OPENSSL_CTX_get0_master_drbg, OPENSSL_CTX_get0_public_drbg, OPENSSL_CTX_get0_private_drbg, RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private - get access to the global RAND_DRBG instances
#include <openssl/rand_drbg.h> RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx); RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx); RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx); RAND_DRBG *RAND_DRBG_get0_master(void); RAND_DRBG *RAND_DRBG_get0_public(void); RAND_DRBG *RAND_DRBG_get0_private(void);
The default RAND API implementation (RAND_OpenSSL()) utilizes three shared DRBG instances which are accessed via the RAND API:
The public and private DRBG are thread-local instances, which are used by RAND_bytes() and RAND_priv_bytes(), respectively. The master DRBG is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances.
These functions here provide access to the shared DRBG instances.
OPENSSL_CTX_get0_master_drbg() returns a pointer to the master DRBG instance for the given OPENSSL_CTX ctx.
OPENSSL_CTX_get0_public_drbg() returns a pointer to the public DRBG instance for the given OPENSSL_CTX ctx.
OPENSSL_CTX_get0_private_drbg() returns a pointer to the private DRBG instance for the given OPENSSL_CTX ctx.
In all the above cases the ctx parameter can be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_get0_master(), RAND_DRBG_get0_public() and RAND_DRBG_get0_private() are the same as OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and OPENSSL_CTX_get0_private_drbg() respectively except that the default OPENSSL_CTX is always used.
It is not thread-safe to access the master DRBG instance. The public and private DRBG instance can be accessed safely, because they are thread-local. Note however, that changes to these two instances apply only to the current thread.
For that reason it is recommended not to change the settings of these three instances directly. Instead, an application should change the default settings for new DRBG instances at initialization time, before creating additional threads.
During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely.
The OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and OPENSSL_CTX_get0_private_drbg() functions were added in OpenSSL 3.0.
All other RAND_DRBG functions were added in OpenSSL 1.1.1.
Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.