X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frand%2Fdrbg_lib.c;h=a695a5f7ddb462477540eb384ba3ace7bebca149;hp=f8b58d7245631358c4b662e03e488e6c3c5a1e9b;hb=09a4cb9ec7ea9ccb4885588ba3e138b9f5f606c7;hpb=85d09e8848012d0dfdacf827d9d56730fa5daf16 diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index f8b58d7245..a695a5f7dd 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -11,10 +11,10 @@ #include #include #include -#include "rand_lcl.h" +#include "rand_local.h" #include "internal/thread_once.h" -#include "internal/rand_int.h" -#include "internal/cryptlib_int.h" +#include "crypto/rand.h" +#include "crypto/cryptlib.h" /* * Support framework for NIST SP 800-90A DRBG @@ -415,7 +415,7 @@ static RAND_DRBG *rand_drbg_new(OPENSSL_CTX *ctx, drbg->libctx = ctx; drbg->secure = secure && CRYPTO_secure_allocated(drbg); - drbg->fork_count = rand_fork_count; + drbg->fork_id = openssl_get_fork_id(); drbg->parent = parent; if (parent == NULL) { @@ -503,7 +503,9 @@ void RAND_DRBG_free(RAND_DRBG *drbg) drbg->meth->uninstantiate(drbg); rand_pool_free(drbg->adin_pool); CRYPTO_THREAD_lock_free(drbg->lock); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data); +#ifndef FIPS_MODE + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RAND_DRBG, drbg, &drbg->ex_data); +#endif if (drbg->secure) OPENSSL_secure_clear_free(drbg, sizeof(*drbg)); @@ -541,9 +543,10 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, } if (drbg->state != DRBG_UNINITIALISED) { - RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, - drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE - : RAND_R_ALREADY_INSTANTIATED); + if (drbg->state == DRBG_ERROR) + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_IN_ERROR_STATE); + else + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ALREADY_INSTANTIATED); goto end; } @@ -829,6 +832,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen) { + int fork_id; int reseed_required = 0; if (drbg->state != DRBG_READY) { @@ -854,8 +858,10 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - if (drbg->fork_count != rand_fork_count) { - drbg->fork_count = rand_fork_count; + fork_id = openssl_get_fork_id(); + + if (drbg->fork_id != fork_id) { + drbg->fork_id = fork_id; reseed_required = 1; } @@ -1094,6 +1100,7 @@ int rand_drbg_enable_locking(RAND_DRBG *drbg) return 1; } +#ifndef FIPS_MODE /* * Get and set the EXDATA */ @@ -1106,7 +1113,7 @@ void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx) { return CRYPTO_get_ex_data(&drbg->ex_data, idx); } - +#endif /* * The following functions provide a RAND_METHOD that works on the @@ -1346,7 +1353,12 @@ RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx) drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg); if (drbg == NULL) { ctx = openssl_ctx_get_concrete(ctx); - if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) + /* + * If the private_drbg is also NULL then this is the first time we've + * used this thread. + */ + if (CRYPTO_THREAD_get_local(&dgbl->private_drbg) == NULL + && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) return NULL; drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PUBLIC); CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg); @@ -1374,7 +1386,12 @@ RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx) drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg); if (drbg == NULL) { ctx = openssl_ctx_get_concrete(ctx); - if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) + /* + * If the public_drbg is also NULL then this is the first time we've + * used this thread. + */ + if (CRYPTO_THREAD_get_local(&dgbl->public_drbg) == NULL + && !ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state)) return NULL; drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PRIVATE); CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg);