aboutsummaryrefslogtreecommitdiff
path: root/doc/man1
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2020-03-17 21:27:57 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-03-17 21:27:57 +0000
commitaa144ced5d61b5c7fb74acaebb37d85bd08f0416 (patch)
tree2de6902cff4b007f4fae30a7d6c546b4dd3d1740 /doc/man1
parentfbc3ad1ae1976eb5f2bac351260f2c5ee255c27f (diff)
downloadsrc-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.tar.gz
src-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.zip
Import OpenSSL 1.1.1e.vendor/openssl/1.1.1e
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=359051 svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e
Diffstat (limited to 'doc/man1')
-rw-r--r--doc/man1/ca.pod6
-rw-r--r--doc/man1/dgst.pod9
-rw-r--r--doc/man1/enc.pod9
-rw-r--r--doc/man1/rand.pod35
-rw-r--r--doc/man1/req.pod8
-rw-r--r--doc/man1/s_client.pod4
-rw-r--r--doc/man1/sess_id.pod4
-rw-r--r--doc/man1/x509.pod19
8 files changed, 73 insertions, 21 deletions
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod
index 7385a00941ea..27bb31493a7f 100644
--- a/doc/man1/ca.pod
+++ b/doc/man1/ca.pod
@@ -51,6 +51,7 @@ B<openssl> B<ca>
[B<-engine id>]
[B<-subj arg>]
[B<-utf8>]
+[B<-sigopt nm:v>]
[B<-create_serial>]
[B<-rand_serial>]
[B<-multivalue-rdn>]
@@ -134,6 +135,11 @@ The private key to sign requests with.
The format of the data in the private key file.
The default is PEM.
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
=item B<-key password>
The password used to encrypt the private key. Since on some
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 66a6697eb10e..ea2c4e3e1598 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -12,6 +12,7 @@ B<openssl dgst>
[B<-help>]
[B<-c>]
[B<-d>]
+[B<-list>]
[B<-hex>]
[B<-binary>]
[B<-r>]
@@ -22,6 +23,7 @@ B<openssl dgst>
[B<-verify filename>]
[B<-prverify filename>]
[B<-signature filename>]
+[B<-sigopt nm:v>]
[B<-hmac key>]
[B<-fips-fingerprint>]
[B<-rand file...>]
@@ -66,6 +68,10 @@ B<hex> format output is used.
Print out BIO debugging information.
+=item B<-list>
+
+Prints out a list of supported message digests.
+
=item B<-hex>
Digest is to be output as a hex dump. This is the default case for a "normal"
@@ -78,7 +84,8 @@ Output the digest or signature in binary form.
=item B<-r>
-Output the digest in the "coreutils" format used by programs like B<sha1sum>.
+Output the digest in the "coreutils" format, including newlines.
+Used by programs like B<sha1sum>.
=item B<-out filename>
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index a3e0b03b2000..6f20ac1fc7d5 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -9,6 +9,7 @@ enc - symmetric cipher routines
B<openssl enc -I<cipher>>
[B<-help>]
+[B<-list>]
[B<-ciphers>]
[B<-in filename>]
[B<-out filename>]
@@ -56,10 +57,14 @@ either by itself or in addition to the encryption or decryption.
Print out a usage message.
-=item B<-ciphers>
+=item B<-list>
List all supported ciphers.
+=item B<-ciphers>
+
+Alias of -list to display all supported ciphers.
+
=item B<-in filename>
The input filename, standard input by default.
@@ -419,6 +424,8 @@ certain parameters. So if, for example, you want to use RC2 with a
The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
+The B<-list> option was added in OpenSSL 1.1.1e.
+
=head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/rand.pod b/doc/man1/rand.pod
index 5dd9e8e0a56a..b5d45ab51cf0 100644
--- a/doc/man1/rand.pod
+++ b/doc/man1/rand.pod
@@ -18,12 +18,14 @@ I<num>
=head1 DESCRIPTION
-The B<rand> command outputs I<num> pseudo-random bytes after seeding
-the random number generator once. As in other B<openssl> command
-line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd>
-in addition to the files given in the B<-rand> option. A new
-I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough
-seeding was obtained from these sources.
+This command generates I<num> random bytes using a cryptographically
+secure pseudo random number generator (CSPRNG).
+
+The random bytes are generated using the L<RAND_bytes(3)> function,
+which provides a security level of 256 bits, provided it managed to
+seed itself successfully from a trusted operating system entropy source.
+Otherwise, the command will fail with a nonzero error code.
+For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>.
=head1 OPTIONS
@@ -44,6 +46,8 @@ generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+Explicitly specifying a seed file is in general not necessary, see the
+L</NOTES> section for more information.
=item [B<-writerand file>]
@@ -60,13 +64,28 @@ Show the output as a hex string.
=back
+=head1 NOTES
+
+Prior to OpenSSL 1.1.1, it was common for applications to store information
+about the state of the random-number generator in a file that was loaded
+at startup and rewritten upon exit. On modern operating systems, this is
+generally no longer necessary as OpenSSL will seed itself from a trusted
+entropy source provided by the operating system. The B<-rand> and
+B<-writerand> flags are still supported for special platforms or
+circumstances that might require them.
+
+It is generally an error to use the same seed file more than once and
+every use of B<-rand> should be paired with B<-writerand>.
+
=head1 SEE ALSO
-L<RAND_bytes(3)>
+L<RAND_bytes(3)>,
+L<RAND(7)>,
+L<RAND_DRBG(7)>
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/req.pod b/doc/man1/req.pod
index a9b5b1690a5c..730c59079d67 100644
--- a/doc/man1/req.pod
+++ b/doc/man1/req.pod
@@ -46,6 +46,7 @@ B<openssl> B<req>
[B<-reqopt>]
[B<-subject>]
[B<-subj arg>]
+[B<-sigopt nm:v>]
[B<-batch>]
[B<-verbose>]
[B<-engine id>]
@@ -82,6 +83,11 @@ This specifies the input filename to read a request from or standard input
if this option is not specified. A request is only read if the creation
options (B<-new> and B<-newkey>) are not specified.
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
@@ -689,7 +695,7 @@ L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index e2475ea0678f..68a152a272bd 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -335,7 +335,7 @@ at a positive depth or else "matched EE certificate" at depth 0.
Use one or more times to specify the RRDATA fields of the DANE TLSA
RRset associated with the target service. The B<rrdata> value is
-specied in "presentation form", that is four whitespace separated
+specified in "presentation form", that is four whitespace separated
fields that specify the usage, selector, matching type and associated
data, with the last of these encoded in hexadecimal. Optional
whitespace is ignored in the associated data field. For example:
@@ -828,7 +828,7 @@ The B<-name> option was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/sess_id.pod b/doc/man1/sess_id.pod
index 1f7a1e8670cf..6c54ed988bbe 100644
--- a/doc/man1/sess_id.pod
+++ b/doc/man1/sess_id.pod
@@ -93,7 +93,7 @@ Typical output:
Timeout : 300 (sec)
Verify return code 0 (ok)
-Theses are described below in more detail.
+These are described below in more detail.
=over 4
@@ -156,7 +156,7 @@ L<ciphers(1)>, L<s_server(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 7878753414da..65cec9dbda67 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -11,7 +11,7 @@ B<openssl> B<x509>
[B<-help>]
[B<-inform DER|PEM>]
[B<-outform DER|PEM>]
-[B<-keyform DER|PEM>]
+[B<-keyform DER|PEM|ENGINE>]
[B<-CAform DER|PEM>]
[B<-CAkeyform DER|PEM>]
[B<-in filename>]
@@ -44,7 +44,7 @@ B<openssl> B<x509>
[B<-setalias arg>]
[B<-days arg>]
[B<-set_serial n>]
-[B<-signkey filename>]
+[B<-signkey arg>]
[B<-passin arg>]
[B<-x509toreq>]
[B<-req>]
@@ -61,6 +61,7 @@ B<openssl> B<x509>
[B<-clrext>]
[B<-extfile filename>]
[B<-extensions section>]
+[B<-sigopt nm:v>]
[B<-rand file...>]
[B<-writerand file>]
[B<-engine id>]
@@ -349,10 +350,11 @@ can thus behave like a "mini CA".
=over 4
-=item B<-signkey filename>
+=item B<-signkey arg>
This option causes the input file to be self signed using the supplied
-private key.
+private key or engine. The private key's format is specified with the
+B<-keyform> option.
If the input file is a certificate it sets the issuer name to the
subject name (i.e. makes it self signed) changes the public key to the
@@ -366,6 +368,11 @@ If the input is a certificate request then a self signed certificate
is created using the supplied private key using the subject name in
the request.
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
=item B<-passin arg>
The key password source. For more information about the format of B<arg>
@@ -378,7 +385,7 @@ certificate is being created from another certificate (for example with
the B<-signkey> or the B<-CA> options). Normally all extensions are
retained.
-=item B<-keyform PEM|DER>
+=item B<-keyform PEM|DER|ENGINE>
Specifies the format (DER or PEM) of the private key file used in the
B<-signkey> option.
@@ -925,7 +932,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy