Merge OpenSSL 1.1.1a.

49 files changed, 167 insertions, 106 deletions

diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index 0eecd9ac0b5e..126e63cbaa85 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CA.PL 1"
-.TH CA.PL 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CA.PL 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index a62ec132cf5a..a9d20be114bf 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ASN1PARSE 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index 110d21a109e9..c155e2415098 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CA 1"
-.TH CA 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CA 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -348,8 +348,10 @@ for all available algorithms.
 .IP "\fB\-subj arg\fR" 4
 .IX Item "-subj arg"
 Supersedes subject name given in the request.
-The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR,
-characters may be escaped by \e (backslash), no spaces are skipped.
+The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR.
+Keyword characters may be escaped by \e (backslash), and whitespace is retained.
+Empty values are permitted, but the corresponding type will not be included
+in the resulting certificate.
 .IP "\fB\-utf8\fR" 4
 .IX Item "-utf8"
 This option causes field values to be interpreted as \s-1UTF8\s0 strings, by
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index f9b56e902ce0..82d7870c8e31 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CIPHERS 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index 7f29de61d0ea..152fc013ecc2 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS 1"
-.TH CMS 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CMS 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index c584a6054592..628cb3213b1b 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CRL 1"
-.TH CRL 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CRL 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index 12102f2304d6..20a5269e33f6 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH CRL2PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index 846e01c0d007..db0c6100ae4e 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DGST 1"
-.TH DGST 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DGST 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index 95514740d747..f0a753566e98 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DHPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index 5f860ac6c859..a799b42bfff5 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA 1"
-.TH DSA 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index 33b6cfb0c103..b9c6088097d1 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH DSAPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index 1a752538bf74..b2288579a600 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EC 1"
-.TH EC 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH EC 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index 9157c6314a41..a422cf92a865 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ECPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index a3a27af063ea..c39476ff7383 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ENC 1"
-.TH ENC 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ENC 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -352,7 +352,7 @@ ones provided by configured engines.
 The \fBenc\fR program does not support authenticated encryption modes
 like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future.
 The \fBenc\fR interface by necessity must begin streaming output (e.g.,
-to standard output when \fB\-out\fR is not used before the authentication
+to standard output when \fB\-out\fR is not used) before the authentication
 tag could be validated, leading to the usage of \fBenc\fR in pipelines
 that begin processing untrusted data and are not capable of rolling
 back upon authentication failure.  The \s-1AEAD\s0 modes currently in common
@@ -372,6 +372,7 @@ standard data format and performs the needed key/iv/nonce management.
 \&
 \& bf\-cbc             Blowfish in CBC mode
 \& bf                 Alias for bf\-cbc
+\& blowfish           Alias for bf\-cbc
 \& bf\-cfb             Blowfish in CFB mode
 \& bf\-ecb             Blowfish in ECB mode
 \& bf\-ofb             Blowfish in OFB mode
@@ -383,6 +384,8 @@ standard data format and performs the needed key/iv/nonce management.
 \& cast5\-ecb          CAST5 in ECB mode
 \& cast5\-ofb          CAST5 in OFB mode
 \&
+\& chacha20           ChaCha20 algorithm
+\&
 \& des\-cbc            DES in CBC mode
 \& des                Alias for des\-cbc
 \& des\-cfb            DES in CFB mode
@@ -429,6 +432,19 @@ standard data format and performs the needed key/iv/nonce management.
 \& rc5\-ecb            RC5 cipher in ECB mode
 \& rc5\-ofb            RC5 cipher in OFB mode
 \&
+\& seed\-cbc           SEED cipher in CBC mode
+\& seed               Alias for seed\-cbc
+\& seed\-cfb           SEED cipher in CFB mode
+\& seed\-ecb           SEED cipher in ECB mode
+\& seed\-ofb           SEED cipher in OFB mode
+\&
+\& sm4\-cbc            SM4 cipher in CBC mode
+\& sm4                Alias for sm4\-cbc
+\& sm4\-cfb            SM4 cipher in CFB mode
+\& sm4\-ctr            SM4 cipher in CTR mode
+\& sm4\-ecb            SM4 cipher in ECB mode
+\& sm4\-ofb            SM4 cipher in OFB mode
+\&
 \& aes\-[128|192|256]\-cbc  128/192/256 bit AES in CBC mode
 \& aes[128|192|256]       Alias for aes\-[128|192|256]\-cbc
 \& aes\-[128|192|256]\-cfb  128/192/256 bit AES in 128 bit CFB mode
@@ -438,6 +454,15 @@ standard data format and performs the needed key/iv/nonce management.
 \& aes\-[128|192|256]\-ecb  128/192/256 bit AES in ECB mode
 \& aes\-[128|192|256]\-ofb  128/192/256 bit AES in OFB mode
 \&
+\& aria\-[128|192|256]\-cbc  128/192/256 bit ARIA in CBC mode
+\& aria[128|192|256]       Alias for aria\-[128|192|256]\-cbc
+\& aria\-[128|192|256]\-cfb  128/192/256 bit ARIA in 128 bit CFB mode
+\& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
+\& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
+\& aria\-[128|192|256]\-ctr  128/192/256 bit ARIA in CTR mode
+\& aria\-[128|192|256]\-ecb  128/192/256 bit ARIA in ECB mode
+\& aria\-[128|192|256]\-ofb  128/192/256 bit ARIA in OFB mode
+\&
 \& camellia\-[128|192|256]\-cbc  128/192/256 bit Camellia in CBC mode
 \& camellia[128|192|256]       Alias for camellia\-[128|192|256]\-cbc
 \& camellia\-[128|192|256]\-cfb  128/192/256 bit Camellia in 128 bit CFB mode
@@ -461,35 +486,32 @@ Decode the same file
 \& openssl base64 \-d \-in file.b64 \-out file.bin
 .Ve
 .PP
-Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password:
+Encrypt a file using \s-1AES\-128\s0 using a prompted password
+and \s-1PBKDF2\s0 key derivation:
 .PP
 .Vb 1
-\& openssl des3 \-salt \-in file.txt \-out file.des3
+\& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128
 .Ve
 .PP
 Decrypt a file using a supplied password:
 .PP
-.Vb 1
-\& openssl des3 \-d \-salt \-in file.des3 \-out file.txt \-k mypassword
+.Vb 2
+\& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e
+\&    \-pass pass:<password>
 .Ve
 .PP
 Encrypt a file then base64 encode it (so it can be sent via mail for example)
-using Blowfish in \s-1CBC\s0 mode:
+using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation:
 .PP
 .Vb 1
-\& openssl bf \-a \-salt \-in file.txt \-out file.bf
+\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256
 .Ve
 .PP
-Base64 decode a file then decrypt it:
+Base64 decode a file then decrypt it using a password supplied in a file:
 .PP
-.Vb 1
-\& openssl bf \-d \-salt \-a \-in file.bf \-out file.txt
-.Ve
-.PP
-Decrypt some data using a supplied 40 bit \s-1RC4\s0 key:
-.PP
-.Vb 1
-\& openssl rc4\-40 \-in file.rc4 \-out file.txt \-K 0102030405
+.Vb 2
+\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e
+\&    \-pass file:<passfile>
 .Ve
 .SH "BUGS"
 .IX Header "BUGS"
diff --git a/secure/usr.bin/openssl/man/engine.1 b/secure/usr.bin/openssl/man/engine.1
index fe9591ca396f..851f31e46ae3 100644
--- a/secure/usr.bin/openssl/man/engine.1
+++ b/secure/usr.bin/openssl/man/engine.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ENGINE 1"
-.TH ENGINE 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ENGINE 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index 2debaab43215..25f92828f289 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH ERRSTR 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index 14d9fd9261fb..cdcaaf281d71 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "GENDSA 1"
-.TH GENDSA 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH GENDSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index cbfda8622c75..1fd374770d10 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH GENPKEY 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index 5500dd79dace..f2221a082d6a 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "GENRSA 1"
-.TH GENRSA 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH GENRSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/list.1 b/secure/usr.bin/openssl/man/list.1
index a64ec72c1e86..8b0d6cf3486f 100644
--- a/secure/usr.bin/openssl/man/list.1
+++ b/secure/usr.bin/openssl/man/list.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "LIST 1"
-.TH LIST 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH LIST 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index eb7629438308..c18182844792 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "NSEQ 1"
-.TH NSEQ 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH NSEQ 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index 2ce141bc6b2b..a8c9c564d3fe 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OCSP 1"
-.TH OCSP 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH OCSP 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index e45cd31fc43d..bd6dbf7a6976 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH OPENSSL 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -172,6 +172,9 @@ The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in
 \&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments
 (\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
 .PP
+Detailed documentation and use cases for most standard subcommands are available
+(e.g., \fIx509\fR\|(1) or \fIopenssl\-x509\fR\|(1)).
+.PP
 Many commands use an external configuration file for some or all of their
 arguments and have a \fB\-config\fR option to specify that file.
 The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be used to specify
@@ -427,18 +430,53 @@ BLAKE2s\-256 Digest
 \&\s-1SM3\s0 Digest
 .SS "Encoding and Cipher Commands"
 .IX Subsection "Encoding and Cipher Commands"
+The following aliases provide convenient access to the most used encodings
+and ciphers.
+.PP
+Depending on how OpenSSL was configured and built, not all ciphers listed
+here may be present. See \fIenc\fR\|(1) for more information and command usage.
+.IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4
+.IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb"
+\&\s-1AES\-128\s0 Cipher
+.IP "\fBaes192\fR, \fBaes\-192\-cbc\fR, \fBaes\-192\-cfb\fR, \fBaes\-192\-ctr\fR, \fBaes\-192\-ecb\fR, \fBaes\-192\-ofb\fR" 4
+.IX Item "aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb"
+\&\s-1AES\-192\s0 Cipher
+.IP "\fBaes256\fR, \fBaes\-256\-cbc\fR, \fBaes\-256\-cfb\fR, \fBaes\-256\-ctr\fR, \fBaes\-256\-ecb\fR, \fBaes\-256\-ofb\fR" 4
+.IX Item "aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb"
+\&\s-1AES\-256\s0 Cipher
+.IP "\fBaria128\fR, \fBaria\-128\-cbc\fR, \fBaria\-128\-cfb\fR, \fBaria\-128\-ctr\fR, \fBaria\-128\-ecb\fR, \fBaria\-128\-ofb\fR" 4
+.IX Item "aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb"
+Aria\-128 Cipher
+.IP "\fBaria192\fR, \fBaria\-192\-cbc\fR, \fBaria\-192\-cfb\fR, \fBaria\-192\-ctr\fR, \fBaria\-192\-ecb\fR, \fBaria\-192\-ofb\fR" 4
+.IX Item "aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb"
+Aria\-192 Cipher
+.IP "\fBaria256\fR, \fBaria\-256\-cbc\fR, \fBaria\-256\-cfb\fR, \fBaria\-256\-ctr\fR, \fBaria\-256\-ecb\fR, \fBaria\-256\-ofb\fR" 4
+.IX Item "aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb"
+Aria\-256 Cipher
 .IP "\fBbase64\fR" 4
 .IX Item "base64"
 Base64 Encoding
 .IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4
 .IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb"
 Blowfish Cipher
+.IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4
+.IX Item "camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb"
+Camellia\-128 Cipher
+.IP "\fBcamellia192\fR, \fBcamellia\-192\-cbc\fR, \fBcamellia\-192\-cfb\fR, \fBcamellia\-192\-ctr\fR, \fBcamellia\-192\-ecb\fR, \fBcamellia\-192\-ofb\fR" 4
+.IX Item "camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb"
+Camellia\-192 Cipher
+.IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4
+.IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb"
+Camellia\-256 Cipher
 .IP "\fBcast\fR, \fBcast-cbc\fR" 4
 .IX Item "cast, cast-cbc"
 \&\s-1CAST\s0 Cipher
 .IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4
 .IX Item "cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb"
 \&\s-1CAST5\s0 Cipher
+.IP "\fBchacha20\fR" 4
+.IX Item "chacha20"
+Chacha20 Cipher
 .IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4
 .IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb"
 \&\s-1DES\s0 Cipher
@@ -457,6 +495,12 @@ Triple-DES Cipher
 .IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4
 .IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb"
 \&\s-1RC5\s0 Cipher
+.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4
+.IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb"
+\&\s-1SEED\s0 Cipher
+.IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4
+.IX Item "sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb"
+\&\s-1SM4\s0 Cipher
 .SH "OPTIONS"
 .IX Header "OPTIONS"
 Details of which options are available depend on the specific command.
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index a01d9e4d28e8..b44ea2d0d68a 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PASSWD 1"
-.TH PASSWD 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PASSWD 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index 34d4f5559866..dca9461fefad 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12 1"
-.TH PKCS12 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PKCS12 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index 0b2be258a231..9154b12bf9c3 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7 1"
-.TH PKCS7 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index da5edfc5b9ca..ad6119457bea 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS8 1"
-.TH PKCS8 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PKCS8 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index c5d6ce0e139f..6a9196412fe8 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKEY 1"
-.TH PKEY 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PKEY 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index e4ee8bd9a013..0f84ec6ff4da 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PKEYPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index bd5bbde52353..1c413421a3a7 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PKEYUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/prime.1 b/secure/usr.bin/openssl/man/prime.1
index 0a073a027128..ded2a5e5ac52 100644
--- a/secure/usr.bin/openssl/man/prime.1
+++ b/secure/usr.bin/openssl/man/prime.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PRIME 1"
-.TH PRIME 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH PRIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index c2c1191737cd..ae88ed6a3b9b 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND 1"
-.TH RAND 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH RAND 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index afc45dce57a4..20cf8fe68768 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REQ 1"
-.TH REQ 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH REQ 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -323,8 +323,10 @@ see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
 .IX Item "-subj arg"
 Sets subject name for new request or supersedes the subject name
 when processing a request.
-The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR,
-characters may be escaped by \e (backslash), no spaces are skipped.
+The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR.
+Keyword characters may be escaped by \e (backslash), and whitespace is retained.
+Empty values are permitted, but the corresponding type will not be included
+in the request.
 .IP "\fB\-multivalue\-rdn\fR" 4
 .IX Item "-multivalue-rdn"
 This option causes the \-subj argument to be interpreted with full
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 1f1c8644f3bb..53e2d89a7f74 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA 1"
-.TH RSA 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH RSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -140,8 +140,8 @@ openssl\-rsa, rsa \- RSA key processing tool
 .IX Header "SYNOPSIS"
 \&\fBopenssl\fR \fBrsa\fR
 [\fB\-help\fR]
-[\fB\-inform PEM|NET|DER\fR]
-[\fB\-outform PEM|NET|DER\fR]
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
 [\fB\-in filename\fR]
 [\fB\-passin arg\fR]
 [\fB\-out filename\fR]
@@ -179,16 +179,15 @@ utility.
 .IP "\fB\-help\fR" 4
 .IX Item "-help"
 Print out a usage message.
-.IP "\fB\-inform DER|NET|PEM\fR" 4
-.IX Item "-inform DER|NET|PEM"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
 This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
 form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
 The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
 encoded with additional header and footer lines. On input PKCS#8 format private
-keys are also accepted. The \fB\s-1NET\s0\fR form is a format is described in the \fB\s-1NOTES\s0\fR
-section.
-.IP "\fB\-outform DER|NET|PEM\fR" 4
-.IX Item "-outform DER|NET|PEM"
+keys are also accepted.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
 This specifies the output format, the options have the same meaning and default
 as the \fB\-inform\fR option.
 .IP "\fB\-in filename\fR" 4
@@ -272,17 +271,6 @@ The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines:
 \& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\-
 \& \-\-\-\-\-END RSA PUBLIC KEY\-\-\-\-\-
 .Ve
-.PP
-The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers
-and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption.
-It is not very secure and so should only be used when necessary.
-.PP
-Some newer version of \s-1IIS\s0 have additional data in the exported .key
-files. To use these with the utility, view the file with a binary editor
-and look for the string \*(L"private-key\*(R", then trace back to the byte
-sequence 0x30, 0x82 (this is an \s-1ASN1 SEQUENCE\s0). Copy all the data
-from this point onwards to another file and use that as the input
-to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 To remove the pass phrase on an \s-1RSA\s0 private key:
@@ -322,9 +310,6 @@ Output the public part of a private key in \fBRSAPublicKey\fR format:
 .Ve
 .SH "BUGS"
 .IX Header "BUGS"
-The command line password arguments don't currently work with
-\&\fB\s-1NET\s0\fR format.
-.PP
 There should be an option that automatically handles .key files,
 without having to manually edit them.
 .SH "SEE ALSO"
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index 9a2183296025..089d1ac60789 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH RSAUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index 79283319546f..3601cd511b79 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH S_CLIENT 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index 109d65719f85..f3fa8ae0e466 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH S_SERVER 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -492,12 +492,13 @@ Inhibit printing of session and certificate information.
 Sends a status message back to the client when it connects. This includes
 information about the ciphers used and various session parameters.
 The output is in \s-1HTML\s0 format so this option will normally be used with a
-web browser.
+web browser. Cannot be used in conjunction with \fB\-early_data\fR.
 .IP "\fB\-WWW\fR" 4
 .IX Item "-WWW"
 Emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the \s-1URL\s0 https://myhost/page.html is
-requested the file ./page.html will be loaded.
+requested the file ./page.html will be loaded. Cannot be used in conjunction
+with \fB\-early_data\fR.
 .IP "\fB\-tlsextdebug\fR" 4
 .IX Item "-tlsextdebug"
 Print a hex dump of any \s-1TLS\s0 extensions received from the server.
@@ -507,7 +508,8 @@ Emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the \s-1URL\s0 https://myhost/page.html is
 requested the file ./page.html will be loaded. The files loaded are
 assumed to contain a complete and correct \s-1HTTP\s0 response (lines that
-are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0).
+are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0). Cannot be
+used in conjunction with \fB\-early_data\fR.
 .IP "\fB\-id_prefix val\fR" 4
 .IX Item "-id_prefix val"
 Generate \s-1SSL/TLS\s0 session IDs prefixed by \fBval\fR. This is mostly useful
@@ -560,7 +562,8 @@ output.
 .IP "\fB\-rev\fR" 4
 .IX Item "-rev"
 Simple test server which just reverses the text received from the client
-and sends it back to the server. Also sets \fB\-brief\fR.
+and sends it back to the server. Also sets \fB\-brief\fR. Cannot be used in
+conjunction with \fB\-early_data\fR.
 .IP "\fB\-async\fR" 4
 .IX Item "-async"
 Switch on asynchronous mode. Cryptographic operations will be performed
@@ -745,7 +748,8 @@ flag). The default value is approximately 16k. The argument must be an integer
 greater than or equal to 0.
 .IP "\fB\-early_data\fR" 4
 .IX Item "-early_data"
-Accept early data where possible.
+Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR,
+\&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR.
 .IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4
 .IX Item "-anti_replay, -no_anti_replay"
 Switches replay protection on or off, respectively. Replay protection is on by
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index 220b5e4b4486..0439fe218f68 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "S_TIME 1"
-.TH S_TIME 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH S_TIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index e13d2bea8639..dac71229957c 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH SESS_ID 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index 80dc532af552..d200e89e52a9 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME 1"
-.TH SMIME 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH SMIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index 1a20ee8b9c07..1b556805bd00 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SPEED 1"
-.TH SPEED 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH SPEED 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index cbd60d3f8b5f..99cb3e60b390 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SPKAC 1"
-.TH SPKAC 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH SPKAC 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/srp.1 b/secure/usr.bin/openssl/man/srp.1
index e328b09ccf78..109ca21f1015 100644
--- a/secure/usr.bin/openssl/man/srp.1
+++ b/secure/usr.bin/openssl/man/srp.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SRP 1"
-.TH SRP 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH SRP 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/storeutl.1 b/secure/usr.bin/openssl/man/storeutl.1
index 8c7f9b2d147f..b09f3f473297 100644
--- a/secure/usr.bin/openssl/man/storeutl.1
+++ b/secure/usr.bin/openssl/man/storeutl.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "STOREUTL 1"
-.TH STOREUTL 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH STOREUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -203,8 +203,11 @@ returned.
 .IP "\fB\-subject arg\fR" 4
 .IX Item "-subject arg"
 Search for an object having the subject name \fBarg\fR.
-The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR,
-characters may be escaped by \e (backslash), no spaces are skipped.
+The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR.
+Keyword characters may be escaped by \e (backslash), and whitespace is retained.
+Empty values are permitted but are ignored for the search.  That is,
+a search with an empty value will have the same effect as not specifying
+the type at all.
 .IP "\fB\-issuer arg\fR" 4
 .IX Item "-issuer arg"
 .PD 0
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 7b597e4b42e8..43ad019c7290 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "TS 1"
-.TH TS 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH TS 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1
index a0c6201f2427..9dc722411cb0 100644
--- a/secure/usr.bin/openssl/man/tsget.1
+++ b/secure/usr.bin/openssl/man/tsget.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "TSGET 1"
-.TH TSGET 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH TSGET 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index f36841d8a99e..92d18ae51430 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VERIFY 1"
-.TH VERIFY 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH VERIFY 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
index f2f60adb8b68..7b4cb41e3701 100644
--- a/secure/usr.bin/openssl/man/version.1
+++ b/secure/usr.bin/openssl/man/version.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VERSION 1"
-.TH VERSION 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH VERSION 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index 8a657bf02173..c7a8c229929f 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509 1"
-.TH X509 1 "2018-09-11" "1.1.1" "OpenSSL"
+.TH X509 1 "2018-11-20" "1.1.1a" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -140,8 +140,8 @@ openssl\-x509, x509 \- Certificate display and signing utility
 .IX Header "SYNOPSIS"
 \&\fBopenssl\fR \fBx509\fR
 [\fB\-help\fR]
-[\fB\-inform DER|PEM|NET\fR]
-[\fB\-outform DER|PEM|NET\fR]
+[\fB\-inform DER|PEM\fR]
+[\fB\-outform DER|PEM\fR]
 [\fB\-keyform DER|PEM\fR]
 [\fB\-CAform DER|PEM\fR]
 [\fB\-CAkeyform DER|PEM\fR]
@@ -212,16 +212,15 @@ various sections.
 .IP "\fB\-help\fR" 4
 .IX Item "-help"
 Print out a usage message.
-.IP "\fB\-inform DER|PEM|NET\fR" 4
-.IX Item "-inform DER|PEM|NET"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
 This specifies the input format normally the command will expect an X509
 certificate but this can change if other options such as \fB\-req\fR are
 present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0
 is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines
-added. The \s-1NET\s0 option is an obscure Netscape server format that is now
-obsolete. The default format is \s-1PEM.\s0
-.IP "\fB\-outform DER|PEM|NET\fR" 4
-.IX Item "-outform DER|PEM|NET"
+added. The default format is \s-1PEM.\s0
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
 This specifies the output format, the options have the same meaning and default
 as the \fB\-inform\fR option.
 .IP "\fB\-in filename\fR" 4