From 7d615e2178fbffa53f05a67f68e5741374340308 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 22 Jul 2020 12:55:31 +1000 Subject: rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/12509) --- NEWS.md | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS.md') diff --git a/NEWS.md b/NEWS.md index 801016f2b5..e40b2932b3 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Remove the `RAND_DRBG` API. * Deprecated the `ENGINE` API. * Added `OPENSSL_CTX`, a libcrypto library context. * Interactive mode is removed from the 'openssl' program. -- cgit v1.2.3