rand_drbg: remove RAND_DRBG.

The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG
type changing mechanism (RAND_DRBG_set()).

Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.

Other related changes:

Use RNG instead of DRBG in EVP_RAND documentation.  The documentation was
using DRBG in places where it should have been RNG or CSRNG.

Move the RAND_DRBG(7) documentation to EVP_RAND(7).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12509)

1 files changed, 16 insertions, 19 deletions

diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod
index e253e9025d..d5fa154224 100644
--- a/doc/man7/RAND.pod
+++ b/doc/man7/RAND.pod
@@ -33,11 +33,12 @@ is available or the trusted source(s) temporarily fail to provide sufficient
 random seed material.
 In this case the CSPRNG enters an error state and ceases to provide output,
 until it is able to recover from the error by reseeding itself.
-For more details on reseeding and error recovery, see L<RAND_DRBG(7)>.
+For more details on reseeding and error recovery, see L<EVP_RAND(7)>.
 
 For values that should remain secret, you can use L<RAND_priv_bytes(3)>
 instead.
-This method does not provide 'better' randomness, it uses the same type of CSPRNG.
+This method does not provide 'better' randomness, it uses the same type of
+CSPRNG.
 The intention behind using a dedicated CSPRNG exclusively for private
 values is that none of its output should be visible to an attacker (e.g.,
 used as salt value), in order to reveal as little information as
@@ -45,35 +46,31 @@ possible about its internal state, and that a compromise of the "public"
 CSPRNG instance will not affect the secrecy of these private values.
 
 In the rare case where the default implementation does not satisfy your special
-requirements, there are two options:
+requirements, the default RAND method can be replaced by your own RAND
+method using L<RAND_set_rand_method(3)>.
 
-=over 2
+Changing the default random generator should be necessary
+only in exceptional cases and is not recommended, unless you have a profound
+knowledge of cryptographic principles and understand the implications of your
+changes.
 
-=item *
+=head1 DEAFULT SETUP
 
-Replace the default RAND method by your own RAND method using
-L<RAND_set_rand_method(3)>.
+The default OpenSSL RAND method is based on the EVP_RAND deterministic random
+bit generator (DRBG) classes.
+A DRBG is a certain type of cryptographically-secure pseudo-random
+number generator (CSPRNG), which is described in [NIST SP 800-90A Rev. 1].
 
-=item *
-
-Modify the default settings of the OpenSSL RAND method by modifying the security
-parameters of the underlying DRBG, which is described in detail in L<RAND_DRBG(7)>.
-
-=back
-
-Changing the default random generator or its default parameters should be necessary
-only in exceptional cases and is not recommended, unless you have a profound knowledge
-of cryptographic principles and understand the implications of your changes.
 
 =head1 SEE ALSO
 
-L<RAND_add(3)>,
 L<RAND_bytes(3)>,
 L<RAND_priv_bytes(3)>,
 L<RAND_get_rand_method(3)>,
 L<RAND_set_rand_method(3)>,
 L<RAND_OpenSSL(3)>,
-L<RAND_DRBG(7)>
+L<EVP_RAND(3)>,
+L<RAND_get0_primary(3)>
 
 =head1 COPYRIGHT