unsigned int flags,
RAND_DRBG *parent);
- int RAND_DRBG_set(RAND_DRBG *drbg,
- int type, unsigned int flags);
-
int RAND_DRBG_set_defaults(int type, unsigned int flags);
int RAND_DRBG_instantiate(RAND_DRBG *drbg,
void RAND_DRBG_free(RAND_DRBG *drbg);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int RAND_DRBG_set(RAND_DRBG *drbg,
+ int type, unsigned int flags);
=head1 DESCRIPTION
-RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex()
-create a new DRBG instance of the given B<type>, allocated from the heap resp.
-the secure heap, for the given OPENSSL_CTX <ctx>
-(using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()). The <ctx> parameter can
-be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_new() and
-RAND_DRBG_secure_new() are the same as RAND_DRBG_new_ex() and
-RAND_DRBG_secure_new_ex() except that the default OPENSSL_CTX is always used.
+RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex() create a new DRBG instance
+of the given B<type> for the given OPENSSL_CTX <ctx>.
+The <ctx> parameter can be NULL in which case the default OPENSSL_CTX is used.
+RAND_DRBG_new() and RAND_DRBG_secure_new() are the same as RAND_DRBG_new_ex()
+and RAND_DRBG_secure_new_ex() except that the default OPENSSL_CTX is always
+used.
+As of OpenSSL 3.0, there is no different between the new and secure_new
+functions.
RAND_DRBG_set() initializes the B<drbg> with the given B<type> and B<flags>.
+This function is deprecated. Applications should instead use
+RAND_DRBG_new_ex() to create a new DRBG.
RAND_DRBG_set_defaults() sets the default B<type> and B<flags> for new DRBG
instances.
RAND_DRBG_new_ex(), RAND_DRBG_new(), RAND_DRBG_secure_new_ex() and
RAND_DRBG_secure_new() return a pointer to a DRBG instance allocated on the
-heap, resp. secure heap.
+heap.
RAND_DRBG_set(),
RAND_DRBG_instantiate(), and
RAND_DRBG_set_defaults() before creating any thread and before calling any
cryptographic routines that obtain random data directly or indirectly.
+As of OpenSSL 3.0, RAND_DRBG_new() and RAND_DRBG_secure_new() are
+functionally identical. The DRBG is allocated on the normal heap and its
+sensitive state is allocated on the secure heap. Likewise for,
+RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex().
+
=head1 SEE ALSO
L<OPENSSL_zalloc(3)>,
=head1 HISTORY
+The RAND_DRBG_set() function was deprecated in OpenSSL 3.0.
+
The RAND_DRBG functions were added in OpenSSL 1.1.1.
=head1 COPYRIGHT