Publish the RAND_DRBG API

Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462)

Publish the RAND_DRBG API
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462)
6decf943 · Dr. Matthias St. Pierre · f297e4ec · 6decf943 · 6decf943 · 6decf943
23 changed file
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -918,11 +918,11 @@ RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
 RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
 RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
 RAND_F_RAND_LOAD_FILE:111:RAND_load_file
-RAND_F_RAND_POOL_ADD:103:RAND_POOL_add
+RAND_F_RAND_POOL_ADD:103:rand_pool_add
-RAND_F_RAND_POOL_ADD_BEGIN:113:RAND_POOL_add_begin
+RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
-RAND_F_RAND_POOL_ADD_END:114:RAND_POOL_add_end
+RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
-RAND_F_RAND_POOL_BYTES_NEEDED:115:RAND_POOL_bytes_needed
+RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
-RAND_F_RAND_POOL_NEW:116:RAND_POOL_new
+RAND_F_RAND_POOL_NEW:116:rand_pool_new
 RAND_F_RAND_WRITE_FILE:112:RAND_write_file
 RSA_F_CHECK_PADDING_MD:140:check_padding_md
 RSA_F_ENCODE_PKCS1:146:encode_pkcs1

--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -17,7 +17,7 @@
 #include "internal/evp_int.h"
 #include "modes_lcl.h"
 #include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "evp_locl.h"
 typedef struct {

--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -17,7 +17,7 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "modes_lcl.h"
 #include "internal/evp_int.h"
 #include "internal/constant_time_locl.h"

--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -18,7 +18,7 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "modes_lcl.h"
 #include "internal/constant_time_locl.h"
 #include "internal/evp_int.h"

--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -13,9 +13,9 @@
 # include <openssl/evp.h>
 # include <openssl/modes.h>
 # include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
 # include "internal/aria.h"
 # include "internal/evp_int.h"
-# include "internal/rand.h"
 # include "modes_lcl.h"
 # include "evp_locl.h"

--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -15,7 +15,7 @@
 # include "internal/evp_int.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
 # include "evp_locl.h"
 typedef struct {

--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -15,7 +15,7 @@
 # include "internal/evp_int.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
 # include "evp_locl.h"
 typedef struct {

--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -13,9 +13,9 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
 #include <openssl/engine.h>
 #include "internal/evp_int.h"
-#include "internal/rand.h"
 #include "evp_locl.h"
 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)

--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -14,7 +14,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
 #include "evp_locl.h"
 int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,

--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -15,8 +15,64 @@
 * or in the file LICENSE in the source distribution.
 */
-#include <openssl/rand.h>
+#ifndef HEADER_RAND_INT_H
+# define HEADER_RAND_INT_H
+# include <openssl/rand.h>
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
 void rand_cleanup_int(void);
 void rand_drbg_cleanup_int(void);
 void rand_fork(void);
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen);
+size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+void rand_pool_free(RAND_POOL *pool);
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+size_t rand_pool_add(RAND_POOL *pool,
+                     const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+#endif
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
@@ -12,9 +12,9 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#include "rand_lcl.h"
 #include "internal/thread_once.h"
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
 /*
 * Implementation of NIST SP 800-90A CTR DRBG.
 */

--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -328,7 +328,7 @@ end:
                    RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
            drbg->state = DRBG_ERROR;
        }
-        RAND_POOL_free(drbg->pool);
+        rand_pool_free(drbg->pool);
        drbg->pool = NULL;
    }
    if (drbg->state == DRBG_READY)
@@ -446,7 +446,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
    if (drbg->pool != NULL) {
        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
-        RAND_POOL_free(drbg->pool);
+        rand_pool_free(drbg->pool);
        drbg->pool = NULL;
    }
@@ -464,11 +464,11 @@ int rand_drbg_restart(RAND_DRBG *drbg,
            }
            /* will be picked up by the rand_drbg_get_entropy() callback */
-            drbg->pool = RAND_POOL_new(entropy, len, len);
+            drbg->pool = rand_pool_new(entropy, len, len);
            if (drbg->pool == NULL)
                return 0;
-            RAND_POOL_add(drbg->pool, buffer, len, entropy);
+            rand_pool_add(drbg->pool, buffer, len, entropy);
        } else {
            if (drbg->max_adinlen < len) {
                RANDerr(RAND_F_RAND_DRBG_RESTART,
@@ -516,7 +516,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
    if (drbg->pool != NULL) {
        drbg->state = DRBG_ERROR;
        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
-        RAND_POOL_free(drbg->pool);
+        rand_pool_free(drbg->pool);
        drbg->pool = NULL;
        return 0;
    }

--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -34,13 +34,13 @@ static const ERR_STRING_DATA RAND_str_functs[] = {
    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
     "RAND_DRBG_uninstantiate"},
    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
-    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "RAND_POOL_add"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
-     "RAND_POOL_add_begin"},
+     "rand_pool_add_begin"},
-    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "RAND_POOL_add_end"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
-     "RAND_POOL_bytes_needed"},
+     "rand_pool_bytes_needed"},
-    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "RAND_POOL_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
    {0, NULL}
 };

--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -15,7 +15,7 @@
 # include <openssl/sha.h>
 # include <openssl/hmac.h>
 # include <openssl/ec.h>
-# include "internal/rand.h"
+# include <openssl/rand_drbg.h>
 /* How many times to read the TSC as a randomness source. */
 # define TSC_READ_COUNT                 4
@@ -128,7 +128,7 @@ struct rand_drbg_st {
     * with respect to how randomness is added to the RNG during reseeding
     * (see PR #4328).
     */
-    RAND_POOL *pool;
+    struct rand_pool_st *pool;
    /*
     * The following parameters are setup by the per-type "init" function.
@@ -206,18 +206,6 @@ extern RAND_METHOD rand_meth;
 /* How often we've forked (only incremented in child). */
 extern int rand_fork_count;
-/* Hardware-based seeding functions. */
-size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
-size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
-/* DRBG entropy callbacks. */
-size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
-                             unsigned char **pout,
-                             int entropy, size_t min_len, size_t max_len);
-void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
-                               unsigned char *out, size_t outlen);
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
 /* DRBG helpers */
 int rand_drbg_restart(RAND_DRBG *drbg,
                      const unsigned char *buffer, size_t len, size_t entropy);

--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -95,10 +95,10 @@ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
    if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
        for (i = 0; i < TSC_READ_COUNT; i++) {
            c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
-            RAND_POOL_add(pool, &c, 1, 4);
+            rand_pool_add(pool, &c, 1, 4);
        }
    }
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 #endif
@@ -125,9 +125,9 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
    size_t bytes_needed;
    unsigned char *buffer;
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
    if (bytes_needed > 0) {
-        buffer = RAND_POOL_add_begin(pool, bytes_needed);
+        buffer = rand_pool_add_begin(pool, bytes_needed);
        if (buffer != NULL) {
@@ -135,7 +135,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
            if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
                if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
                    == bytes_needed)
-                    return RAND_POOL_add_end(pool,
+                    return rand_pool_add_end(pool,
                                             bytes_needed,
                                             8 * bytes_needed);
            }
@@ -144,16 +144,16 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
            if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
                if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
                    == bytes_needed)
-                    return RAND_POOL_add_end(pool,
+                    return rand_pool_add_end(pool,
                                             bytes_needed,
                                             8 * bytes_needed);
            }
-            return RAND_POOL_add_end(pool, 0, 0);
+            return rand_pool_add_end(pool, 0, 0);
        }
    }
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 #endif
@@ -165,7 +165,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
 * is fetched using the parent's RAND_DRBG_generate().
 *
 * Otherwise, the entropy is polled from the system entropy sources
- * using RAND_POOL_acquire_entropy().
+ * using rand_pool_acquire_entropy().
 *
 * If a random pool has been added to the DRBG using RAND_add(), then
 * its entropy will be used up first.
@@ -187,22 +187,22 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
        return 0;
    }
-    pool = RAND_POOL_new(entropy, min_len, max_len);
+    pool = rand_pool_new(entropy, min_len, max_len);
    if (pool == NULL)
        return 0;
    if (drbg->pool) {
-        RAND_POOL_add(pool,
+        rand_pool_add(pool,
-                      RAND_POOL_buffer(drbg->pool),
+                      rand_pool_buffer(drbg->pool),
-                      RAND_POOL_length(drbg->pool),
+                      rand_pool_length(drbg->pool),
-                      RAND_POOL_entropy(drbg->pool));
+                      rand_pool_entropy(drbg->pool));
-        RAND_POOL_free(drbg->pool);
+        rand_pool_free(drbg->pool);
        drbg->pool = NULL;
    }
    if (drbg->parent) {
-        size_t bytes_needed = RAND_POOL_bytes_needed(pool, 8);
+        size_t bytes_needed = rand_pool_bytes_needed(pool, 8);
-        unsigned char *buffer = RAND_POOL_add_begin(pool, bytes_needed);
+        unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
        if (buffer != NULL) {
            size_t bytes = 0;
@@ -221,20 +221,20 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
                bytes = bytes_needed;
            rand_drbg_unlock(drbg->parent);
-            entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+            entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
        }
    } else {
        /* Get entropy by polling system entropy sources. */
-        entropy_available = RAND_POOL_acquire_entropy(pool);
+        entropy_available = rand_pool_acquire_entropy(pool);
    }
    if (entropy_available > 0) {
-        ret   = RAND_POOL_length(pool);
+        ret   = rand_pool_length(pool);
-        *pout = RAND_POOL_detach(pool);
+        *pout = rand_pool_detach(pool);
    }
-    RAND_POOL_free(pool);
+    rand_pool_free(pool);
    return ret;
 }
@@ -329,32 +329,32 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
 #endif
    uint64_t tbits;
-    pool = RAND_POOL_new(0, 0, max_len);
+    pool = rand_pool_new(0, 0, max_len);
    if (pool == NULL)
        return 0;
 #ifdef OPENSSL_SYS_UNIX
    pid = getpid();
-    RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+    rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
 #elif defined(OPENSSL_SYS_WIN32)
    pid = GetCurrentProcessId();
-    RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+    rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
 #endif
    thread_id = CRYPTO_THREAD_get_current_id();
    if (thread_id != 0)
-        RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
+        rand_pool_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
    tbits = get_timer_bits();
    if (tbits != 0)
-        RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
+        rand_pool_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
    /* TODO: Use RDSEED? */
-    len = RAND_POOL_length(pool);
+    len = rand_pool_length(pool);
    if (len != 0)
-        *pout = RAND_POOL_detach(pool);
+        *pout = rand_pool_detach(pool);
-    RAND_POOL_free(pool);
+    rand_pool_free(pool);
    return len;
 }
@@ -431,26 +431,26 @@ int RAND_poll(void)
    } else {
        /* fill random pool and seed the current legacy RNG */
-        pool = RAND_POOL_new(RAND_DRBG_STRENGTH,
+        pool = rand_pool_new(RAND_DRBG_STRENGTH,
                             RAND_DRBG_STRENGTH / 8,
                             DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
        if (pool == NULL)
            return 0;
-        if (RAND_POOL_acquire_entropy(pool) == 0)
+        if (rand_pool_acquire_entropy(pool) == 0)
            goto err;
        if (meth->add == NULL
-            || meth->add(RAND_POOL_buffer(pool),
+            || meth->add(rand_pool_buffer(pool),
-                         RAND_POOL_length(pool),
+                         rand_pool_length(pool),
-                         (RAND_POOL_entropy(pool) / 8.0)) == 0)
+                         (rand_pool_entropy(pool) / 8.0)) == 0)
            goto err;
        ret = 1;
    }
 err:
-    RAND_POOL_free(pool);
+    rand_pool_free(pool);
    return ret;
 }
@@ -479,7 +479,7 @@ struct rand_pool_st {
 * Allocate memory and initialize a new random pool
 */
-RAND_POOL *RAND_POOL_new(int entropy, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
 {
    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
@@ -509,7 +509,7 @@ err:
 /*
 * Free |pool|, securely erasing its buffer.
 */
-void RAND_POOL_free(RAND_POOL *pool)
+void rand_pool_free(RAND_POOL *pool)
 {
    if (pool == NULL)
        return;
@@ -521,7 +521,7 @@ void RAND_POOL_free(RAND_POOL *pool)
 /*
 * Return the |pool|'s buffer to the caller (readonly).
 */
-const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
 {
    return pool->buffer;
 }
@@ -529,7 +529,7 @@ const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
 /*
 * Return the |pool|'s entropy to the caller.
 */
-size_t RAND_POOL_entropy(RAND_POOL *pool)
+size_t rand_pool_entropy(RAND_POOL *pool)
 {
    return pool->entropy;
 }
@@ -537,7 +537,7 @@ size_t RAND_POOL_entropy(RAND_POOL *pool)
 /*
 * Return the |pool|'s buffer length to the caller.
 */
-size_t RAND_POOL_length(RAND_POOL *pool)
+size_t rand_pool_length(RAND_POOL *pool)
 {
    return pool->len;
 }
@@ -547,7 +547,7 @@ size_t RAND_POOL_length(RAND_POOL *pool)
 * It's the responsibility of the caller to free the buffer
 * using OPENSSL_secure_clear_free().
 */
-unsigned char *RAND_POOL_detach(RAND_POOL *pool)
+unsigned char *rand_pool_detach(RAND_POOL *pool)
 {
    unsigned char *ret = pool->buffer;
    pool->buffer = NULL;
@@ -571,7 +571,7 @@ unsigned char *RAND_POOL_detach(RAND_POOL *pool)
 *  |entropy|  if the entropy count and buffer size is large enough
 *      0      otherwise
 */
-size_t RAND_POOL_entropy_available(RAND_POOL *pool)
+size_t rand_pool_entropy_available(RAND_POOL *pool)
 {
    if (pool->entropy < pool->requested_entropy)
        return 0;
@@ -587,7 +587,7 @@ size_t RAND_POOL_entropy_available(RAND_POOL *pool)
 * the random pool.
 */
-size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
 {
    if (pool->entropy < pool->requested_entropy)
        return pool->requested_entropy - pool->entropy;
@@ -601,10 +601,10 @@ size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
 * In case of an error, 0 is returned.
 */
-size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
 {
    size_t bytes_needed;
-    size_t entropy_needed = RAND_POOL_entropy_needed(pool);
+    size_t entropy_needed = rand_pool_entropy_needed(pool);
    if (entropy_per_byte < 1 || entropy_per_byte > 8) {
        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
@@ -628,7 +628,7 @@ size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
 }
 /* Returns the remaining number of bytes available */
-size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
 {
    return pool->max_len - pool->len;
 }
@@ -641,9 +641,9 @@ size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
 * randomness.
 *
 * Return available amount of entropy after this operation.
- * (see RAND_POOL_entropy_available(pool))
+ * (see rand_pool_entropy_available(pool))
 */
-size_t RAND_POOL_add(RAND_POOL *pool,
+size_t rand_pool_add(RAND_POOL *pool,
                     const unsigned char *buffer, size_t len, size_t entropy)
 {
    if (len > pool->max_len - pool->len) {
@@ -657,7 +657,7 @@ size_t RAND_POOL_add(RAND_POOL *pool,
        pool->entropy += entropy;
    }
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 /*
@@ -669,10 +669,10 @@ size_t RAND_POOL_add(RAND_POOL *pool,
 * If |len| == 0 this is considered a no-op and a NULL pointer
 * is returned without producing an error message.
 *
- * After updating the buffer, RAND_POOL_add_end() needs to be called
+ * After updating the buffer, rand_pool_add_end() needs to be called
 * to finish the udpate operation (see next comment).
 */
-unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
 {
    if (len == 0)
        return NULL;
@@ -689,12 +689,12 @@ unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
 * Finish to add random bytes to the random pool in-place.
 *
 * Finishes an in-place update of the random pool started by
- * RAND_POOL_add_begin() (see previous comment).
+ * rand_pool_add_begin() (see previous comment).
 * It is expected that |len| bytes of random input have been added
 * to the buffer which contain at least |entropy| bits of randomness.
 * It is allowed to add less bytes than originally reserved.
 */
-size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
 {
    if (len > pool->max_len - pool->len) {
        RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
@@ -706,7 +706,7 @@ size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
        pool->entropy += entropy;
    }
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 int RAND_set_rand_method(const RAND_METHOD *meth)

--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -12,6 +12,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
+#include "internal/rand_int.h"
 #include <stdio.h>
 #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
@@ -50,7 +51,7 @@
 *
 * As a precaution, we assume only 2 bits of entropy per byte.
 */
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
    short int code;
    gid_t curr_gid;
@@ -73,13 +74,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
     * different processes.
     */
    curr_gid = getgid();
-    RAND_POOL_add(pool, &curr_gid, sizeof(curr_gid), 0);
+    rand_pool_add(pool, &curr_gid, sizeof(curr_gid), 0);
    curr_pid = getpid();
-    RAND_POOL_add(pool, &curr_pid, sizeof(curr_pid), 0);
+    rand_pool_add(pool, &curr_pid, sizeof(curr_pid), 0);
    curr_uid = getuid();
-    RAND_POOL_add(pool, &curr_uid, sizeof(curr_uid), 0);
+    rand_pool_add(pool, &curr_uid, sizeof(curr_uid), 0);
-    bytes_needed = RAND_POOL_bytes_needed(pool, 2 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 2 /*entropy_per_byte*/);
    for (i = 0; i < bytes_needed; i++) {
        /*
@@ -102,9 +103,9 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
        /* Get wall clock time, take 8 bits. */
        clock_gettime(CLOCK_REALTIME, &ts);
        v = (unsigned char)(ts.tv_nsec & 0xFF);
-        RAND_POOL_add(pool, arg, &v, sizeof(v) , 2);
+        rand_pool_add(pool, arg, &v, sizeof(v) , 2);
    }
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 # else
@@ -155,25 +156,25 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 * of input from the different entropy sources (trust, quality,
 * possibility of blocking).
 */
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
 #  ifdef OPENSSL_RAND_SEED_NONE
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 #  else
    size_t bytes_needed;
    size_t entropy_available = 0;
    unsigned char *buffer;
 #   ifdef OPENSSL_RAND_SEED_GETRANDOM
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
    if (buffer != NULL) {
        size_t bytes = 0;
        if (getrandom(buffer, bytes_needed, 0) == (int)bytes_needed)
            bytes = bytes_needed;
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
    }
    if (entropy_available > 0)
        return entropy_available;
@@ -186,7 +187,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 #   endif
 #   ifdef OPENSSL_RAND_SEED_DEVRANDOM
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
    if (bytes_needed > 0) {
        static const char *paths[] = { DEVRANDOM, NULL };
        FILE *fp;
@@ -196,19 +197,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
            if ((fp = fopen(paths[i], "rb")) == NULL)
                continue;
            setbuf(fp, NULL);
-            buffer = RAND_POOL_add_begin(pool, bytes_needed);
+            buffer = rand_pool_add_begin(pool, bytes_needed);
            if (buffer != NULL) {
                size_t bytes = 0;
                if (fread(buffer, 1, bytes_needed, fp) == bytes_needed)
                    bytes = bytes_needed;
-                entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+                entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
            }
            fclose(fp);
            if (entropy_available > 0)
                return entropy_available;
-            bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+            bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
        }
    }
 #   endif
@@ -226,13 +227,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 #   endif
 #   ifdef OPENSSL_RAND_SEED_EGD
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
    if (bytes_needed > 0) {
        static const char *paths[] = { DEVRANDOM_EGD, NULL };
        int i;
        for (i = 0; paths[i] != NULL; i++) {
-            buffer = RAND_POOL_add_begin(pool, bytes_needed);
+            buffer = rand_pool_add_begin(pool, bytes_needed);
            if (buffer != NULL) {
                size_t bytes = 0;
                int num = RAND_query_egd_bytes(paths[i],
@@ -240,7 +241,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
                if (num == (int)bytes_needed)
                    bytes = bytes_needed;
-                entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+                entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
            }
            if (entropy_available > 0)
                return entropy_available;
@@ -248,7 +249,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
    }
 #   endif
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 #  endif
 }
 # endif

--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@@ -54,7 +54,7 @@ static struct items_data_st {
    {0, 0}
 };
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
    /* determine the number of items in the JPI array */
    struct items_data_st item_entry;
@@ -117,7 +117,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
     * was that it contains 4 bits of entropy per byte. This makes a total
     * amount of total_length*16 bits (256bits).
     */
-    return RAND_POOL_add(pool,
+    return rand_pool_add(pool,
                         (PTR_T)data_buffer, total_length * 4,
                         total_length * 16);
 }

--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -10,6 +10,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
+#include "internal/rand_int.h"
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # ifndef OPENSSL_RAND_SEED_OS
@@ -38,7 +39,7 @@
 #  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
 # endif
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
 {
 # ifndef USE_BCRYPTGENRANDOM
    HCRYPTPROV hProvider;
@@ -61,21 +62,21 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 # endif
 # ifdef USE_BCRYPTGENRANDOM
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
    if (buffer != NULL) {
        size_t bytes = 0;
        if (BCryptGenRandom(NULL, buffer, bytes_needed,
            BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
            bytes = bytes_needed;
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
    }
    if (entropy_available > 0)
        return entropy_available;
 # else
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
    if (buffer != NULL) {
        size_t bytes = 0;
        /* poll the CryptoAPI PRNG */
@@ -87,13 +88,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
            CryptReleaseContext(hProvider, 0);
        }
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
    }
    if (entropy_available > 0)
        return entropy_available;
-    bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+    bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
-    buffer = RAND_POOL_add_begin(pool, bytes_needed);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
    if (buffer != NULL) {
        size_t bytes = 0;
        /* poll the Pentium PRG with CryptoAPI */
@@ -105,13 +106,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
            CryptReleaseContext(hProvider, 0);
        }
-        entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
    }
    if (entropy_available > 0)
        return entropy_available;
 # endif
-    return RAND_POOL_entropy_available(pool);
+    return rand_pool_entropy_available(pool);
 }
 # if OPENSSL_API_COMPAT < 0x10100000L

--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -115,7 +115,6 @@ typedef struct ec_key_method_st EC_KEY_METHOD;
 typedef struct rand_meth_st RAND_METHOD;
 typedef struct rand_drbg_st RAND_DRBG;
-typedef struct rand_pool_st RAND_POOL;
 typedef struct ssl_dane_st SSL_DANE;
 typedef struct x509_st X509;

--- a/include/internal/rand.h
+++ b/include/internal/rand.h
@@ -10,8 +10,12 @@
 #ifndef HEADER_DRBG_RAND_H
 # define HEADER_DRBG_RAND_H
+# include <time.h>
+# include <openssl/ossl_typ.h>
 /* In CTR mode, disable derivation function ctr_df */
-#define RAND_DRBG_FLAG_CTR_NO_DF            0x1
+# define RAND_DRBG_FLAG_CTR_NO_DF            0x1
 /*
 * Default security strength (in the sense of [NIST SP 800-90Ar1])
@@ -32,6 +36,11 @@
 # define RAND_DRBG_STRENGTH             256
 # define RAND_DRBG_NID                  NID_aes_256_ctr
+# ifdef  __cplusplus
+extern "C" {
+# endif
 /*
 * Object lifetime functions.
 */
@@ -70,13 +79,13 @@ RAND_DRBG *RAND_DRBG_get0_private(void);
 /*
 * EXDATA
 */
-#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
+# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
 int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg);
 void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx);
 /*
- * Callback functions.  See comments in drbg_lib.c
+ * Callback function typedefs
 */
 typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
                                           unsigned char **pout,
@@ -96,38 +105,9 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
                            RAND_DRBG_get_nonce_fn get_nonce,
                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
-/*
- * RAND_POOL functions
- */
-RAND_POOL *RAND_POOL_new(int entropy_requested, size_t min_len, size_t max_len);
-void RAND_POOL_free(RAND_POOL *pool);
-const unsigned char *RAND_POOL_buffer(RAND_POOL *pool);
-unsigned char *RAND_POOL_detach(RAND_POOL *pool);
-size_t RAND_POOL_entropy(RAND_POOL *pool);
+# ifdef  __cplusplus
-size_t RAND_POOL_length(RAND_POOL *pool);
+}
+# endif
-size_t RAND_POOL_entropy_available(RAND_POOL *pool);
-size_t RAND_POOL_entropy_needed(RAND_POOL *pool);
-size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
-size_t RAND_POOL_bytes_remaining(RAND_POOL *pool);
-size_t RAND_POOL_add(RAND_POOL *pool,
-                     const unsigned char *buffer, size_t len, size_t entropy);
-unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len);
-size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy);
-/*
- * Add random bytes to the pool to acquire requested amount of entropy
- *
- * This function is platform specific and tries to acquire the requested
- * amount of entropy by polling platform specific entropy sources.
- *
- * If the function succeeds in acquiring at least |entropy_requested| bits
- * of entropy, the total entropy count is returned. If it fails, it returns
- * an entropy count of 0.
- */
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool);
 #endif
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -14,13 +14,13 @@
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
 #include <openssl/ocsp.h>
 #include <openssl/dh.h>
 #include <openssl/engine.h>
 #include <openssl/async.h>
 #include <openssl/ct.h>
 #include "internal/cryptlib.h"
-#include "internal/rand.h"
 #include "internal/refcount.h"
 const char SSL_version_str[] = OPENSSL_VERSION_TEXT;

--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4402,128 +4402,114 @@ EVP_PKEY_set1_engine                    4347	1_1_0g	EXIST::FUNCTION:ENGINE
 DH_new_by_nid                           4348	1_1_1	EXIST::FUNCTION:DH
 DH_get_nid                              4349	1_1_1	EXIST::FUNCTION:DH
 CRYPTO_get_alloc_counts                 4350	1_1_1	EXIST::FUNCTION:CRYPTO_MDEBUG
-RAND_POOL_new                           4351	1_1_1	EXIST::FUNCTION:
+OPENSSL_sk_new_reserve                  4351	1_1_1	EXIST::FUNCTION:
-RAND_POOL_free                          4352	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_check                 4352	1_1_1	EXIST::FUNCTION:
-RAND_POOL_buffer                        4353	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_siginf                4353	1_1_1	EXIST::FUNCTION:
-RAND_POOL_detach                        4354	1_1_1	EXIST::FUNCTION:
+EVP_sm4_ctr                             4354	1_1_1	EXIST::FUNCTION:SM4
-RAND_POOL_entropy                       4355	1_1_1	EXIST::FUNCTION:
+EVP_sm4_cbc                             4355	1_1_1	EXIST::FUNCTION:SM4
-RAND_POOL_length                        4356	1_1_1	EXIST::FUNCTION:
+EVP_sm4_ofb                             4356	1_1_1	EXIST::FUNCTION:SM4
-RAND_POOL_entropy_available             4357	1_1_1	EXIST::FUNCTION:
+EVP_sm4_ecb                             4357	1_1_1	EXIST::FUNCTION:SM4
-RAND_POOL_entropy_needed                4358	1_1_1	EXIST::FUNCTION:
+EVP_sm4_cfb128                          4358	1_1_1	EXIST::FUNCTION:SM4
-RAND_POOL_bytes_needed                  4359	1_1_1	EXIST::FUNCTION:
+EVP_sm3                                 4359	1_1_1	EXIST::FUNCTION:SM3
-RAND_POOL_bytes_remaining               4360	1_1_1	EXIST::FUNCTION:
+OCSP_resp_get0_signer                   4360	1_1_0h	EXIST::FUNCTION:OCSP
-RAND_POOL_add                           4361	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_public_check                   4361	1_1_1	EXIST::FUNCTION:
-RAND_POOL_add_begin                     4362	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_param_check                    4362	1_1_1	EXIST::FUNCTION:
-RAND_POOL_add_end                       4363	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_set_public_check          4363	1_1_1	EXIST::FUNCTION:
-RAND_POOL_acquire_entropy               4364	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_set_param_check           4364	1_1_1	EXIST::FUNCTION:
-OPENSSL_sk_new_reserve                  4365	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_get_public_check          4365	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_check                 4366	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_meth_get_param_check           4366	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_siginf                4367	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public_check          4367	1_1_1	EXIST::FUNCTION:
-EVP_sm4_ctr                             4368	1_1_1	EXIST::FUNCTION:SM4
+EVP_PKEY_asn1_set_param_check           4368	1_1_1	EXIST::FUNCTION:
-EVP_sm4_cbc                             4369	1_1_1	EXIST::FUNCTION:SM4
+DH_check_ex                             4369	1_1_1	EXIST::FUNCTION:DH
-EVP_sm4_ofb                             4370	1_1_1	EXIST::FUNCTION:SM4
+DH_check_pub_key_ex                     4370	1_1_1	EXIST::FUNCTION:DH
-EVP_sm4_ecb                             4371	1_1_1	EXIST::FUNCTION:SM4
+DH_check_params_ex                      4371	1_1_1	EXIST::FUNCTION:DH
-EVP_sm4_cfb128                          4372	1_1_1	EXIST::FUNCTION:SM4
+RSA_generate_multi_prime_key            4372	1_1_1	EXIST::FUNCTION:RSA
-EVP_sm3                                 4373	1_1_1	EXIST::FUNCTION:SM3
+RSA_get_multi_prime_extra_count         4373	1_1_1	EXIST::FUNCTION:RSA
-OCSP_resp_get0_signer                   4374	1_1_0h	EXIST::FUNCTION:OCSP
+RSA_get0_multi_prime_factors            4374	1_1_1	EXIST::FUNCTION:RSA
-EVP_PKEY_public_check                   4375	1_1_1	EXIST::FUNCTION:
+RSA_get0_multi_prime_crt_params         4375	1_1_1	EXIST::FUNCTION:RSA
-EVP_PKEY_param_check                    4376	1_1_1	EXIST::FUNCTION:
+RSA_set0_multi_prime_params             4376	1_1_1	EXIST::FUNCTION:RSA
-EVP_PKEY_meth_set_public_check          4377	1_1_1	EXIST::FUNCTION:
+RSA_get_version                         4377	1_1_1	EXIST::FUNCTION:RSA
-EVP_PKEY_meth_set_param_check           4378	1_1_1	EXIST::FUNCTION:
+RSA_meth_get_multi_prime_keygen         4378	1_1_1	EXIST::FUNCTION:RSA
-EVP_PKEY_meth_get_public_check          4379	1_1_1	EXIST::FUNCTION:
+RSA_meth_set_multi_prime_keygen         4379	1_1_1	EXIST::FUNCTION:RSA
-EVP_PKEY_meth_get_param_check           4380	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_get0_master                   4380	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_public_check          4381	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_reseed_time_interval      4381	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_param_check           4382	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_addProfessionInfo  4382	1_1_1	EXIST::FUNCTION:
-DH_check_ex                             4383	1_1_1	EXIST::FUNCTION:DH
+ADMISSION_SYNTAX_free                   4383	1_1_1	EXIST::FUNCTION:
-DH_check_pub_key_ex                     4384	1_1_1	EXIST::FUNCTION:DH
+d2i_ADMISSION_SYNTAX                    4384	1_1_1	EXIST::FUNCTION:
-DH_check_params_ex                      4385	1_1_1	EXIST::FUNCTION:DH
+NAMING_AUTHORITY_set0_authorityId       4385	1_1_1	EXIST::FUNCTION:
-RSA_generate_multi_prime_key            4386	1_1_1	EXIST::FUNCTION:RSA
+NAMING_AUTHORITY_set0_authorityURL      4386	1_1_1	EXIST::FUNCTION:
-RSA_get_multi_prime_extra_count         4387	1_1_1	EXIST::FUNCTION:RSA
+d2i_PROFESSION_INFO                     4387	1_1_1	EXIST::FUNCTION:
-RSA_get0_multi_prime_factors            4388	1_1_1	EXIST::FUNCTION:RSA
+NAMING_AUTHORITY_it                     4388	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-RSA_get0_multi_prime_crt_params         4389	1_1_1	EXIST::FUNCTION:RSA
+NAMING_AUTHORITY_it                     4388	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-RSA_set0_multi_prime_params             4390	1_1_1	EXIST::FUNCTION:RSA
+ADMISSION_SYNTAX_get0_contentsOfAdmissions 4389	1_1_1	EXIST::FUNCTION:
-RSA_get_version                         4391	1_1_1	EXIST::FUNCTION:RSA
+PROFESSION_INFO_set0_professionItems    4390	1_1_1	EXIST::FUNCTION:
-RSA_meth_get_multi_prime_keygen         4392	1_1_1	EXIST::FUNCTION:RSA
+NAMING_AUTHORITY_new                    4391	1_1_1	EXIST::FUNCTION:
-RSA_meth_set_multi_prime_keygen         4393	1_1_1	EXIST::FUNCTION:RSA
+NAMING_AUTHORITY_get0_authorityURL      4392	1_1_1	EXIST::FUNCTION:
-RAND_DRBG_get0_master                   4394	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_get0_admissionAuthority 4393	1_1_1	EXIST::FUNCTION:
-RAND_DRBG_set_reseed_time_interval      4395	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_new                     4394	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_get0_addProfessionInfo  4396	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_new                          4395	1_1_1	EXIST::FUNCTION:
-ADMISSION_SYNTAX_free                   4397	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_admissionAuthority 4396	1_1_1	EXIST::FUNCTION:
-d2i_ADMISSION_SYNTAX                    4398	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionOIDs     4397	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityId       4399	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_it                      4398	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAMING_AUTHORITY_set0_authorityURL      4400	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_it                      4398	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_PROFESSION_INFO                     4401	1_1_1	EXIST::FUNCTION:
+i2d_PROFESSION_INFO                     4399	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_it                     4402	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ADMISSIONS_set0_professionInfos         4400	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_it                     4402	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PROFESSION_INFO_get0_namingAuthority    4401	1_1_1	EXIST::FUNCTION:
-ADMISSION_SYNTAX_get0_contentsOfAdmissions 4403	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_free                    4402	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_set0_professionItems    4404	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_set0_addProfessionInfo  4403	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_new                    4405	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_set0_registrationNumber 4404	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityURL      4406	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_contentsOfAdmissions 4405	1_1_1	EXIST::FUNCTION:
-ADMISSION_SYNTAX_get0_admissionAuthority 4407	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityId       4406	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_new                     4408	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_it                     4407	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ADMISSIONS_new                          4409	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_it                     4407	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ADMISSION_SYNTAX_set0_admissionAuthority 4410	1_1_1	EXIST::FUNCTION:
+i2d_ADMISSION_SYNTAX                    4408	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_get0_professionOIDs     4411	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityText     4409	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_it                      4412	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROFESSION_INFO_set0_namingAuthority    4410	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_it                      4412	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_NAMING_AUTHORITY                    4411	1_1_1	EXIST::FUNCTION:
-i2d_PROFESSION_INFO                     4413	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_free                   4412	1_1_1	EXIST::FUNCTION:
-ADMISSIONS_set0_professionInfos         4414	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_set0_admissionAuthority      4413	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_get0_namingAuthority    4415	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_free                         4414	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_free                    4416	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_registrationNumber 4415	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_set0_addProfessionInfo  4417	1_1_1	EXIST::FUNCTION:
+d2i_ADMISSIONS                          4416	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_set0_registrationNumber 4418	1_1_1	EXIST::FUNCTION:
+i2d_ADMISSIONS                          4417	1_1_1	EXIST::FUNCTION:
-ADMISSION_SYNTAX_set0_contentsOfAdmissions 4419	1_1_1	EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionItems    4418	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityId       4420	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_get0_admissionAuthority      4419	1_1_1	EXIST::FUNCTION:
-ADMISSION_SYNTAX_it                     4421	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROFESSION_INFO_set0_professionOIDs     4420	1_1_1	EXIST::FUNCTION:
-ADMISSION_SYNTAX_it                     4421	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_NAMING_AUTHORITY                    4421	1_1_1	EXIST::FUNCTION:
-i2d_ADMISSION_SYNTAX                    4422	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_it                           4422	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAMING_AUTHORITY_get0_authorityText     4423	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_it                           4422	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PROFESSION_INFO_set0_namingAuthority    4424	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_get0_namingAuthority         4423	1_1_1	EXIST::FUNCTION:
-i2d_NAMING_AUTHORITY                    4425	1_1_1	EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityText     4424	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_free                   4426	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_set0_namingAuthority         4425	1_1_1	EXIST::FUNCTION:
-ADMISSIONS_set0_admissionAuthority      4427	1_1_1	EXIST::FUNCTION:
+ADMISSIONS_get0_professionInfos         4426	1_1_1	EXIST::FUNCTION:
-ADMISSIONS_free                         4428	1_1_1	EXIST::FUNCTION:
+ADMISSION_SYNTAX_new                    4427	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_get0_registrationNumber 4429	1_1_1	EXIST::FUNCTION:
+EVP_sha512_256                          4428	1_1_1	EXIST::FUNCTION:
-d2i_ADMISSIONS                          4430	1_1_1	EXIST::FUNCTION:
+EVP_sha512_224                          4429	1_1_1	EXIST::FUNCTION:
-i2d_ADMISSIONS                          4431	1_1_1	EXIST::FUNCTION:
+OCSP_basic_sign_ctx                     4430	1_1_1	EXIST::FUNCTION:OCSP
-PROFESSION_INFO_get0_professionItems    4432	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_bytes                         4431	1_1_1	EXIST::FUNCTION:
-ADMISSIONS_get0_admissionAuthority      4433	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_secure_new                    4432	1_1_1	EXIST::FUNCTION:
-PROFESSION_INFO_set0_professionOIDs     4434	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_vctrl                        4433	1_1_1	EXIST::FUNCTION:
-d2i_NAMING_AUTHORITY                    4435	1_1_1	EXIST::FUNCTION:
+X509_get0_authority_key_id              4434	1_1_0h	EXIST::FUNCTION:
-ADMISSIONS_it                           4436	1_1_1	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIO_bind                                4435	1_1_1	EXIST::FUNCTION:SOCK
-ADMISSIONS_it                           4436	1_1_1	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OSSL_STORE_LOADER_set_expect            4436	1_1_1	EXIST::FUNCTION:
-ADMISSIONS_get0_namingAuthority         4437	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_expect                       4437	1_1_1	EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityText     4438	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_key_fingerprint    4438	1_1_1	EXIST::FUNCTION:
-ADMISSIONS_set0_namingAuthority         4439	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_serial           4439	1_1_1	EXIST::FUNCTION:
-ADMISSIONS_get0_professionInfos         4440	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_name               4440	1_1_1	EXIST::FUNCTION:
-ADMISSION_SYNTAX_new                    4441	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_supports_search              4441	1_1_1	EXIST::FUNCTION:
-EVP_sha512_256                          4442	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_find                         4442	1_1_1	EXIST::FUNCTION:
-EVP_sha512_224                          4443	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get_type              4443	1_1_1	EXIST::FUNCTION:
-OCSP_basic_sign_ctx                     4444	1_1_1	EXIST::FUNCTION:OCSP
+OSSL_STORE_SEARCH_get0_bytes            4444	1_1_1	EXIST::FUNCTION:
-RAND_DRBG_bytes                         4445	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_string           4445	1_1_1	EXIST::FUNCTION:
-RAND_DRBG_secure_new                    4446	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_issuer_serial      4446	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_vctrl                        4447	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_name             4447	1_1_1	EXIST::FUNCTION:
-X509_get0_authority_key_id              4448	1_1_0h	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_alias              4448	1_1_1	EXIST::FUNCTION:
-BIO_bind                                4449	1_1_1	EXIST::FUNCTION:SOCK
+OSSL_STORE_LOADER_set_find              4449	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_expect            4450	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_free                  4450	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_expect                       4451	1_1_1	EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_digest           4451	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_key_fingerprint    4452	1_1_1	EXIST::FUNCTION:
+RAND_DRBG_set_reseed_defaults           4452	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_serial           4453	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_new_raw_private_key            4453	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_name               4454	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_new_raw_public_key             4454	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_supports_search              4455	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_new_CMAC_key                   4455	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_find                         4456	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_priv_key          4456	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get_type              4457	1_1_1	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_pub_key           4457	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_bytes            4458	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_string           4459	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_issuer_serial      4460	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_name             4461	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_alias              4462	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_find              4463	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_free                  4464	1_1_1	EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_digest           4465	1_1_1	EXIST::FUNCTION:
-RAND_DRBG_set_reseed_defaults           4466	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_new_raw_private_key            4467	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_new_raw_public_key             4468	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_new_CMAC_key                   4469	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_set_priv_key          4470	1_1_1	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_set_pub_key           4471	1_1_1	EXIST::FUNCTION:
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -241,7 +241,6 @@ my $crypto ="include/internal/dso.h";
 $crypto.=" include/internal/o_dir.h";
 $crypto.=" include/internal/o_str.h";
 $crypto.=" include/internal/err.h";
-$crypto.=" include/internal/rand.h";
 foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
    my $fn = "include/openssl/" . lc(basename($f));
    $crypto .= " $fn" if !defined $skipthese{$fn};