From b5fe35f9c15f1a36f0f78d02fdaa6e211a2cc76a Mon Sep 17 00:00:00 2001 From: miod <> Date: Wed, 9 Jul 2014 17:56:43 +0000 Subject: Update to match the current state of crypto/rand, and remove MLINKS for RAND_event and RAND_screen. --- src/lib/libcrypto/doc/RAND.pod | 48 ++----------------- src/lib/libcrypto/doc/RAND_add.pod | 2 +- src/lib/libcrypto/doc/RAND_load_file.pod | 8 ++-- src/lib/libcrypto/doc/RAND_set_rand_method.pod | 55 +++------------------- src/lib/libcrypto/man/Makefile | 4 +- src/lib/libssl/src/doc/crypto/RAND.pod | 48 ++----------------- src/lib/libssl/src/doc/crypto/RAND_add.pod | 2 +- src/lib/libssl/src/doc/crypto/RAND_load_file.pod | 8 ++-- .../libssl/src/doc/crypto/RAND_set_rand_method.pod | 55 +++------------------- 9 files changed, 31 insertions(+), 199 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/doc/RAND.pod b/src/lib/libcrypto/doc/RAND.pod index 8f803f33eb..5472ba8b41 100644 --- a/src/lib/libcrypto/doc/RAND.pod +++ b/src/lib/libcrypto/doc/RAND.pod @@ -8,51 +8,16 @@ rand - pseudo-random number generator #include - int RAND_set_rand_engine(ENGINE *engine); - int RAND_bytes(unsigned char *buf, int num); int RAND_pseudo_bytes(unsigned char *buf, int num); - void RAND_seed(const void *buf, int num); - void RAND_add(const void *buf, int num, int entropy); - int RAND_status(void); - - int RAND_load_file(const char *file, long max_bytes); - int RAND_write_file(const char *file); - const char *RAND_file_name(char *file, size_t num); - - void RAND_set_rand_method(const RAND_METHOD *meth); - const RAND_METHOD *RAND_get_rand_method(void); - RAND_METHOD *RAND_SSLeay(void); - - void RAND_cleanup(void); - =head1 DESCRIPTION -Since the introduction of the ENGINE API, the recommended way of controlling -default implementations is by using the ENGINE API functions. The default -B, as set by RAND_set_rand_method() and returned by -RAND_get_rand_method(), is only used if no ENGINE has been set as the default -"rand" implementation. Hence, these two functions are no longer the recommened -way to control defaults. - -If an alternative B implementation is being used (either set -directly or as provided by an ENGINE module), then it is entirely responsible -for the generation and management of a cryptographically secure PRNG stream. The -mechanisms described below relate solely to the software PRNG implementation -built in to OpenSSL and used by default. - -These functions implement a cryptographically secure pseudo-random -number generator (PRNG). It is used by other library functions for -example to generate random keys, and applications can use it when they +These functions give access to the systems cryptographically secure +pseudo-random number generator (PRNG). It is used by other library functions +for example to generate random keys, and applications can use it when they need randomness. -A cryptographic PRNG must be seeded with unpredictable data such as -mouse movements or keys pressed at random by the user. This is -described in L. Its state can be saved in a seed file -(see L) to avoid having to go through the -seeding process whenever the application is started. - L describes how to obtain random data from the PRNG. @@ -63,10 +28,7 @@ L random number generator. =head1 SEE ALSO -L, L, -L, -L, -L, -L +L, +L =cut diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod index 67c75dee97..3ffd4910c4 100644 --- a/src/lib/libcrypto/doc/RAND_add.pod +++ b/src/lib/libcrypto/doc/RAND_add.pod @@ -24,7 +24,7 @@ should not be used in new programs. =head1 SEE ALSO -L, L, +L, L, L =cut diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod index 28118e3c2e..5e4c2481d8 100644 --- a/src/lib/libcrypto/doc/RAND_load_file.pod +++ b/src/lib/libcrypto/doc/RAND_load_file.pod @@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file =head1 DESCRIPTION -RAND_file_name() generates a default path for the random seed -file. B points to a buffer of size B in which to store the -filename. The seed file is $RANDFILE if that environment variable is -set, $HOME/.rnd otherwise. If $HOME is not set either, or B is -too small for the path name, an error occurs. +RAND_file_name() returns a default path for the random seed file. +B points to a buffer of size B in which to store the +filename. If B is too small for the path name, an error occurs. RAND_load_file() used to allow for the state of the random number generator to be controlled by external sources. diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod index e5b780fad0..c02068bf76 100644 --- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod +++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod @@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method =head1 DESCRIPTION -A B specifies the functions that OpenSSL uses for random number -generation. By modifying the method, alternative implementations such as -hardware RNGs may be used. IMPORTANT: See the NOTES section for important -information about how these RAND API functions are affected by the use of -B API calls. - -Initially, the default RAND_METHOD is the OpenSSL internal implementation, as -returned by RAND_SSLeay(). - -RAND_set_default_method() makes B the method for PRNG use. B: This is -true only whilst no ENGINE has been set as a default for RAND, so this function -is no longer recommended. - -RAND_get_default_method() returns a pointer to the current RAND_METHOD. -However, the meaningfulness of this result is dependent on whether the ENGINE -API is being used, so this function is no longer recommended. - -=head1 THE RAND_METHOD STRUCTURE - - typedef struct rand_meth_st - { - void (*seed)(const void *buf, int num); - int (*bytes)(unsigned char *buf, int num); - void (*cleanup)(void); - void (*add)(const void *buf, int num, int entropy); - int (*pseudorand)(unsigned char *buf, int num); - int (*status)(void); - } RAND_METHOD; - -The components point to the implementation of RAND_seed(), -RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand() -and RAND_status(). -Each component may be NULL if the function is not implemented. - -=head1 RETURN VALUES - -RAND_set_rand_method() returns no value. RAND_get_rand_method() and -RAND_SSLeay() return pointers to the respective methods. - -=head1 NOTES - -As of version 0.9.7, RAND_METHOD implementations are grouped together with other -algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B modules. If a -default ENGINE is specified for RAND functionality using an ENGINE API function, -that will override any RAND defaults set using the RAND API (ie. -RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way -to control default implementations for use in RAND and other cryptographic -algorithms. +These functions used to allow for the random number generator functions +to be replaced by arbitrary code. + +They are kept for ABI compatibility but are no longer functional, and +should not be used in new programs. =head1 SEE ALSO -L, L +L =head1 HISTORY diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 66cb3e49e1..57bf4a2bb8 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.4 2014/04/19 11:15:37 deraadt Exp $ +# $OpenBSD: Makefile,v 1.5 2014/07/09 17:56:43 miod Exp $ .include # for NOMAN @@ -660,8 +660,6 @@ MLINKS+=\ PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 \ PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 \ PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 \ - RAND_add.3 RAND_event.3 \ - RAND_add.3 RAND_screen.3 \ RAND_add.3 RAND_seed.3 \ RAND_add.3 RAND_status.3 \ RAND_bytes.3 RAND_pseudo_bytes.3 \ diff --git a/src/lib/libssl/src/doc/crypto/RAND.pod b/src/lib/libssl/src/doc/crypto/RAND.pod index 8f803f33eb..5472ba8b41 100644 --- a/src/lib/libssl/src/doc/crypto/RAND.pod +++ b/src/lib/libssl/src/doc/crypto/RAND.pod @@ -8,51 +8,16 @@ rand - pseudo-random number generator #include - int RAND_set_rand_engine(ENGINE *engine); - int RAND_bytes(unsigned char *buf, int num); int RAND_pseudo_bytes(unsigned char *buf, int num); - void RAND_seed(const void *buf, int num); - void RAND_add(const void *buf, int num, int entropy); - int RAND_status(void); - - int RAND_load_file(const char *file, long max_bytes); - int RAND_write_file(const char *file); - const char *RAND_file_name(char *file, size_t num); - - void RAND_set_rand_method(const RAND_METHOD *meth); - const RAND_METHOD *RAND_get_rand_method(void); - RAND_METHOD *RAND_SSLeay(void); - - void RAND_cleanup(void); - =head1 DESCRIPTION -Since the introduction of the ENGINE API, the recommended way of controlling -default implementations is by using the ENGINE API functions. The default -B, as set by RAND_set_rand_method() and returned by -RAND_get_rand_method(), is only used if no ENGINE has been set as the default -"rand" implementation. Hence, these two functions are no longer the recommened -way to control defaults. - -If an alternative B implementation is being used (either set -directly or as provided by an ENGINE module), then it is entirely responsible -for the generation and management of a cryptographically secure PRNG stream. The -mechanisms described below relate solely to the software PRNG implementation -built in to OpenSSL and used by default. - -These functions implement a cryptographically secure pseudo-random -number generator (PRNG). It is used by other library functions for -example to generate random keys, and applications can use it when they +These functions give access to the systems cryptographically secure +pseudo-random number generator (PRNG). It is used by other library functions +for example to generate random keys, and applications can use it when they need randomness. -A cryptographic PRNG must be seeded with unpredictable data such as -mouse movements or keys pressed at random by the user. This is -described in L. Its state can be saved in a seed file -(see L) to avoid having to go through the -seeding process whenever the application is started. - L describes how to obtain random data from the PRNG. @@ -63,10 +28,7 @@ L random number generator. =head1 SEE ALSO -L, L, -L, -L, -L, -L +L, +L =cut diff --git a/src/lib/libssl/src/doc/crypto/RAND_add.pod b/src/lib/libssl/src/doc/crypto/RAND_add.pod index 67c75dee97..3ffd4910c4 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_add.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_add.pod @@ -24,7 +24,7 @@ should not be used in new programs. =head1 SEE ALSO -L, L, +L, L, L =cut diff --git a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod index 28118e3c2e..5e4c2481d8 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod @@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file =head1 DESCRIPTION -RAND_file_name() generates a default path for the random seed -file. B points to a buffer of size B in which to store the -filename. The seed file is $RANDFILE if that environment variable is -set, $HOME/.rnd otherwise. If $HOME is not set either, or B is -too small for the path name, an error occurs. +RAND_file_name() returns a default path for the random seed file. +B points to a buffer of size B in which to store the +filename. If B is too small for the path name, an error occurs. RAND_load_file() used to allow for the state of the random number generator to be controlled by external sources. diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod index e5b780fad0..c02068bf76 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod @@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method =head1 DESCRIPTION -A B specifies the functions that OpenSSL uses for random number -generation. By modifying the method, alternative implementations such as -hardware RNGs may be used. IMPORTANT: See the NOTES section for important -information about how these RAND API functions are affected by the use of -B API calls. - -Initially, the default RAND_METHOD is the OpenSSL internal implementation, as -returned by RAND_SSLeay(). - -RAND_set_default_method() makes B the method for PRNG use. B: This is -true only whilst no ENGINE has been set as a default for RAND, so this function -is no longer recommended. - -RAND_get_default_method() returns a pointer to the current RAND_METHOD. -However, the meaningfulness of this result is dependent on whether the ENGINE -API is being used, so this function is no longer recommended. - -=head1 THE RAND_METHOD STRUCTURE - - typedef struct rand_meth_st - { - void (*seed)(const void *buf, int num); - int (*bytes)(unsigned char *buf, int num); - void (*cleanup)(void); - void (*add)(const void *buf, int num, int entropy); - int (*pseudorand)(unsigned char *buf, int num); - int (*status)(void); - } RAND_METHOD; - -The components point to the implementation of RAND_seed(), -RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand() -and RAND_status(). -Each component may be NULL if the function is not implemented. - -=head1 RETURN VALUES - -RAND_set_rand_method() returns no value. RAND_get_rand_method() and -RAND_SSLeay() return pointers to the respective methods. - -=head1 NOTES - -As of version 0.9.7, RAND_METHOD implementations are grouped together with other -algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B modules. If a -default ENGINE is specified for RAND functionality using an ENGINE API function, -that will override any RAND defaults set using the RAND API (ie. -RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way -to control default implementations for use in RAND and other cryptographic -algorithms. +These functions used to allow for the random number generator functions +to be replaced by arbitrary code. + +They are kept for ABI compatibility but are no longer functional, and +should not be used in new programs. =head1 SEE ALSO -L, L +L =head1 HISTORY -- cgit v1.2.3-55-g6feb