colmmacc/openssl_rng.c

## openssl_rng.c
#include <openssl/rand.h>

void example() {
  /* Initialize the random subsystem. generally called prior to chroot, may fail if /dev/urandom is not available. */
  RNG_init();

  /* alternatively,  a more future-flexible OpenSSL init that calls RNG_init() internally. Similar to SSL_library_init, but more general. */
  OPENSSL_init();

  /* Instantiate an RNG  */
  RNG_CTX *rng = RNG_CTX_Init();

  /* Instantiate an RNG with a personalization string. The NIST specs use these, and they are a
   * little voodoo-ish in their theory, but do provide some value in corner cases */
  RNG_CTX *rng = RNG_CTX_Init(uint8_t *ps, ssize_t size);

  /* Produce randomly generated data */
  int r = RNG_generate(rng, uint8_t *data, ssize_t size);

  /* Pick a random int such that 0 < n < max. Return -1 on error.
   * I suggest including this because it means the RNG honors its name and generates
   * random numbers. Callers often screw this up by either doing naive mod, or by
   * multiplying a radom float. Might as well give them something to do it the right
   * way.
   */
  int n = RNG_rand(rng, max);

  /* Destructor for the rng */
  RNG_CTX_free(rng);

  /* One could imagine other routines taking rng as an argument; for example a function
   * to produce normal, or log-normally distributed numbers. The TLS/SSL code could also
   * pass along RNG instances as part of its context.
   */

  /* Deliberately absent: any way to seed, reseed, over-ride, or save. Callers often screw these up. */

}
	#include <openssl/rand.h>

	void example() {
	/* Initialize the random subsystem. generally called prior to chroot, may fail if /dev/urandom is not available. */
	RNG_init();

	/* alternatively, a more future-flexible OpenSSL init that calls RNG_init() internally. Similar to SSL_library_init, but more general. */
	OPENSSL_init();

	/* Instantiate an RNG */
	RNG_CTX *rng = RNG_CTX_Init();

	/* Instantiate an RNG with a personalization string. The NIST specs use these, and they are a
	* little voodoo-ish in their theory, but do provide some value in corner cases */
	RNG_CTX rng = RNG_CTX_Init(uint8_t ps, ssize_t size);

	/* Produce randomly generated data */
	int r = RNG_generate(rng, uint8_t *data, ssize_t size);

	/* Pick a random int such that 0 < n < max. Return -1 on error.
	* I suggest including this because it means the RNG honors its name and generates
	* random numbers. Callers often screw this up by either doing naive mod, or by
	* multiplying a radom float. Might as well give them something to do it the right
	* way.
	*/
	int n = RNG_rand(rng, max);

	/* Destructor for the rng */
	RNG_CTX_free(rng);

	/* One could imagine other routines taking rng as an argument; for example a function
	* to produce normal, or log-normally distributed numbers. The TLS/SSL code could also
	* pass along RNG instances as part of its context.
	*/

	/* Deliberately absent: any way to seed, reseed, over-ride, or save. Callers often screw these up. */

	}