#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#include "rand_lcl.h"
+#include "rand_local.h"
#include "internal/thread_once.h"
-#include "internal/rand_int.h"
-#include "internal/cryptlib_int.h"
+#include "crypto/rand.h"
+#include "crypto/cryptlib.h"
/*
* Support framework for NIST SP 800-90A DRBG
drbg->libctx = ctx;
drbg->secure = secure && CRYPTO_secure_allocated(drbg);
- drbg->fork_count = rand_fork_count;
+ drbg->fork_id = openssl_get_fork_id();
drbg->parent = parent;
if (parent == NULL) {
drbg->meth->uninstantiate(drbg);
rand_pool_free(drbg->adin_pool);
CRYPTO_THREAD_lock_free(drbg->lock);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
+#ifndef FIPS_MODE
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RAND_DRBG, drbg, &drbg->ex_data);
+#endif
if (drbg->secure)
OPENSSL_secure_clear_free(drbg, sizeof(*drbg));
}
if (drbg->state != DRBG_UNINITIALISED) {
- RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
- drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE
- : RAND_R_ALREADY_INSTANTIATED);
+ if (drbg->state == DRBG_ERROR)
+ RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_IN_ERROR_STATE);
+ else
+ RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ALREADY_INSTANTIATED);
goto end;
}
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
+ int fork_id;
int reseed_required = 0;
if (drbg->state != DRBG_READY) {
return 0;
}
- if (drbg->fork_count != rand_fork_count) {
- drbg->fork_count = rand_fork_count;
+ fork_id = openssl_get_fork_id();
+
+ if (drbg->fork_id != fork_id) {
+ drbg->fork_id = fork_id;
reseed_required = 1;
}
return 1;
}
+#ifndef FIPS_MODE
/*
* Get and set the EXDATA
*/
{
return CRYPTO_get_ex_data(&drbg->ex_data, idx);
}
-
+#endif
/*
* The following functions provide a RAND_METHOD that works on the
drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg);
if (drbg == NULL) {
ctx = openssl_ctx_get_concrete(ctx);
- if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
+ /*
+ * If the private_drbg is also NULL then this is the first time we've
+ * used this thread.
+ */
+ if (CRYPTO_THREAD_get_local(&dgbl->private_drbg) == NULL
+ && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
return NULL;
drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PUBLIC);
CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg);
drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg);
if (drbg == NULL) {
ctx = openssl_ctx_get_concrete(ctx);
- if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
+ /*
+ * If the public_drbg is also NULL then this is the first time we've
+ * used this thread.
+ */
+ if (CRYPTO_THREAD_get_local(&dgbl->public_drbg) == NULL
+ && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
return NULL;
drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PRIVATE);
CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg);