X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman3%2FRAND_DRBG_new.pod;h=cd770fd6738c1f75c4a517b556aad08c36c2dd21;hp=8b7384069711611ca33b5b9164f55e357d735862;hb=f000e82898af251442ca52e81fc1ee45996090dc;hpb=b5c4bbbe54e112b976155004b3d702e47ce7d9d9 diff --git a/doc/man3/RAND_DRBG_new.pod b/doc/man3/RAND_DRBG_new.pod index 8b73840697..cd770fd673 100644 --- a/doc/man3/RAND_DRBG_new.pod +++ b/doc/man3/RAND_DRBG_new.pod @@ -2,7 +2,9 @@ =head1 NAME +RAND_DRBG_new_ex, RAND_DRBG_new, +RAND_DRBG_secure_new_ex, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, @@ -15,18 +17,24 @@ RAND_DRBG_free #include + RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx, + int type, + unsigned int flags, + RAND_DRBG *parent); RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); + RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx, + int type, + unsigned int flags, + RAND_DRBG *parent); + RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); - int RAND_DRBG_set(RAND_DRBG *drbg, - int type, unsigned int flags); - int RAND_DRBG_set_defaults(int type, unsigned int flags); int RAND_DRBG_instantiate(RAND_DRBG *drbg, @@ -36,15 +44,27 @@ RAND_DRBG_free void RAND_DRBG_free(RAND_DRBG *drbg); +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + int RAND_DRBG_set(RAND_DRBG *drbg, + int type, unsigned int flags); =head1 DESCRIPTION -RAND_DRBG_new() and RAND_DRBG_secure_new() -create a new DRBG instance of the given B, allocated from the heap resp. -the secure heap -(using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()). +RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex() create a new DRBG instance +of the given B for the given OPENSSL_CTX . +The parameter can be NULL in which case the default OPENSSL_CTX is used. +RAND_DRBG_new() and RAND_DRBG_secure_new() are the same as RAND_DRBG_new_ex() +and RAND_DRBG_secure_new_ex() except that the default OPENSSL_CTX is always +used. +As of OpenSSL 3.0, there is no different between the new and secure_new +functions. RAND_DRBG_set() initializes the B with the given B and B. +This function is deprecated. Applications should instead use +RAND_DRBG_new_ex() to create a new DRBG. RAND_DRBG_set_defaults() sets the default B and B for new DRBG instances. @@ -108,8 +128,9 @@ uninstantiated state. =head1 RETURN VALUES -RAND_DRBG_new() and RAND_DRBG_secure_new() return a pointer to a DRBG -instance allocated on the heap, resp. secure heap. +RAND_DRBG_new_ex(), RAND_DRBG_new(), RAND_DRBG_secure_new_ex() and +RAND_DRBG_secure_new() return a pointer to a DRBG instance allocated on the +heap. RAND_DRBG_set(), RAND_DRBG_instantiate(), and @@ -134,6 +155,11 @@ To ensure that they are applied to the global and thread-local DRBG instances RAND_DRBG_set_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. +As of OpenSSL 3.0, RAND_DRBG_new() and RAND_DRBG_secure_new() are +functionally identical. The DRBG is allocated on the normal heap and its +sensitive state is allocated on the secure heap. Likewise for, +RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex(). + =head1 SEE ALSO L, @@ -143,6 +169,8 @@ L =head1 HISTORY +The RAND_DRBG_set() function was deprecated in OpenSSL 3.0. + The RAND_DRBG functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT