Replace the old OpenSSL PRNG by direct use of arc4random_buf(), keeping the

existing RAND interfaces unchanged. All interfaces allowing external feed or seed of the RNG (either from a file or a local entropy gathering daemon) are kept for ABI compatibility, but are no longer do anything. While the OpenSSL PRNG was required 15+ years ago when many systems lacked proper entropy collection, things have evolved and one can reasonably assume it is better to use the kernel (system global) entropy pool rather than trying to build one's own and having to compensate for thread scheduling... <RANT> Whoever thought that RAND_screen(), feeding the PRNG with the contents of the local workstation's display, under Win32, was a smart idea, ought to be banned from security programming. </RANT> ok beck@ deraadt@ tedu@
author: miod <> 2014-04-15 16:52:50 +0000
committer: miod <> 2014-04-15 16:52:50 +0000
commit: 7a19a50981d49325d35ae058d54f915cbfa1a027 (patch)
tree: cd099da9298b8ab84a5dbbead9a6560737057c97 /src/lib/libcrypto/rand/rand.h
parent: 2d3ffc156e48e292feaa28edc341e694571d2b00 (diff)
download: openbsd-7a19a50981d49325d35ae058d54f915cbfa1a027.tar.gz
openbsd-7a19a50981d49325d35ae058d54f915cbfa1a027.tar.bz2
openbsd-7a19a50981d49325d35ae058d54f915cbfa1a027.zip
1 files changed, 1 insertions, 25 deletions
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index bb5520e80a..e65b4b2e35 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -63,18 +63,10 @@
 #include <openssl/ossl_typ.h>
 #include <openssl/e_os2.h>
-#if defined(OPENSSL_SYS_WINDOWS)
-#include <windows.h>
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
-#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
-#endif
 /* Already defined in ossl_typ.h */
 /* typedef struct rand_meth_st RAND_METHOD; */
@@ -88,10 +80,6 @@ struct rand_meth_st
        int (*status)(void);
        };
-#ifdef BN_DEBUG
-extern int rand_predictable;
-#endif
 int RAND_set_rand_method(const RAND_METHOD *meth);
 const RAND_METHOD *RAND_get_rand_method(void);
 #ifndef OPENSSL_NO_ENGINE
@@ -112,25 +100,13 @@ int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
 int RAND_poll(void);
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-#endif
-#ifdef OPENSSL_FIPS
-void RAND_set_fips_drbg_type(int type, int flags);
-int RAND_init_fips(void);
-#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_RAND_strings(void);
-/* Error codes for the RAND functions. */
+/* Error codes for the RAND functions. (no longer used) */
 /* Function codes. */
 #define RAND_F_RAND_GET_RAND_METHOD                      101
author	miod <>	2014-04-15 16:52:50 +0000
committer	miod <>	2014-04-15 16:52:50 +0000
commit	7a19a50981d49325d35ae058d54f915cbfa1a027 (patch)
tree	cd099da9298b8ab84a5dbbead9a6560737057c97 /src/lib/libcrypto/rand/rand.h
parent	2d3ffc156e48e292feaa28edc341e694571d2b00 (diff)
download	openbsd-7a19a50981d49325d35ae058d54f915cbfa1a027.tar.gz openbsd-7a19a50981d49325d35ae058d54f915cbfa1a027.tar.bz2 openbsd-7a19a50981d49325d35ae058d54f915cbfa1a027.zip