[openssl] master update

Fri May 8 23:45:22 UTC 2020

The branch master has been updated
       via  8c30dfee3ea038b71f339f193331ed6ac11e3055 (commit)
      from  0324ffc5d5d393111288eca2c9d67f2141ed65f5 (commit)


- Log -----------------------------------------------------------------
commit 8c30dfee3ea038b71f339f193331ed6ac11e3055
Author: Pauli <paul.dale at oracle.com>
Date:   Mon Apr 20 17:22:41 2020 +1000

    doc: remove deprecation notes for apps that are staying.
    
    The apps that are staying are: dhparam, dsa, dsaparam, ec, ecparam, gendsa and
    rsa.
    
    The rsautl app remains deprecated.
    
    The -dsaparam option to dhparam also remains deprecated.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11575)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/openssl-dhparam.pod.in  |  7 +++----
 doc/man1/openssl-dsa.pod.in      |  7 -------
 doc/man1/openssl-dsaparam.pod.in |  7 -------
 doc/man1/openssl-ec.pod.in       |  7 -------
 doc/man1/openssl-ecparam.pod.in  |  8 --------
 doc/man1/openssl-gendsa.pod.in   |  7 -------
 doc/man1/openssl-rsa.pod.in      |  7 -------
 doc/man7/EVP_PKEY-X25519.pod     | 12 +++++++++---
 8 files changed, 12 insertions(+), 50 deletions(-)

diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in
index bb40149403..91883fb840 100644
--- a/doc/man1/openssl-dhparam.pod.in
+++ b/doc/man1/openssl-dhparam.pod.in
@@ -30,9 +30,6 @@ B<openssl dhparam>
 
 =head1 DESCRIPTION
 
-This command has been deprecated.
-The L<openssl-pkeyparam(1)> command should be used instead.
-
 This command is used to manipulate DH parameter files.
 
 =head1 OPTIONS
@@ -62,6 +59,8 @@ as the input filename.
 
 =item B<-dsaparam>
 
+This option is deprecated.
+
 If this option is used, DSA rather than DH parameters are read or created;
 they are converted to DH format.  Otherwise, "strong" primes (such
 that (p-1)/2 is also prime) will be used for DH parameter generation.
@@ -136,7 +135,7 @@ L<openssl-dsaparam(1)>
 
 =head1 HISTORY
 
-This command was deprecated in OpenSSL 3.0.
+The B<-dsaparam> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index a035234323..f3d1a9423c 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -43,9 +43,6 @@ B<openssl> B<dsa>
 
 =head1 DESCRIPTION
 
-This command has been deprecated.
-The L<openssl-pkey(1)> command should be used instead.
-
 This command processes DSA keys. They can be converted between various
 forms and their components printed out. B<Note> This command uses the
 traditional SSLeay compatible format for private key encryption: newer
@@ -162,10 +159,6 @@ L<openssl-gendsa(1)>,
 L<openssl-rsa(1)>,
 L<openssl-genrsa(1)>
 
-=head1 HISTORY
-
-This command was deprecated in OpenSSL 3.0.
-
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in
index d9775dd040..27bd6517e1 100644
--- a/doc/man1/openssl-dsaparam.pod.in
+++ b/doc/man1/openssl-dsaparam.pod.in
@@ -25,9 +25,6 @@ B<openssl dsaparam>
 
 =head1 DESCRIPTION
 
-This command has been deprecated.
-The L<openssl-pkeyparam(1)> command should be used instead.
-
 This command is used to manipulate or generate DSA parameter files.
 
 DSA parameter generation can be a slow process and as a result the same set of
@@ -107,10 +104,6 @@ L<openssl-dsa(1)>,
 L<openssl-genrsa(1)>,
 L<openssl-rsa(1)>
 
-=head1 HISTORY
-
-This command was deprecated in OpenSSL 3.0.
-
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in
index f493a5373a..cad26289b4 100644
--- a/doc/man1/openssl-ec.pod.in
+++ b/doc/man1/openssl-ec.pod.in
@@ -38,9 +38,6 @@ B<openssl> B<ec>
 
 =head1 DESCRIPTION
 
-This command has been deprecated.
-The L<openssl-pkey(1)> command should be used instead.
-
 The L<openssl-ec(1)> command processes EC keys. They can be converted between
 various forms and their components printed out. B<Note> OpenSSL uses the
 private key format specified in 'SEC 1: Elliptic Curve Cryptography'
@@ -183,10 +180,6 @@ L<openssl-ecparam(1)>,
 L<openssl-dsa(1)>,
 L<openssl-rsa(1)>
 
-=head1 HISTORY
-
-This command was deprecated in OpenSSL 3.0.
-
 =head1 COPYRIGHT
 
 Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in
index a42fa35ee4..ff4d97ea5d 100644
--- a/doc/man1/openssl-ecparam.pod.in
+++ b/doc/man1/openssl-ecparam.pod.in
@@ -32,10 +32,6 @@ B<openssl ecparam>
 
 =head1 DESCRIPTION
 
-This command has been deprecated.
-The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands
-should be used instead.
-
 This command is used to manipulate or generate EC parameter files.
 
 OpenSSL is currently not able to generate new groups and therefore
@@ -172,10 +168,6 @@ L<openssl-genpkey(1)>,
 L<openssl-ec(1)>,
 L<openssl-dsaparam(1)>
 
-=head1 HISTORY
-
-This command was deprecated in OpenSSL 3.0.
-
 =head1 COPYRIGHT
 
 Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in
index 0d908e0d61..aca9bb5165 100644
--- a/doc/man1/openssl-gendsa.pod.in
+++ b/doc/man1/openssl-gendsa.pod.in
@@ -33,9 +33,6 @@ B<openssl> B<gendsa>
 
 =head1 DESCRIPTION
 
-This command has been deprecated.
-The L<openssl-genpkey(1)> command should be used instead.
-
 This command generates a DSA private key from a DSA parameter file
 (which will be typically generated by the L<openssl-dsaparam(1)> command).
 
@@ -95,10 +92,6 @@ L<openssl-dsa(1)>,
 L<openssl-genrsa(1)>,
 L<openssl-rsa(1)>
 
-=head1 HISTORY
-
-This command was deprecated in OpenSSL 3.0.
-
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index 59929eafa1..5dacdf9313 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -46,9 +46,6 @@ B<openssl> B<rsa>
 
 =head1 DESCRIPTION
 
-This command has been deprecated.
-The L<openssl-pkey(1)> command should be used instead.
-
 This command processes RSA keys. They can be converted between
 various forms and their components printed out. B<Note> this command uses the
 traditional SSLeay compatible format for private key encryption: newer
@@ -184,10 +181,6 @@ L<openssl-dsa(1)>,
 L<openssl-genrsa(1)>,
 L<openssl-gendsa(1)>
 
-=head1 HISTORY
-
-This command was deprecated in OpenSSL 3.0.
-
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod
index dd3e68f109..58f7525fd9 100644
--- a/doc/man7/EVP_PKEY-X25519.pod
+++ b/doc/man7/EVP_PKEY-X25519.pod
@@ -9,12 +9,18 @@ EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448
 =head1 DESCRIPTION
 
 The B<X25519>, B<X448>, B<ED25519> and B<ED448> keytypes are
-implemented in OpenSSL's default provider.
+implemented in OpenSSL's default and FIPS providers.  These implementations
+support the associated key, containing the public key I<pub> and the
+private key I<priv>.
+
+In the FIPS provider they are non-approved algorithms and do not have the
+"fips=yes" property set.
 
 =head2 Common X25519, X448, ED25519 and ED448 parameters
 
-The following Import/Export types are available for the built-in X25519, X448,
-ED25519 and X448 algorithms:
+In addition to the common parameters that all keytypes should support (see
+L<provider-keymgmt(7)/Common parameters>), the implementation of these keytypes
+support the following.
 
 =over 4
 
