There isn't an easy a way to do what you want in 1.1.1.
RAND_set_rand_method replaces the RNG for all of OpenSSL. In theory
your RAND_METHOD could detect which thread it is running in and do
different things for each. I'm not sure this is a good idea however.
Why aren't the random number from your first thread good enough for the
second? Good random numbers are just that - random. It should be
impossible to distinguish the two streams.
In OpenSSL 3.0 there are ways to achieve what you're wanting.
On 2/4/21 4:24 pm, Vishwanath Mahajanshetty wrote:
I have some doubts/questions on how to use methods (for ex:
RAND_set_rand_method) in multi threaded application which use OpenSSL.
In my application (running on OpenSSL 1.1.1d) there are two threads
which use OpenSSL, both threads perform very different operations. The
issue I am facing is as below:
Thread T1 calls RAND_set_rand_method() and sets RAND_METHOD structure.
This is very specific to T1s use case. When thread T2 wants to create
SSL_CTX it calls SSL_CTX_new() which then calls RAND_priv_bytes(). I
am observing that the function RAND_priv_bytes() is calling the
function set by T1 by RAND_METHOD in RAND_set_rand_method().
Essentially RAND_METHOD function set by thread T1 are getting called
by thread T2.
*Q1: I want to know is there any way to avoid this problem? I want
thread T2 to call default RAND methods and avoid calling methods set
by thread T1. This is not only for RAND methods, but for any other
Q2: Also, is it possible to run OpenSSL as separate instance per
thread (where each thread can do its own OpenSSL initialization) so
that they can avoid above mentioned problem?