RAND_add()/RAND_seed(): fix failure on short input or low entropy

[openssl.git] / doc / man1 / cms.pod

diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index 01e93acf1be44e8dff289958fa2fde4efb2edd2a..60ee3b505e1e2f66f9159a28a91e65ad60e1997f 100644 (file)
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+openssl-cms,
 cms - CMS utility
 
 =head1 SYNOPSIS
@@ -82,7 +83,8 @@ B<openssl> B<cms>
 [B<-signer file>]
 [B<-recip file>]
 [B<-keyid>]
-[B<-receipt_request_all -receipt_request_first>]
+[B<-receipt_request_all>]
+[B<-receipt_request_first>]
 [B<-receipt_request_from emailaddress>]
 [B<-receipt_request_to emailaddress>]
 [B<-receipt_request_print>]
@@ -303,7 +305,7 @@ default digest algorithm for the signing key will be used (usually SHA1).
 The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
 or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
 EVP_get_cipherbyname() function) can also be used preceded by a dash, for
-example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for a list of ciphers
+example B<-aes-128-cbc>. See L<enc(1)> for a list of ciphers
 supported by your version of OpenSSL.
 
 If not specified triple DES is used. Only used with B<-encrypt> and
@@ -393,13 +395,16 @@ When encrypting a message this option may be used multiple times to specify
 each recipient. This form B<must> be used if customised parameters are
 required (for example to specify RSA-OAEP).
 
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+option.
+
 =item B<-keyid>
 
 Use subject key identifier to identify certificates instead of issuer name and
 serial number. The supplied certificate B<must> include a subject key
 identifier extension. Supported by B<-sign> and B<-encrypt> options.
 
-=item B<-receipt_request_all -receipt_request_first>
+=item B<-receipt_request_all>, B<-receipt_request_first>
 
 For B<-sign> option include a signed receipt request. Indicate requests should
 be provided by all recipient or first tier recipients (those mailed directly
@@ -717,23 +722,20 @@ No revocation checking is done on the signer's certificate.
 =head1 HISTORY
 
 The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-The B<keyopt> option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
 
-The use of B<-recip> to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The B<keyopt> option was first added in OpenSSL 1.0.2.
 
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
 
 The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
 
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains options was first added to OpenSSL 1.0.2b.
 
 =head1 COPYRIGHT
 
-Copyright 2008-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy