#include "rand_lcl.h"
#include "internal/thread_once.h"
#include "internal/rand_int.h"
+#include "internal/cryptlib_int.h"
/*
* Support framework for NIST SP 800-90A DRBG, AES-CTR mode.
* sources or by consuming randomnes which was added by RAND_add()
*/
static RAND_DRBG *drbg_master;
-/*
- * THE PUBLIC DRBG
- *
- * Used by default for generating random bytes using RAND_bytes().
- */
-static RAND_DRBG *drbg_public;
-/*
- * THE PRIVATE DRBG
- *
- * Used by default for generating private keys using RAND_priv_bytes()
- */
-static RAND_DRBG *drbg_private;
/*+
* DRBG HIERARCHY
*
static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_THREAD_LOCAL private_drbg_thread_local_key;
+static CRYPTO_THREAD_LOCAL public_drbg_thread_local_key;
if (drbg == NULL) {
RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
- goto err;
+ return NULL;
}
drbg->secure = secure && CRYPTO_secure_allocated(drbg);
if (RAND_DRBG_set(drbg, type, flags) == 0)
goto err;
- if (parent != NULL && drbg->strength > parent->strength) {
- /*
- * We currently don't support the algorithm from NIST SP 800-90C
- * 10.1.2 to use a weaker DRBG as source
- */
- RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
- goto err;
+ if (parent != NULL) {
+ rand_drbg_lock(parent);
+ if (drbg->strength > parent->strength) {
+ /*
+ * We currently don't support the algorithm from NIST SP 800-90C
+ * 10.1.2 to use a weaker DRBG as source
+ */
+ rand_drbg_unlock(parent);
+ RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+ goto err;
+ }
+ rand_drbg_unlock(parent);
}
if (!RAND_DRBG_set_callbacks(drbg, rand_drbg_get_entropy,
drbg->state = DRBG_ERROR;
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
- drbg->min_entropylen, drbg->max_entropylen);
+ drbg->min_entropylen,
+ drbg->max_entropylen, 0);
if (entropylen < drbg->min_entropylen
|| entropylen > drbg->max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
* Returns 1 on success, 0 on failure.
*/
int RAND_DRBG_reseed(RAND_DRBG *drbg,
- const unsigned char *adin, size_t adinlen)
+ const unsigned char *adin, size_t adinlen,
+ int prediction_resistance)
{
unsigned char *entropy = NULL;
size_t entropylen = 0;
drbg->state = DRBG_ERROR;
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
- drbg->min_entropylen, drbg->max_entropylen);
+ drbg->min_entropylen,
+ drbg->max_entropylen,
+ prediction_resistance);
if (entropylen < drbg->min_entropylen
|| entropylen > drbg->max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
} else if (reseeded == 0) {
/* do a full reseeding if it has not been done yet above */
- RAND_DRBG_reseed(drbg, NULL, 0);
+ RAND_DRBG_reseed(drbg, NULL, 0, 0);
}
}
}
if (reseed_required || prediction_resistance) {
- if (!RAND_DRBG_reseed(drbg, adin, adinlen)) {
+ if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) {
RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
return 0;
}
if (drbg == NULL)
return NULL;
- if (rand_drbg_enable_locking(drbg) == 0)
+ /* Only the master DRBG needs to have a lock */
+ if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
goto err;
/* enable seed propagation */
*/
DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)
{
+ int ret = 1;
+
/*
* ensure that libcrypto is initialized, otherwise the
* DRBG locks are not cleaned up properly
if (!OPENSSL_init_crypto(0, NULL))
return 0;
+ ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND);
+
drbg_master = drbg_setup(NULL);
- drbg_public = drbg_setup(drbg_master);
- drbg_private = drbg_setup(drbg_master);
- if (drbg_master == NULL || drbg_public == NULL || drbg_private == NULL)
+ ret &= CRYPTO_THREAD_init_local(&private_drbg_thread_local_key, NULL);
+ ret &= CRYPTO_THREAD_init_local(&public_drbg_thread_local_key, NULL);
+
+ if (drbg_master == NULL || ret == 0)
return 0;
return 1;
/* Clean up the global DRBGs before exit */
void rand_drbg_cleanup_int(void)
{
- RAND_DRBG_free(drbg_private);
- RAND_DRBG_free(drbg_public);
RAND_DRBG_free(drbg_master);
+ drbg_master = NULL;
- drbg_private = drbg_public = drbg_master = NULL;
+ CRYPTO_THREAD_cleanup_local(&private_drbg_thread_local_key);
+ CRYPTO_THREAD_cleanup_local(&public_drbg_thread_local_key);
+}
+
+void drbg_delete_thread_state()
+{
+ RAND_DRBG *drbg;
+
+ drbg = CRYPTO_THREAD_get_local(&public_drbg_thread_local_key);
+ RAND_DRBG_free(drbg);
+
+ drbg = CRYPTO_THREAD_get_local(&private_drbg_thread_local_key);
+ RAND_DRBG_free(drbg);
}
/* Implements the default OpenSSL RAND_bytes() method */
if (drbg == NULL)
return 0;
- rand_drbg_lock(drbg);
ret = RAND_DRBG_bytes(drbg, out, count);
- rand_drbg_unlock(drbg);
return ret;
}
*/
RAND_DRBG *RAND_DRBG_get0_public(void)
{
+ RAND_DRBG *drbg;
+
if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
return NULL;
- return drbg_public;
+ drbg = CRYPTO_THREAD_get_local(&public_drbg_thread_local_key);
+ if (drbg == NULL) {
+ ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND);
+ drbg = drbg_setup(drbg_master);
+ CRYPTO_THREAD_set_local(&public_drbg_thread_local_key, drbg);
+ }
+ return drbg;
}
/*
*/
RAND_DRBG *RAND_DRBG_get0_private(void)
{
+ RAND_DRBG *drbg;
+
if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
return NULL;
- return drbg_private;
+ drbg = CRYPTO_THREAD_get_local(&private_drbg_thread_local_key);
+ if (drbg == NULL) {
+ ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND);
+ drbg = drbg_setup(drbg_master);
+ CRYPTO_THREAD_set_local(&private_drbg_thread_local_key, drbg);
+ }
+ return drbg;
}
RAND_METHOD rand_meth = {