9 files changed, 31 insertions, 199 deletions

diff --git a/lib/libcrypto/doc/RAND.pod b/lib/libcrypto/doc/RAND.pod
index 8f803f33eb3..5472ba8b41a 100644
--- a/lib/libcrypto/doc/RAND.pod
+++ b/lib/libcrypto/doc/RAND.pod
@@ -8,51 +8,16 @@ rand - pseudo-random number generator
 
  #include <openssl/rand.h>
 
- int  RAND_set_rand_engine(ENGINE *engine);
-
  int  RAND_bytes(unsigned char *buf, int num);
  int  RAND_pseudo_bytes(unsigned char *buf, int num);
 
- void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
- int  RAND_status(void);
-
- int  RAND_load_file(const char *file, long max_bytes);
- int  RAND_write_file(const char *file);
- const char *RAND_file_name(char *file, size_t num);
-
- void RAND_set_rand_method(const RAND_METHOD *meth);
- const RAND_METHOD *RAND_get_rand_method(void);
- RAND_METHOD *RAND_SSLeay(void);
-
- void RAND_cleanup(void);
-
 =head1 DESCRIPTION
 
-Since the introduction of the ENGINE API, the recommended way of controlling
-default implementations is by using the ENGINE API functions. The default
-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommened
-way to control defaults.
-
-If an alternative B<RAND_METHOD> implementation is being used (either set
-directly or as provided by an ENGINE module), then it is entirely responsible
-for the generation and management of a cryptographically secure PRNG stream. The
-mechanisms described below relate solely to the software PRNG implementation
-built in to OpenSSL and used by default.
-
-These functions implement a cryptographically secure pseudo-random
-number generator (PRNG). It is used by other library functions for
-example to generate random keys, and applications can use it when they
+These functions give access to the systems cryptographically secure
+pseudo-random number generator (PRNG). It is used by other library functions
+for example to generate random keys, and applications can use it when they
 need randomness.
 
-A cryptographic PRNG must be seeded with unpredictable data such as
-mouse movements or keys pressed at random by the user. This is
-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
-seeding process whenever the application is started.
-
 L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
 PRNG.
 
@@ -63,10 +28,7 @@ L<arc4random_buf(3)> random number generator.
 
 =head1 SEE ALSO
 
-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>,
-L<RAND_bytes(3)|RAND_bytes(3)>,
-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)>
+L<BN_rand(3)|BN_rand(3)>,
+L<RAND_bytes(3)|RAND_bytes(3)>
 
 =cut
diff --git a/lib/libcrypto/doc/RAND_add.pod b/lib/libcrypto/doc/RAND_add.pod
index 67c75dee974..3ffd4910c42 100644
--- a/lib/libcrypto/doc/RAND_add.pod
+++ b/lib/libcrypto/doc/RAND_add.pod
@@ -24,7 +24,7 @@ should not be used in new programs.
 
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<rand(3)|rand(3)>,
 L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
 
 =cut
diff --git a/lib/libcrypto/doc/RAND_load_file.pod b/lib/libcrypto/doc/RAND_load_file.pod
index 28118e3c2e8..5e4c2481d86 100644
--- a/lib/libcrypto/doc/RAND_load_file.pod
+++ b/lib/libcrypto/doc/RAND_load_file.pod
@@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
 
 =head1 DESCRIPTION
 
-RAND_file_name() generates a default path for the random seed
-file. B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE if that environment variable is
-set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
-too small for the path name, an error occurs.
+RAND_file_name() returns a default path for the random seed file.
+B<buf> points to a buffer of size B<num> in which to store the
+filename. If B<num> is too small for the path name, an error occurs.
 
 RAND_load_file() used to allow for the state of the random number generator
 to be controlled by external sources.
diff --git a/lib/libcrypto/doc/RAND_set_rand_method.pod b/lib/libcrypto/doc/RAND_set_rand_method.pod
index e5b780fad06..c02068bf765 100644
--- a/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ b/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
 
 =head1 DESCRIPTION
 
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
-generation. By modifying the method, alternative implementations such as
-hardware RNGs may be used. IMPORTANT: See the NOTES section for important
-information about how these RAND API functions are affected by the use of
-B<ENGINE> API calls.
-
-Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
-returned by RAND_SSLeay().
-
-RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
-true only whilst no ENGINE has been set as a default for RAND, so this function
-is no longer recommended.
-
-RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependent on whether the ENGINE
-API is being used, so this function is no longer recommended.
-
-=head1 THE RAND_METHOD STRUCTURE
-
- typedef struct rand_meth_st
- {
-        void (*seed)(const void *buf, int num);
-        int (*bytes)(unsigned char *buf, int num);
-        void (*cleanup)(void);
-        void (*add)(const void *buf, int num, int entropy);
-        int (*pseudorand)(unsigned char *buf, int num);
-	int (*status)(void);
- } RAND_METHOD;
-
-The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
-and RAND_status().
-Each component may be NULL if the function is not implemented.
-
-=head1 RETURN VALUES
-
-RAND_set_rand_method() returns no value. RAND_get_rand_method() and
-RAND_SSLeay() return pointers to the respective methods.
-
-=head1 NOTES
-
-As of version 0.9.7, RAND_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for RAND functionality using an ENGINE API function,
-that will override any RAND defaults set using the RAND API (ie.
-RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in RAND and other cryptographic
-algorithms.
+These functions used to allow for the random number generator functions
+to be replaced by arbitrary code.
+
+They are kept for ABI compatibility but are no longer functional, and
+should not be used in new programs.
 
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
+L<rand(3)|rand(3)>
 
 =head1 HISTORY
 
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index 66cb3e49e1e..57bf4a2bb8b 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2014/04/19 11:15:37 deraadt Exp $
+# $OpenBSD: Makefile,v 1.5 2014/07/09 17:56:43 miod Exp $
 
 .include <bsd.own.mk>		# for NOMAN
 
@@ -660,8 +660,6 @@ MLINKS+=\
 	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 \
 	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 \
 	PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 \
-	RAND_add.3 RAND_event.3 \
-	RAND_add.3 RAND_screen.3 \
 	RAND_add.3 RAND_seed.3 \
 	RAND_add.3 RAND_status.3 \
 	RAND_bytes.3 RAND_pseudo_bytes.3 \
diff --git a/lib/libssl/src/doc/crypto/RAND.pod b/lib/libssl/src/doc/crypto/RAND.pod
index 8f803f33eb3..5472ba8b41a 100644
--- a/lib/libssl/src/doc/crypto/RAND.pod
+++ b/lib/libssl/src/doc/crypto/RAND.pod
@@ -8,51 +8,16 @@ rand - pseudo-random number generator
 
  #include <openssl/rand.h>
 
- int  RAND_set_rand_engine(ENGINE *engine);
-
  int  RAND_bytes(unsigned char *buf, int num);
  int  RAND_pseudo_bytes(unsigned char *buf, int num);
 
- void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
- int  RAND_status(void);
-
- int  RAND_load_file(const char *file, long max_bytes);
- int  RAND_write_file(const char *file);
- const char *RAND_file_name(char *file, size_t num);
-
- void RAND_set_rand_method(const RAND_METHOD *meth);
- const RAND_METHOD *RAND_get_rand_method(void);
- RAND_METHOD *RAND_SSLeay(void);
-
- void RAND_cleanup(void);
-
 =head1 DESCRIPTION
 
-Since the introduction of the ENGINE API, the recommended way of controlling
-default implementations is by using the ENGINE API functions. The default
-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommened
-way to control defaults.
-
-If an alternative B<RAND_METHOD> implementation is being used (either set
-directly or as provided by an ENGINE module), then it is entirely responsible
-for the generation and management of a cryptographically secure PRNG stream. The
-mechanisms described below relate solely to the software PRNG implementation
-built in to OpenSSL and used by default.
-
-These functions implement a cryptographically secure pseudo-random
-number generator (PRNG). It is used by other library functions for
-example to generate random keys, and applications can use it when they
+These functions give access to the systems cryptographically secure
+pseudo-random number generator (PRNG). It is used by other library functions
+for example to generate random keys, and applications can use it when they
 need randomness.
 
-A cryptographic PRNG must be seeded with unpredictable data such as
-mouse movements or keys pressed at random by the user. This is
-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
-seeding process whenever the application is started.
-
 L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
 PRNG.
 
@@ -63,10 +28,7 @@ L<arc4random_buf(3)> random number generator.
 
 =head1 SEE ALSO
 
-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>,
-L<RAND_bytes(3)|RAND_bytes(3)>,
-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)>
+L<BN_rand(3)|BN_rand(3)>,
+L<RAND_bytes(3)|RAND_bytes(3)>
 
 =cut
diff --git a/lib/libssl/src/doc/crypto/RAND_add.pod b/lib/libssl/src/doc/crypto/RAND_add.pod
index 67c75dee974..3ffd4910c42 100644
--- a/lib/libssl/src/doc/crypto/RAND_add.pod
+++ b/lib/libssl/src/doc/crypto/RAND_add.pod
@@ -24,7 +24,7 @@ should not be used in new programs.
 
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<rand(3)|rand(3)>,
 L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
 
 =cut
diff --git a/lib/libssl/src/doc/crypto/RAND_load_file.pod b/lib/libssl/src/doc/crypto/RAND_load_file.pod
index 28118e3c2e8..5e4c2481d86 100644
--- a/lib/libssl/src/doc/crypto/RAND_load_file.pod
+++ b/lib/libssl/src/doc/crypto/RAND_load_file.pod
@@ -16,11 +16,9 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
 
 =head1 DESCRIPTION
 
-RAND_file_name() generates a default path for the random seed
-file. B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE if that environment variable is
-set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
-too small for the path name, an error occurs.
+RAND_file_name() returns a default path for the random seed file.
+B<buf> points to a buffer of size B<num> in which to store the
+filename. If B<num> is too small for the path name, an error occurs.
 
 RAND_load_file() used to allow for the state of the random number generator
 to be controlled by external sources.
diff --git a/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
index e5b780fad06..c02068bf765 100644
--- a/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
+++ b/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
@@ -16,58 +16,15 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
 
 =head1 DESCRIPTION
 
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
-generation. By modifying the method, alternative implementations such as
-hardware RNGs may be used. IMPORTANT: See the NOTES section for important
-information about how these RAND API functions are affected by the use of
-B<ENGINE> API calls.
-
-Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
-returned by RAND_SSLeay().
-
-RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
-true only whilst no ENGINE has been set as a default for RAND, so this function
-is no longer recommended.
-
-RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependent on whether the ENGINE
-API is being used, so this function is no longer recommended.
-
-=head1 THE RAND_METHOD STRUCTURE
-
- typedef struct rand_meth_st
- {
-        void (*seed)(const void *buf, int num);
-        int (*bytes)(unsigned char *buf, int num);
-        void (*cleanup)(void);
-        void (*add)(const void *buf, int num, int entropy);
-        int (*pseudorand)(unsigned char *buf, int num);
-	int (*status)(void);
- } RAND_METHOD;
-
-The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
-and RAND_status().
-Each component may be NULL if the function is not implemented.
-
-=head1 RETURN VALUES
-
-RAND_set_rand_method() returns no value. RAND_get_rand_method() and
-RAND_SSLeay() return pointers to the respective methods.
-
-=head1 NOTES
-
-As of version 0.9.7, RAND_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for RAND functionality using an ENGINE API function,
-that will override any RAND defaults set using the RAND API (ie.
-RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in RAND and other cryptographic
-algorithms.
+These functions used to allow for the random number generator functions
+to be replaced by arbitrary code.
+
+They are kept for ABI compatibility but are no longer functional, and
+should not be used in new programs.
 
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
+L<rand(3)|rand(3)>
 
 =head1 HISTORY