1 files changed, 48 insertions, 27 deletions

diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
index 4316b507579ac..31d105e41d25d 100644
--- a/secure/lib/libcrypto/man/RAND_bytes.3
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -128,51 +128,72 @@
 .rm #[ #] #H #V #F C
 .\" ========================================================================
 .\"
-.IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "2018-08-14" "1.0.2p" "OpenSSL"
+.IX Title "RAND_BYTES 3"
+.TH RAND_BYTES 3 "2018-09-11" "1.1.1" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH "NAME"
-RAND_bytes, RAND_pseudo_bytes \- generate random data
+RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 .Vb 1
 \& #include <openssl/rand.h>
 \&
 \& int RAND_bytes(unsigned char *buf, int num);
-\&
+\& int RAND_priv_bytes(unsigned char *buf, int num);
+.Ve
+.PP
+Deprecated:
+.PP
+.Vb 3
+\& #if OPENSSL_API_COMPAT < 0x10100000L
 \& int RAND_pseudo_bytes(unsigned char *buf, int num);
+\& #endif
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 \&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes
-into \fBbuf\fR. An error occurs if the \s-1PRNG\s0 has not been seeded with
-enough randomness to ensure an unpredictable byte sequence.
-.PP
-\&\fIRAND_pseudo_bytes()\fR puts \fBnum\fR pseudo-random bytes into \fBbuf\fR.
-Pseudo-random byte sequences generated by \fIRAND_pseudo_bytes()\fR will be
-unique if they are of sufficient length, but are not necessarily
-unpredictable. They can be used for non-cryptographic purposes and for
-certain purposes in cryptographic protocols, but usually not for key
-generation etc.
+into \fBbuf\fR.
 .PP
-The contents of \fBbuf\fR is mixed into the entropy pool before retrieving
-the new pseudo-random bytes unless disabled at compile time (see \s-1FAQ\s0).
+\&\fIRAND_priv_bytes()\fR has the same semantics as \fIRAND_bytes()\fR.  It is intended to
+be used for generating values that should remain private. If using the
+default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0
+instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not
+affect the secrecy of these private values, as described in \s-1\fIRAND\s0\fR\|(7)
+and \s-1\fIRAND_DRBG\s0\fR\|(7).
+.SH "NOTES"
+.IX Header "NOTES"
+Always check the error return value of \fIRAND_bytes()\fR and
+\&\fIRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs
+if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an
+unpredictable byte sequence.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIRAND_bytes()\fR returns 1 on success, 0 otherwise. The error code can be
-obtained by \fIERR_get_error\fR\|(3). \fIRAND_pseudo_bytes()\fR returns 1 if the
-bytes generated are cryptographically strong, 0 otherwise. Both
-functions return \-1 if they are not supported by the current \s-1RAND\s0
-method.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fIrand\fR\|(3), \fIERR_get_error\fR\|(3),
-\&\fIRAND_add\fR\|(3)
+\&\fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR
+return 1 on success, \-1 if not supported by the current
+\&\s-1RAND\s0 method, or 0 on other failure. The error code can be
+obtained by \fIERR_get_error\fR\|(3).
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL.  It
-has a return value since OpenSSL 0.9.5. \fIRAND_pseudo_bytes()\fR was added
-in OpenSSL 0.9.5.
+.IP "\(bu" 2
+\&\fIRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fIRAND_bytes()\fR instead.
+.IP "\(bu" 2
+\&\fIRAND_priv_bytes()\fR was added in OpenSSL 1.1.1.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIRAND_add\fR\|(3),
+\&\fIRAND_bytes\fR\|(3),
+\&\fIRAND_priv_bytes\fR\|(3),
+\&\fIERR_get_error\fR\|(3),
+\&\s-1\fIRAND\s0\fR\|(7),
+\&\s-1\fIRAND_DRBG\s0\fR\|(7)
+.SH "COPYRIGHT"
+.IX Header "COPYRIGHT"
+Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file \s-1LICENSE\s0 in the source distribution or at
+<https://www.openssl.org/source/license.html>.