, 6 bits per character,
 least significant character first.
-The values 0 to 63 are encoded as ``./0-9A-Za-z''.
+The values 0 to 63 are encoded as
+.Dq \&./0-9A-Za-z .
 This allows 24 bits for both
 .Fa count
 and
 .Fa salt .
-.Ss "MD5" crypt:
-.Pp
+.Ss "MD5" crypt
 For
 .Tn MD5
 crypt the version number,
 .Fa salt
-and the hashed password are separated
-by the ``$'' character. The maximum length of a password is limited by
+and the hashed password are separated by the
+.Ql $
+character.
+The maximum length of a password is limited by
 the length counter of the MD5 context, which is about
-2**64. A valid MD5 password entry looks like this:
+2**64.
+A valid MD5 password entry looks like this:
 .Pp
-``$1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1''.
+.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 .
 .Pp
 The whole MD5 password string is passed as
 .Fa setting
 for interpretation.
-.Ss "Blowfish" crypt:
-.Pp
+.Ss "Blowfish" crypt
 The
 .Tn Blowfish
 version of crypt has 128 bits of
 .Fa salt
-in order to make building
-dictionaries of common passwords space consuming. The initial state
-of the
+in order to make building dictionaries of common passwords space consuming.
+The initial state of the
 .Tn Blowfish
 cipher is expanded using the
 .Fa salt
 and the
 .Fa password
 repeating the process a variable number of rounds, which is encoded in
-the password string. The maximum password length is 72. The final Blowfish
-password entry is created by encrypting
-the string ``OrpheanBeholderScryDoubt'' with the
+the password string.
+The maximum password length is 72.
+The final Blowfish password entry is created by encrypting the string
+.Pp
+.Dq OrpheanBeholderScryDoubt
+.Pp
+with the
 .Tn Blowfish
 state 64 times.
 .Pp
 The version number, the logarithm of the number of rounds and
-the concatenation of salt and
-hashed password are separated by the ``$'' character. An encoded ``8''
+the concatenation of salt and hashed password are separated by the
+.Ql $
+character.
+An encoded
+.Sq 8
 would specify 256 rounds.
 A valid Blowfish password looks like this:
 .Pp
-``$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC''.
+.Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC .
 .Pp
 The whole Blowfish password string is passed as
 .Fa setting
 for interpretation.
-.Ss "Traditional" crypt:
-.Pp
+.Ss "Traditional" crypt
 The first 8 bytes of the key are null-padded, and the low-order 7 bits of
 each character is used to form the 56-bit
 .Tn DES
@@ -153,8 +168,7 @@ Thus only 12 bits of
 are used.
 .Fa count
 is set to 25.
-.Ss DES Algorithm:
-.Pp
+.Ss DES Algorithm
 The
 .Fa salt
 introduces disorder in the
@@ -182,10 +196,10 @@ string, 20 or 13 bytes (plus null) in length, consisting of the
 .Ar setting
 followed by the encoded 64-bit encryption.
 .Pp
-The functions,
+The functions
 .Fn encrypt ,
 .Fn setkey ,
-.Fn des_setkey
+.Fn des_setkey ,
 and
 .Fn des_cipher
 provide access to the
@@ -243,7 +257,9 @@ E-box output as described above.
 .Pp
 The function
 .Fn crypt
-returns a pointer to the encrypted value on success, and NULL on failure.
+returns a pointer to the encrypted value on success, and
+.Dv NULL
+on failure.
 The functions
 .Fn setkey ,
 .Fn encrypt ,
@@ -254,7 +270,7 @@ return 0 on success and 1 on failure.
 .Pp
 The
 .Fn crypt ,
-.Fn setkey
+.Fn setkey ,
 and
 .Fn des_setkey
 functions all manipulate the same key space.
@@ -265,12 +281,8 @@ functions all manipulate the same key space.
 .Xr getpass 3 ,
 .Xr md5 3 ,
 .Xr passwd 5
-.Sh BUGS
-The
-.Fn crypt
-function returns a pointer to static data, and subsequent calls to
-.Fn crypt
-will modify the same object.
+.Sh AUTHOR
+David Burren <davidb@werj.com.au>
 .Sh HISTORY
 A rotor-based
 .Fn crypt
@@ -289,9 +301,14 @@ Programs linked against the
 interface may be exported from the U.S.A. only if they use
 .Fn crypt
 solely for authentication purposes and avoid use of
-the other programmer interfaces listed above. Special care has been taken
+the other programmer interfaces listed above.
+Special care has been taken
 in the library so that programs which only use the
 .Fn crypt
 interface do not pull in the other components.
-.Sh AUTHOR
-David Burren <davidb@werj.com.au>
+.Sh BUGS
+The
+.Fn crypt
+function returns a pointer to static data, and subsequent calls to
+.Fn crypt
+will modify the same object.