projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Don't register drbg_delete_thread_state twice
[openssl.git]
/
crypto
/
rand
/
drbg_lib.c
diff --git
a/crypto/rand/drbg_lib.c
b/crypto/rand/drbg_lib.c
index f8b58d7245631358c4b662e03e488e6c3c5a1e9b..a695a5f7ddb462477540eb384ba3ace7bebca149 100644
(file)
--- a/
crypto/rand/drbg_lib.c
+++ b/
crypto/rand/drbg_lib.c
@@
-11,10
+11,10
@@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#include "rand_l
c
l.h"
+#include "rand_l
oca
l.h"
#include "internal/thread_once.h"
#include "internal/thread_once.h"
-#include "
internal/rand_int
.h"
-#include "
internal/cryptlib_int
.h"
+#include "
crypto/rand
.h"
+#include "
crypto/cryptlib
.h"
/*
* Support framework for NIST SP 800-90A DRBG
/*
* Support framework for NIST SP 800-90A DRBG
@@
-415,7
+415,7
@@
static RAND_DRBG *rand_drbg_new(OPENSSL_CTX *ctx,
drbg->libctx = ctx;
drbg->secure = secure && CRYPTO_secure_allocated(drbg);
drbg->libctx = ctx;
drbg->secure = secure && CRYPTO_secure_allocated(drbg);
- drbg->fork_
count = rand_fork_count
;
+ drbg->fork_
id = openssl_get_fork_id()
;
drbg->parent = parent;
if (parent == NULL) {
drbg->parent = parent;
if (parent == NULL) {
@@
-503,7
+503,9
@@
void RAND_DRBG_free(RAND_DRBG *drbg)
drbg->meth->uninstantiate(drbg);
rand_pool_free(drbg->adin_pool);
CRYPTO_THREAD_lock_free(drbg->lock);
drbg->meth->uninstantiate(drbg);
rand_pool_free(drbg->adin_pool);
CRYPTO_THREAD_lock_free(drbg->lock);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
+#ifndef FIPS_MODE
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RAND_DRBG, drbg, &drbg->ex_data);
+#endif
if (drbg->secure)
OPENSSL_secure_clear_free(drbg, sizeof(*drbg));
if (drbg->secure)
OPENSSL_secure_clear_free(drbg, sizeof(*drbg));
@@
-541,9
+543,10
@@
int RAND_DRBG_instantiate(RAND_DRBG *drbg,
}
if (drbg->state != DRBG_UNINITIALISED) {
}
if (drbg->state != DRBG_UNINITIALISED) {
- RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
- drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE
- : RAND_R_ALREADY_INSTANTIATED);
+ if (drbg->state == DRBG_ERROR)
+ RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_IN_ERROR_STATE);
+ else
+ RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ALREADY_INSTANTIATED);
goto end;
}
goto end;
}
@@
-829,6
+832,7
@@
int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
+ int fork_id;
int reseed_required = 0;
if (drbg->state != DRBG_READY) {
int reseed_required = 0;
if (drbg->state != DRBG_READY) {
@@
-854,8
+858,10
@@
int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
return 0;
}
return 0;
}
- if (drbg->fork_count != rand_fork_count) {
- drbg->fork_count = rand_fork_count;
+ fork_id = openssl_get_fork_id();
+
+ if (drbg->fork_id != fork_id) {
+ drbg->fork_id = fork_id;
reseed_required = 1;
}
reseed_required = 1;
}
@@
-1094,6
+1100,7
@@
int rand_drbg_enable_locking(RAND_DRBG *drbg)
return 1;
}
return 1;
}
+#ifndef FIPS_MODE
/*
* Get and set the EXDATA
*/
/*
* Get and set the EXDATA
*/
@@
-1106,7
+1113,7
@@
void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx)
{
return CRYPTO_get_ex_data(&drbg->ex_data, idx);
}
{
return CRYPTO_get_ex_data(&drbg->ex_data, idx);
}
-
+#endif
/*
* The following functions provide a RAND_METHOD that works on the
/*
* The following functions provide a RAND_METHOD that works on the
@@
-1346,7
+1353,12
@@
RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx)
drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg);
if (drbg == NULL) {
ctx = openssl_ctx_get_concrete(ctx);
drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg);
if (drbg == NULL) {
ctx = openssl_ctx_get_concrete(ctx);
- if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
+ /*
+ * If the private_drbg is also NULL then this is the first time we've
+ * used this thread.
+ */
+ if (CRYPTO_THREAD_get_local(&dgbl->private_drbg) == NULL
+ && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
return NULL;
drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PUBLIC);
CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg);
return NULL;
drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PUBLIC);
CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg);
@@
-1374,7
+1386,12
@@
RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx)
drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg);
if (drbg == NULL) {
ctx = openssl_ctx_get_concrete(ctx);
drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg);
if (drbg == NULL) {
ctx = openssl_ctx_get_concrete(ctx);
- if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
+ /*
+ * If the public_drbg is also NULL then this is the first time we've
+ * used this thread.
+ */
+ if (CRYPTO_THREAD_get_local(&dgbl->public_drbg) == NULL
+ && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
return NULL;
drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PRIVATE);
CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg);
return NULL;
drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PRIVATE);
CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg);