EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure
EVP_R_TOO_MANY_RECORDS:183:too many records
-EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING:212:unable to enable parent locking
+EVP_R_UNABLE_TO_ENABLE_LOCKING:212:unable to enable locking
EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE:215:unable to get maximum request size
EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH:216:unable to get random strength
EVP_R_UNABLE_TO_LOCK_CONTEXT:211:unable to lock context
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE),
"set default property failure"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING),
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_ENABLE_LOCKING),
"unable to enable parent locking"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE),
"unable to get maximum request size"},
return NULL;
}
if (parent != NULL) {
- if (!EVP_RAND_enable_locking(parent)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING);
- CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
- OPENSSL_free(ctx);
- return NULL;
- }
if (!evp_rand_ctx_up_ref(parent)) {
ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
dgbl->primary = rand_new_drbg(ctx, dgbl->seed,
PRIMARY_RESEED_INTERVAL,
PRIMARY_RESEED_TIME_INTERVAL);
+ /*
+ * The primary DRBG may be shared between multiple threads so we must
+ * enable locking.
+ */
+ if (dgbl->primary != NULL && !EVP_RAND_enable_locking(dgbl->primary)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_LOCKING);
+ EVP_RAND_CTX_free(dgbl->primary);
+ dgbl->primary = NULL;
+ CRYPTO_THREAD_lock_free(dgbl->lock);
+ return NULL;
+ }
CRYPTO_THREAD_unlock(dgbl->lock);
}
return dgbl->primary;
EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
its parents. After this I<ctx> will operate in a thread safe manner, albeit
-more slowly.
+more slowly. This function is not itself thread safe if called with the same
+I<ctx> from multiple threads. Typically locking should be enabled before a
+I<ctx> is shared across multiple threads.
EVP_RAND_get_params() retrieves details about the implementation
I<rand>.
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209
# define EVP_R_TOO_MANY_RECORDS 183
-# define EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING 212
+# define EVP_R_UNABLE_TO_ENABLE_LOCKING 212
# define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE 215
# define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH 216
# define EVP_R_UNABLE_TO_LOCK_CONTEXT 211