===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.382
retrieving revision 1.384
diff -u -r1.382 -r1.384
--- src/usr.bin/ssh/ssh-keygen.c	2020/01/06 02:00:46	1.382
+++ src/usr.bin/ssh/ssh-keygen.c	2020/01/21 11:06:09	1.384
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.382 2020/01/06 02:00:46 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.384 2020/01/21 11:06:09 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2145,7 +2145,6 @@
 	exit(ok ? 0 : 1);
 }
 
-#ifdef WITH_OPENSSL
 static void
 load_krl(const char *path, struct ssh_krl **krlp)
 {
@@ -2440,7 +2439,6 @@
 	ssh_krl_free(krl);
 	exit(ret);
 }
-#endif
 
 static struct sshkey *
 load_sign_key(const char *keypath, const struct sshkey *pubkey)
@@ -2991,7 +2989,7 @@
 	fprintf(stderr,
 	    "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n"
 	    "                  [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n"
-	    "                  [-N new_passphrase] [-w provider] [-x flags]\n"
+	    "                  [-N new_passphrase] [-O option] [-w provider]\n"
 	    "       ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n"
 	    "                   [-P old_passphrase]\n"
 	    "       ssh-keygen -i [-f input_keyfile] [-m key_format]\n"
@@ -3005,15 +3003,14 @@
 	    "       ssh-keygen -D pkcs11\n");
 #endif
 	fprintf(stderr,
-	    "       ssh-keygen -K path [-w sk_provider]\n");
-	fprintf(stderr,
 	    "       ssh-keygen -F hostname [-lv] [-f known_hosts_file]\n"
 	    "       ssh-keygen -H [-f known_hosts_file]\n"
+	    "       ssh-keygen -K [-w provider]\n"
 	    "       ssh-keygen -R hostname [-f known_hosts_file]\n"
 	    "       ssh-keygen -r hostname [-g] [-f input_keyfile]\n"
 #ifdef WITH_OPENSSL
-	    "       ssh-keygen -M generate [-O option] output\n"
-	    "       ssh-keygen -M screen [-f input_file] [-O option] [-a rounds] output_file\n"
+	    "       ssh-keygen -M generate [-O option] output_file\n"
+	    "       ssh-keygen -M screen [-f input_file] [-O option] output_file\n"
 #endif
 	    "       ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]\n"
 	    "                  [-n principals] [-O option] [-V validity_interval]\n"
@@ -3345,21 +3342,13 @@
 		usage();
 	}
 	if (gen_krl) {
-#ifdef WITH_OPENSSL
 		do_gen_krl(pw, update_krl, ca_key_path,
 		    cert_serial, identity_comment, argc, argv);
 		return (0);
-#else
-		fatal("KRL generation not supported");
-#endif
 	}
 	if (check_krl) {
-#ifdef WITH_OPENSSL
 		do_check_krl(pw, argc, argv);
 		return (0);
-#else
-		fatal("KRL checking not supported");
-#endif
 	}
 	if (ca_key_path != NULL) {
 		if (cert_key_id == NULL)