1 files changed, 28 insertions, 10 deletions

diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index 5da74f19e933..1cb35a02048a 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND 1"
-.TH RAND 1 "2019-09-10" "1.1.1d" "OpenSSL"
+.TH RAND 1 "2020-03-17" "1.1.1e" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -152,12 +152,14 @@ openssl\-rand, rand \- generate pseudo\-random bytes
 \&\fInum\fR
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding
-the random number generator once.  As in other \fBopenssl\fR command
-line tools, \s-1PRNG\s0 seeding uses the file \fI\f(CI$HOME\fI/\fR\fB.rnd\fR or \fB.rnd\fR
-in addition to the files given in the \fB\-rand\fR option.  A new
-\&\fI\f(CI$HOME\fI\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough
-seeding was obtained from these sources.
+This command generates \fInum\fR random bytes using a cryptographically
+secure pseudo random number generator (\s-1CSPRNG\s0).
+.PP
+The random bytes are generated using the \fBRAND_bytes\fR\|(3) function,
+which provides a security level of 256 bits, provided it managed to
+seed itself successfully from a trusted operating system entropy source.
+Otherwise, the command will fail with a nonzero error code.
+For more details, see \fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7), and \s-1\fBRAND_DRBG\s0\fR\|(7).
 .SH "OPTIONS"
 .IX Header "OPTIONS"
 .IP "\fB\-help\fR" 4
@@ -173,6 +175,8 @@ generator.
 Multiple files can be specified separated by an OS-dependent character.
 The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
 all others.
+Explicitly specifying a seed file is in general not necessary, see the
+\&\*(L"\s-1NOTES\*(R"\s0 section for more information.
 .IP "[\fB\-writerand file\fR]" 4
 .IX Item "[-writerand file]"
 Writes random data to the specified \fIfile\fR upon exit.
@@ -183,12 +187,26 @@ Perform base64 encoding on the output.
 .IP "\fB\-hex\fR" 4
 .IX Item "-hex"
 Show the output as a hex string.
+.SH "NOTES"
+.IX Header "NOTES"
+Prior to OpenSSL 1.1.1, it was common for applications to store information
+about the state of the random-number generator in a file that was loaded
+at startup and rewritten upon exit. On modern operating systems, this is
+generally no longer necessary as OpenSSL will seed itself from a trusted
+entropy source provided by the operating system. The \fB\-rand\fR  and
+\&\fB\-writerand\fR  flags are still supported for special platforms or
+circumstances that might require them.
+.PP
+It is generally an error to use the same seed file more than once and
+every use of \fB\-rand\fR should be paired with \fB\-writerand\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fBRAND_bytes\fR\|(3)
+\&\fBRAND_bytes\fR\|(3),
+\&\s-1\fBRAND\s0\fR\|(7),
+\&\s-1\fBRAND_DRBG\s0\fR\|(7)
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy