aboutsummaryrefslogtreecommitdiff
path: root/doc/man1
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man1')
-rw-r--r--doc/man1/enc.pod4
-rw-r--r--doc/man1/passwd.pod4
-rw-r--r--doc/man1/pkeyutl.pod10
-rw-r--r--doc/man1/s_client.pod2
-rw-r--r--doc/man1/s_server.pod2
5 files changed, 15 insertions, 7 deletions
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index 3c7b6c42ea2c..9068282db543 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -180,8 +180,8 @@ Debug the BIOs used for I/O.
=item B<-z>
-Compress or decompress clear text using zlib before encryption or after
-decryption. This option exists only if OpenSSL with compiled with zlib
+Compress or decompress encrypted data using zlib after encryption or before
+decryption. This option exists only if OpenSSL was compiled with the zlib
or zlib-dynamic option.
=item B<-none>
diff --git a/doc/man1/passwd.pod b/doc/man1/passwd.pod
index c5760fe76eae..26eb2ad35eaf 100644
--- a/doc/man1/passwd.pod
+++ b/doc/man1/passwd.pod
@@ -31,8 +31,6 @@ The B<passwd> command computes the hash of a password typed at
run-time or the hash of each password in a list. The password list is
taken from the named file for option B<-in file>, from stdin for
option B<-stdin>, or from the command line, or from the terminal otherwise.
-The Unix standard algorithm B<crypt> and the MD5-based BSD password
-algorithm B<1>, its Apache variant B<apr1>, and its AIX variant are available.
=head1 OPTIONS
@@ -122,7 +120,7 @@ This can be used with a subsequent B<-rand> flag.
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index 3b350efadd4f..f6fd48d5b579 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -246,6 +246,11 @@ B<PSS> block structure.
For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
explicitly set in PSS mode then the signing digest is used.
+=item B<rsa_oaep_md:>I<digest>
+
+Sets the digest used for the OAEP hash function. If not explicitly set then
+SHA1 is used.
+
=back
=head1 RSA-PSS ALGORITHM
@@ -319,6 +324,11 @@ seed consisting of the single byte 0xFF:
openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
-pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
+Decrypt some data using a private key with OAEP padding using SHA256:
+
+ openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
+ -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
+
=head1 SEE ALSO
L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 743b2db2ba43..f1a2c4abdf53 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -797,7 +797,7 @@ server.
The B<s_client> utility is a test tool and is designed to continue the
handshake after any certificate verification errors. As a result it will
-accept any certificate chain (trusted or not) sent by the peer. None test
+accept any certificate chain (trusted or not) sent by the peer. Non-test
applications should B<not> do this as it makes them vulnerable to a MITM
attack. This behaviour can be changed by with the B<-verify_return_error>
option: any verify errors are then returned aborting the handshake.
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 9fdac4919038..aa6c19d31f9a 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -701,7 +701,7 @@ disabling the ephemeral DH cipher suites.
=item B<-alpn val>, B<-nextprotoneg val>
-These flags enable the Enable the Application-Layer Protocol Negotiation
+These flags enable the Application-Layer Protocol Negotiation
or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
IETF standard and replaces NPN.
The B<val> list is a comma-separated list of supported protocol