doc: document that 'openssl rand' is cryptographically secure

Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11213)
author: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> 2020-03-02 00:25:29 +0100
committer: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> 2020-03-03 10:55:03 +0100
commit: 88398d2a358fe41e33c61ac02f23ffaeacddcff0 (patch)
tree: a61c8197f46cf38706c9731af031d8ed74f82095 /doc/man1
parent: a24e62f54b48d01832fd0b80f97115927a777a0f (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/doc/man1/openssl-rand.pod.in b/doc/man1/openssl-rand.pod.in
index 61c74df466..b8a01750c8 100644
--- a/doc/man1/openssl-rand.pod.in
+++ b/doc/man1/openssl-rand.pod.in
@@ -20,8 +20,14 @@ I<num>
 
 =head1 DESCRIPTION
 
-This command outputs I<num> pseudo-random bytes after seeding
-the random number generator once.
+This command generates I<num> random bytes using a cryptographically
+secure pseudo random number generator (CSPRNG).
+
+The random bytes are generated using the L<RAND_bytes(3)> function,
+which provides a security level of 256 bits, provided it managed to
+seed itself successfully from a trusted operating system entropy source.
+Otherwise, the command will fail with a non-zero error code.
+For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>.
 
 =head1 OPTIONS
 
@@ -52,7 +58,9 @@ Show the output as a hex string.
 =head1 SEE ALSO
 
 L<openssl(1)>,
-L<RAND_bytes(3)>
+L<RAND_bytes(3)>,
+L<RAND(7)>,
+L<RAND_DRBG(7)>
 
 =head1 COPYRIGHT
author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>	2020-03-02 00:25:29 +0100
committer	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>	2020-03-03 10:55:03 +0100
commit	88398d2a358fe41e33c61ac02f23ffaeacddcff0 (patch)
tree	a61c8197f46cf38706c9731af031d8ed74f82095 /doc/man1
parent	a24e62f54b48d01832fd0b80f97115927a777a0f (diff)