Update to match the current state of crypto/rand, and remove MLINKS for

RAND_event and RAND_screen.
author: miod <> 2014-07-09 17:56:43 +0000
committer: miod <> 2014-07-09 17:56:43 +0000
commit: 886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b (patch)
tree: 5be9b59ec7ebadf006e37ac06006c858c860f945 /src
parent: 911cfe3475e21a780d5ce6cc6eda37cd34760fdd (diff)
download: openbsd-886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b.tar.gz
openbsd-886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b.tar.bz2
openbsd-886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b.zip
9 files changed, 31 insertions, 199 deletions
diff --git a/src/lib/libcrypto/doc/RAND.pod b/src/lib/libcrypto/doc/RAND.pod
index 8f803f33eb..5472ba8b41 100644
--- a/src/lib/libcrypto/doc/RAND.pod
+++ b/src/lib/libcrypto/doc/RAND.pod
@@ -8,51 +8,16 @@ rand - pseudo-random number generator
 #include <openssl/rand.h>
- int  RAND_set_rand_engine(ENGINE *engine);
 int  RAND_bytes(unsigned char *buf, int num);
 int  RAND_pseudo_bytes(unsigned char *buf, int num);
- void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
- int  RAND_status(void);
- int  RAND_load_file(const char *file, long max_bytes);
- int  RAND_write_file(const char *file);
- const char *RAND_file_name(char *file, size_t num);
- void RAND_set_rand_method(const RAND_METHOD *meth);
- const RAND_METHOD *RAND_get_rand_method(void);
- RAND_METHOD *RAND_SSLeay(void);
- void RAND_cleanup(void);
 =head1 DESCRIPTION
-Since the introduction of the ENGINE API, the recommended way of controlling
+These functions give access to the systems cryptographically secure
-default implementations is by using the ENGINE API functions. The default
+pseudo-random number generator (PRNG). It is used by other library functions
-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
+for example to generate random keys, and applications can use it when they
-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommened
-way to control defaults.
-If an alternative B<RAND_METHOD> implementation is being used (either set
-directly or as provided by an ENGINE module), then it is entirely responsible
-for the generation and management of a cryptographically secure PRNG stream. The
-mechanisms described below relate solely to the software PRNG implementation
-built in to OpenSSL and used by default.
-These functions implement a cryptographically secure pseudo-random
-number generator (PRNG). It is used by other library functions for
-example to generate random keys, and applications can use it when they
 need randomness.
-A cryptographic PRNG must be seeded with unpredictable data such as
-mouse movements or keys pressed at random by the user. This is
-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
-seeding process whenever the application is started.
 L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
 PRNG.
@@ -63,10 +28,7 @@ L<arc4random_buf(3)> random number generator.
 =head1 SEE ALSO
-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+L<BN_rand(3)|BN_rand(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>,
+L<RAND_bytes(3)|RAND_bytes(3)>
-L<RAND_bytes(3)|RAND_bytes(3)>,
-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)>
 =cut
diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod
index 67c75dee97..3ffd4910c4 100644
--- a/src/lib/libcrypto/doc/RAND_add.pod
+++ b/src/lib/libcrypto/doc/RAND_add.pod
@@ -24,7 +24,7 @@ should not be used in new programs.
 =head1 SEE ALSO
-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<rand(3)|rand(3)>,
 L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
 =cut
diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod
index 28118e3c2e..5e4c2481d8 100644
--- a/src/lib/libcrypto/doc/RAND_load_file.pod
+++ b/src/lib/libcrypto/doc/RAND_load_file.pod
@@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
 =head1 DESCRIPTION
-RAND_file_name() generates a default path for the random seed
+RAND_file_name() returns a default path for the random seed file.
-file. B<buf> points to a buffer of size B<num> in which to store the
+B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE if that environment variable is
+filename. If B<num> is too small for the path name, an error occurs.
-set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
-too small for the path name, an error occurs.
 RAND_load_file() used to allow for the state of the random number generator
 to be controlled by external sources.
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
index e5b780fad0..c02068bf76 100644
--- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
 =head1 DESCRIPTION
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+These functions used to allow for the random number generator functions
-generation. By modifying the method, alternative implementations such as
+to be replaced by arbitrary code.
-hardware RNGs may be used. IMPORTANT: See the NOTES section for important
-information about how these RAND API functions are affected by the use of
+They are kept for ABI compatibility but are no longer functional, and
-B<ENGINE> API calls.
+should not be used in new programs.
-Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
-returned by RAND_SSLeay().
-RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
-true only whilst no ENGINE has been set as a default for RAND, so this function
-is no longer recommended.
-RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependent on whether the ENGINE
-API is being used, so this function is no longer recommended.
-=head1 THE RAND_METHOD STRUCTURE
- typedef struct rand_meth_st
- {
-        void (*seed)(const void *buf, int num);
-        int (*bytes)(unsigned char *buf, int num);
-        void (*cleanup)(void);
-        void (*add)(const void *buf, int num, int entropy);
-        int (*pseudorand)(unsigned char *buf, int num);
-        int (*status)(void);
- } RAND_METHOD;
-The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
-and RAND_status().
-Each component may be NULL if the function is not implemented.
-=head1 RETURN VALUES
-RAND_set_rand_method() returns no value. RAND_get_rand_method() and
-RAND_SSLeay() return pointers to the respective methods.
-=head1 NOTES
-As of version 0.9.7, RAND_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for RAND functionality using an ENGINE API function,
-that will override any RAND defaults set using the RAND API (ie.
-RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in RAND and other cryptographic
-algorithms.
 =head1 SEE ALSO
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
+L<rand(3)|rand(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 66cb3e49e1..57bf4a2bb8 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2014/04/19 11:15:37 deraadt Exp $
+# $OpenBSD: Makefile,v 1.5 2014/07/09 17:56:43 miod Exp $
 .include <bsd.own.mk>           # for NOMAN
@@ -660,8 +660,6 @@ MLINKS+=\
        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 \
        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 \
        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 \
-        RAND_add.3 RAND_event.3 \
-        RAND_add.3 RAND_screen.3 \
        RAND_add.3 RAND_seed.3 \
        RAND_add.3 RAND_status.3 \
        RAND_bytes.3 RAND_pseudo_bytes.3 \
diff --git a/src/lib/libssl/src/doc/crypto/RAND.pod b/src/lib/libssl/src/doc/crypto/RAND.pod
index 8f803f33eb..5472ba8b41 100644
--- a/src/lib/libssl/src/doc/crypto/RAND.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND.pod
@@ -8,51 +8,16 @@ rand - pseudo-random number generator
 #include <openssl/rand.h>
- int  RAND_set_rand_engine(ENGINE *engine);
 int  RAND_bytes(unsigned char *buf, int num);
 int  RAND_pseudo_bytes(unsigned char *buf, int num);
- void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
- int  RAND_status(void);
- int  RAND_load_file(const char *file, long max_bytes);
- int  RAND_write_file(const char *file);
- const char *RAND_file_name(char *file, size_t num);
- void RAND_set_rand_method(const RAND_METHOD *meth);
- const RAND_METHOD *RAND_get_rand_method(void);
- RAND_METHOD *RAND_SSLeay(void);
- void RAND_cleanup(void);
 =head1 DESCRIPTION
-Since the introduction of the ENGINE API, the recommended way of controlling
+These functions give access to the systems cryptographically secure
-default implementations is by using the ENGINE API functions. The default
+pseudo-random number generator (PRNG). It is used by other library functions
-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
+for example to generate random keys, and applications can use it when they
-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommened
-way to control defaults.
-If an alternative B<RAND_METHOD> implementation is being used (either set
-directly or as provided by an ENGINE module), then it is entirely responsible
-for the generation and management of a cryptographically secure PRNG stream. The
-mechanisms described below relate solely to the software PRNG implementation
-built in to OpenSSL and used by default.
-These functions implement a cryptographically secure pseudo-random
-number generator (PRNG). It is used by other library functions for
-example to generate random keys, and applications can use it when they
 need randomness.
-A cryptographic PRNG must be seeded with unpredictable data such as
-mouse movements or keys pressed at random by the user. This is
-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
-seeding process whenever the application is started.
 L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
 PRNG.
@@ -63,10 +28,7 @@ L<arc4random_buf(3)> random number generator.
 =head1 SEE ALSO
-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+L<BN_rand(3)|BN_rand(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>,
+L<RAND_bytes(3)|RAND_bytes(3)>
-L<RAND_bytes(3)|RAND_bytes(3)>,
-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/RAND_add.pod b/src/lib/libssl/src/doc/crypto/RAND_add.pod
index 67c75dee97..3ffd4910c4 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_add.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_add.pod
@@ -24,7 +24,7 @@ should not be used in new programs.
 =head1 SEE ALSO
-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<rand(3)|rand(3)>,
 L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod
index 28118e3c2e..5e4c2481d8 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod
@@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
 =head1 DESCRIPTION
-RAND_file_name() generates a default path for the random seed
+RAND_file_name() returns a default path for the random seed file.
-file. B<buf> points to a buffer of size B<num> in which to store the
+B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE if that environment variable is
+filename. If B<num> is too small for the path name, an error occurs.
-set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
-too small for the path name, an error occurs.
 RAND_load_file() used to allow for the state of the random number generator
 to be controlled by external sources.
diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
index e5b780fad0..c02068bf76 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
@@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
 =head1 DESCRIPTION
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+These functions used to allow for the random number generator functions
-generation. By modifying the method, alternative implementations such as
+to be replaced by arbitrary code.
-hardware RNGs may be used. IMPORTANT: See the NOTES section for important
-information about how these RAND API functions are affected by the use of
+They are kept for ABI compatibility but are no longer functional, and
-B<ENGINE> API calls.
+should not be used in new programs.
-Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
-returned by RAND_SSLeay().
-RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
-true only whilst no ENGINE has been set as a default for RAND, so this function
-is no longer recommended.
-RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependent on whether the ENGINE
-API is being used, so this function is no longer recommended.
-=head1 THE RAND_METHOD STRUCTURE
- typedef struct rand_meth_st
- {
-        void (*seed)(const void *buf, int num);
-        int (*bytes)(unsigned char *buf, int num);
-        void (*cleanup)(void);
-        void (*add)(const void *buf, int num, int entropy);
-        int (*pseudorand)(unsigned char *buf, int num);
-        int (*status)(void);
- } RAND_METHOD;
-The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
-and RAND_status().
-Each component may be NULL if the function is not implemented.
-=head1 RETURN VALUES
-RAND_set_rand_method() returns no value. RAND_get_rand_method() and
-RAND_SSLeay() return pointers to the respective methods.
-=head1 NOTES
-As of version 0.9.7, RAND_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for RAND functionality using an ENGINE API function,
-that will override any RAND defaults set using the RAND API (ie.
-RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in RAND and other cryptographic
-algorithms.
 =head1 SEE ALSO
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
+L<rand(3)|rand(3)>
 =head1 HISTORY
author	miod <>	2014-07-09 17:56:43 +0000
committer	miod <>	2014-07-09 17:56:43 +0000
commit	886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b (patch)
tree	5be9b59ec7ebadf006e37ac06006c858c860f945 /src
parent	911cfe3475e21a780d5ce6cc6eda37cd34760fdd (diff)
download	openbsd-886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b.tar.gz openbsd-886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b.tar.bz2 openbsd-886f0ff9cbcf437bf1cfe269ab5aa45bf63a039b.zip

diff --git a/src/lib/libcrypto/doc/RAND.pod b/src/lib/libcrypto/doc/RAND.pod index 8f803f33eb..5472ba8b41 100644 --- a/src/lib/libcrypto/doc/RAND.pod +++ b/src/lib/libcrypto/doc/RAND.pod
@@ -8,51 +8,16 @@ rand - pseudo-random number generator
8		8
9	#include <openssl/rand.h>	9	#include <openssl/rand.h>
10		10
11	int RAND_set_rand_engine(ENGINE *engine);
12
13	int RAND_bytes(unsigned char *buf, int num);	11	int RAND_bytes(unsigned char *buf, int num);
14	int RAND_pseudo_bytes(unsigned char *buf, int num);	12	int RAND_pseudo_bytes(unsigned char *buf, int num);
15		13
16	void RAND_seed(const void *buf, int num);
17	void RAND_add(const void *buf, int num, int entropy);
18	int RAND_status(void);
19
20	int RAND_load_file(const char *file, long max_bytes);
21	int RAND_write_file(const char *file);
22	const char RAND_file_name(char file, size_t num);
23
24	void RAND_set_rand_method(const RAND_METHOD *meth);
25	const RAND_METHOD *RAND_get_rand_method(void);
26	RAND_METHOD *RAND_SSLeay(void);
27
28	void RAND_cleanup(void);
29
30	=head1 DESCRIPTION	14	=head1 DESCRIPTION
31		15
32	Since the introduction of the ENGINE API, the recommended way of controlling	16	These functions give access to the systems cryptographically secure
33	default implementations is by using the ENGINE API functions. The default	17	pseudo-random number generator (PRNG). It is used by other library functions
34	B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by	18	for example to generate random keys, and applications can use it when they
35	RAND_get_rand_method(), is only used if no ENGINE has been set as the default
36	"rand" implementation. Hence, these two functions are no longer the recommened
37	way to control defaults.
38
39	If an alternative B<RAND_METHOD> implementation is being used (either set
40	directly or as provided by an ENGINE module), then it is entirely responsible
41	for the generation and management of a cryptographically secure PRNG stream. The
42	mechanisms described below relate solely to the software PRNG implementation
43	built in to OpenSSL and used by default.
44
45	These functions implement a cryptographically secure pseudo-random
46	number generator (PRNG). It is used by other library functions for
47	example to generate random keys, and applications can use it when they
48	need randomness.	19	need randomness.
49		20
50	A cryptographic PRNG must be seeded with unpredictable data such as
51	mouse movements or keys pressed at random by the user. This is
52	described in L<RAND_add(3)\|RAND_add(3)>. Its state can be saved in a seed file
53	(see L<RAND_load_file(3)\|RAND_load_file(3)>) to avoid having to go through the
54	seeding process whenever the application is started.
55
56	L<RAND_bytes(3)\|RAND_bytes(3)> describes how to obtain random data from the	21	L<RAND_bytes(3)\|RAND_bytes(3)> describes how to obtain random data from the
57	PRNG.	22	PRNG.
58		23
@@ -63,10 +28,7 @@ L<arc4random_buf(3)> random number generator.
63		28
64	=head1 SEE ALSO	29	=head1 SEE ALSO
65		30
66	L<BN_rand(3)\|BN_rand(3)>, L<RAND_add(3)\|RAND_add(3)>,	31	L<BN_rand(3)\|BN_rand(3)>,
67	L<RAND_load_file(3)\|RAND_load_file(3)>,	32	L<RAND_bytes(3)\|RAND_bytes(3)>
68	L<RAND_bytes(3)\|RAND_bytes(3)>,
69	L<RAND_set_rand_method(3)\|RAND_set_rand_method(3)>,
70	L<RAND_cleanup(3)\|RAND_cleanup(3)>
71		33
72	=cut	34	=cut


diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod index 67c75dee97..3ffd4910c4 100644 --- a/src/lib/libcrypto/doc/RAND_add.pod +++ b/src/lib/libcrypto/doc/RAND_add.pod
@@ -24,7 +24,7 @@ should not be used in new programs.
24		24
25	=head1 SEE ALSO	25	=head1 SEE ALSO
26		26
27	L<rand(3)\|rand(3)>, L<RAND_egd(3)\|RAND_egd(3)>,	27	L<rand(3)\|rand(3)>,
28	L<RAND_load_file(3)\|RAND_load_file(3)>, L<RAND_cleanup(3)\|RAND_cleanup(3)>	28	L<RAND_load_file(3)\|RAND_load_file(3)>, L<RAND_cleanup(3)\|RAND_cleanup(3)>
29		29
30	=cut	30	=cut


diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod index 28118e3c2e..5e4c2481d8 100644 --- a/src/lib/libcrypto/doc/RAND_load_file.pod +++ b/src/lib/libcrypto/doc/RAND_load_file.pod
@@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
16		16
17	=head1 DESCRIPTION	17	=head1 DESCRIPTION
18		18
19	RAND_file_name() generates a default path for the random seed	19	RAND_file_name() returns a default path for the random seed file.
20	file. B<buf> points to a buffer of size B<num> in which to store the	20	B<buf> points to a buffer of size B<num> in which to store the
21	filename. The seed file is $RANDFILE if that environment variable is	21	filename. If B<num> is too small for the path name, an error occurs.
22	set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
23	too small for the path name, an error occurs.
24		22
25	RAND_load_file() used to allow for the state of the random number generator	23	RAND_load_file() used to allow for the state of the random number generator
26	to be controlled by external sources.	24	to be controlled by external sources.


diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod index e5b780fad0..c02068bf76 100644 --- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod +++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
16		16
17	=head1 DESCRIPTION	17	=head1 DESCRIPTION
18		18
19	A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number	19	These functions used to allow for the random number generator functions
20	generation. By modifying the method, alternative implementations such as	20	to be replaced by arbitrary code.
21	hardware RNGs may be used. IMPORTANT: See the NOTES section for important	21
22	information about how these RAND API functions are affected by the use of	22	They are kept for ABI compatibility but are no longer functional, and
23	B<ENGINE> API calls.	23	should not be used in new programs.
24
25	Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
26	returned by RAND_SSLeay().
27
28	RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
29	true only whilst no ENGINE has been set as a default for RAND, so this function
30	is no longer recommended.
31
32	RAND_get_default_method() returns a pointer to the current RAND_METHOD.
33	However, the meaningfulness of this result is dependent on whether the ENGINE
34	API is being used, so this function is no longer recommended.
35
36	=head1 THE RAND_METHOD STRUCTURE
37
38	typedef struct rand_meth_st
39	{
40	void (seed)(const void buf, int num);
41	int (bytes)(unsigned char buf, int num);
42	void (*cleanup)(void);
43	void (add)(const void buf, int num, int entropy);
44	int (pseudorand)(unsigned char buf, int num);
45	int (*status)(void);
46	} RAND_METHOD;
47
48	The components point to the implementation of RAND_seed(),
49	RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
50	and RAND_status().
51	Each component may be NULL if the function is not implemented.
52
53	=head1 RETURN VALUES
54
55	RAND_set_rand_method() returns no value. RAND_get_rand_method() and
56	RAND_SSLeay() return pointers to the respective methods.
57
58	=head1 NOTES
59
60	As of version 0.9.7, RAND_METHOD implementations are grouped together with other
61	algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
62	default ENGINE is specified for RAND functionality using an ENGINE API function,
63	that will override any RAND defaults set using the RAND API (ie.
64	RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
65	to control default implementations for use in RAND and other cryptographic
66	algorithms.
67		24
68	=head1 SEE ALSO	25	=head1 SEE ALSO
69		26
70	L<rand(3)\|rand(3)>, L<engine(3)\|engine(3)>	27	L<rand(3)\|rand(3)>
71		28
72	=head1 HISTORY	29	=head1 HISTORY
73		30


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 66cb3e49e1..57bf4a2bb8 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.4 2014/04/19 11:15:37 deraadt Exp $	1	# $OpenBSD: Makefile,v 1.5 2014/07/09 17:56:43 miod Exp $
2		2
3	.include <bsd.own.mk> # for NOMAN	3	.include <bsd.own.mk> # for NOMAN
4		4
@@ -660,8 +660,6 @@ MLINKS+=\
660	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 \	660	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 \
661	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 \	661	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 \
662	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 \	662	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 \
663	RAND_add.3 RAND_event.3 \
664	RAND_add.3 RAND_screen.3 \
665	RAND_add.3 RAND_seed.3 \	663	RAND_add.3 RAND_seed.3 \
666	RAND_add.3 RAND_status.3 \	664	RAND_add.3 RAND_status.3 \
667	RAND_bytes.3 RAND_pseudo_bytes.3 \	665	RAND_bytes.3 RAND_pseudo_bytes.3 \


diff --git a/src/lib/libssl/src/doc/crypto/RAND.pod b/src/lib/libssl/src/doc/crypto/RAND.pod index 8f803f33eb..5472ba8b41 100644 --- a/src/lib/libssl/src/doc/crypto/RAND.pod +++ b/src/lib/libssl/src/doc/crypto/RAND.pod
@@ -8,51 +8,16 @@ rand - pseudo-random number generator
8		8
9	#include <openssl/rand.h>	9	#include <openssl/rand.h>
10		10
11	int RAND_set_rand_engine(ENGINE *engine);
12
13	int RAND_bytes(unsigned char *buf, int num);	11	int RAND_bytes(unsigned char *buf, int num);
14	int RAND_pseudo_bytes(unsigned char *buf, int num);	12	int RAND_pseudo_bytes(unsigned char *buf, int num);
15		13
16	void RAND_seed(const void *buf, int num);
17	void RAND_add(const void *buf, int num, int entropy);
18	int RAND_status(void);
19
20	int RAND_load_file(const char *file, long max_bytes);
21	int RAND_write_file(const char *file);
22	const char RAND_file_name(char file, size_t num);
23
24	void RAND_set_rand_method(const RAND_METHOD *meth);
25	const RAND_METHOD *RAND_get_rand_method(void);
26	RAND_METHOD *RAND_SSLeay(void);
27
28	void RAND_cleanup(void);
29
30	=head1 DESCRIPTION	14	=head1 DESCRIPTION
31		15
32	Since the introduction of the ENGINE API, the recommended way of controlling	16	These functions give access to the systems cryptographically secure
33	default implementations is by using the ENGINE API functions. The default	17	pseudo-random number generator (PRNG). It is used by other library functions
34	B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by	18	for example to generate random keys, and applications can use it when they
35	RAND_get_rand_method(), is only used if no ENGINE has been set as the default
36	"rand" implementation. Hence, these two functions are no longer the recommened
37	way to control defaults.
38
39	If an alternative B<RAND_METHOD> implementation is being used (either set
40	directly or as provided by an ENGINE module), then it is entirely responsible
41	for the generation and management of a cryptographically secure PRNG stream. The
42	mechanisms described below relate solely to the software PRNG implementation
43	built in to OpenSSL and used by default.
44
45	These functions implement a cryptographically secure pseudo-random
46	number generator (PRNG). It is used by other library functions for
47	example to generate random keys, and applications can use it when they
48	need randomness.	19	need randomness.
49		20
50	A cryptographic PRNG must be seeded with unpredictable data such as
51	mouse movements or keys pressed at random by the user. This is
52	described in L<RAND_add(3)\|RAND_add(3)>. Its state can be saved in a seed file
53	(see L<RAND_load_file(3)\|RAND_load_file(3)>) to avoid having to go through the
54	seeding process whenever the application is started.
55
56	L<RAND_bytes(3)\|RAND_bytes(3)> describes how to obtain random data from the	21	L<RAND_bytes(3)\|RAND_bytes(3)> describes how to obtain random data from the
57	PRNG.	22	PRNG.
58		23
@@ -63,10 +28,7 @@ L<arc4random_buf(3)> random number generator.
63		28
64	=head1 SEE ALSO	29	=head1 SEE ALSO
65		30
66	L<BN_rand(3)\|BN_rand(3)>, L<RAND_add(3)\|RAND_add(3)>,	31	L<BN_rand(3)\|BN_rand(3)>,
67	L<RAND_load_file(3)\|RAND_load_file(3)>,	32	L<RAND_bytes(3)\|RAND_bytes(3)>
68	L<RAND_bytes(3)\|RAND_bytes(3)>,
69	L<RAND_set_rand_method(3)\|RAND_set_rand_method(3)>,
70	L<RAND_cleanup(3)\|RAND_cleanup(3)>
71		33
72	=cut	34	=cut


diff --git a/src/lib/libssl/src/doc/crypto/RAND_add.pod b/src/lib/libssl/src/doc/crypto/RAND_add.pod index 67c75dee97..3ffd4910c4 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_add.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_add.pod
@@ -24,7 +24,7 @@ should not be used in new programs.
24		24
25	=head1 SEE ALSO	25	=head1 SEE ALSO
26		26
27	L<rand(3)\|rand(3)>, L<RAND_egd(3)\|RAND_egd(3)>,	27	L<rand(3)\|rand(3)>,
28	L<RAND_load_file(3)\|RAND_load_file(3)>, L<RAND_cleanup(3)\|RAND_cleanup(3)>	28	L<RAND_load_file(3)\|RAND_load_file(3)>, L<RAND_cleanup(3)\|RAND_cleanup(3)>
29		29
30	=cut	30	=cut


diff --git a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod index 28118e3c2e..5e4c2481d8 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod
@@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
16		16
17	=head1 DESCRIPTION	17	=head1 DESCRIPTION
18		18
19	RAND_file_name() generates a default path for the random seed	19	RAND_file_name() returns a default path for the random seed file.
20	file. B<buf> points to a buffer of size B<num> in which to store the	20	B<buf> points to a buffer of size B<num> in which to store the
21	filename. The seed file is $RANDFILE if that environment variable is	21	filename. If B<num> is too small for the path name, an error occurs.
22	set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
23	too small for the path name, an error occurs.
24		22
25	RAND_load_file() used to allow for the state of the random number generator	23	RAND_load_file() used to allow for the state of the random number generator
26	to be controlled by external sources.	24	to be controlled by external sources.


diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod index e5b780fad0..c02068bf76 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
@@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
16		16
17	=head1 DESCRIPTION	17	=head1 DESCRIPTION
18		18
19	A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number	19	These functions used to allow for the random number generator functions
20	generation. By modifying the method, alternative implementations such as	20	to be replaced by arbitrary code.
21	hardware RNGs may be used. IMPORTANT: See the NOTES section for important	21
22	information about how these RAND API functions are affected by the use of	22	They are kept for ABI compatibility but are no longer functional, and
23	B<ENGINE> API calls.	23	should not be used in new programs.
24
25	Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
26	returned by RAND_SSLeay().
27
28	RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
29	true only whilst no ENGINE has been set as a default for RAND, so this function
30	is no longer recommended.
31
32	RAND_get_default_method() returns a pointer to the current RAND_METHOD.
33	However, the meaningfulness of this result is dependent on whether the ENGINE
34	API is being used, so this function is no longer recommended.
35
36	=head1 THE RAND_METHOD STRUCTURE
37
38	typedef struct rand_meth_st
39	{
40	void (seed)(const void buf, int num);
41	int (bytes)(unsigned char buf, int num);
42	void (*cleanup)(void);
43	void (add)(const void buf, int num, int entropy);
44	int (pseudorand)(unsigned char buf, int num);
45	int (*status)(void);
46	} RAND_METHOD;
47
48	The components point to the implementation of RAND_seed(),
49	RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
50	and RAND_status().
51	Each component may be NULL if the function is not implemented.
52
53	=head1 RETURN VALUES
54
55	RAND_set_rand_method() returns no value. RAND_get_rand_method() and
56	RAND_SSLeay() return pointers to the respective methods.
57
58	=head1 NOTES
59
60	As of version 0.9.7, RAND_METHOD implementations are grouped together with other
61	algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
62	default ENGINE is specified for RAND functionality using an ENGINE API function,
63	that will override any RAND defaults set using the RAND API (ie.
64	RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
65	to control default implementations for use in RAND and other cryptographic
66	algorithms.
67		24
68	=head1 SEE ALSO	25	=head1 SEE ALSO
69		26
70	L<rand(3)\|rand(3)>, L<engine(3)\|engine(3)>	27	L<rand(3)\|rand(3)>
71		28
72	=head1 HISTORY	29	=head1 HISTORY
73		30