This avoids lock contention.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
struct thread_local_inits_st {
int async;
int err_state;
struct thread_local_inits_st {
int async;
int err_state;
};
int ossl_init_thread_start(uint64_t opts);
};
int ossl_init_thread_start(uint64_t opts);
/* OPENSSL_INIT_THREAD flags */
# define OPENSSL_INIT_THREAD_ASYNC 0x01
# define OPENSSL_INIT_THREAD_ERR_STATE 0x02
/* OPENSSL_INIT_THREAD flags */
# define OPENSSL_INIT_THREAD_ASYNC 0x01
# define OPENSSL_INIT_THREAD_ERR_STATE 0x02
+# define OPENSSL_INIT_THREAD_RAND 0x04
void ossl_malloc_setup_failures(void);
void ossl_malloc_setup_failures(void);
void rand_cleanup_int(void);
void rand_drbg_cleanup_int(void);
void rand_cleanup_int(void);
void rand_drbg_cleanup_int(void);
+void drbg_delete_thread_state(void);
void rand_fork(void);
/* Hardware-based seeding functions. */
void rand_fork(void);
/* Hardware-based seeding functions. */
err_delete_thread_state();
}
err_delete_thread_state();
}
+ if (locals->rand) {
+#ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+ "drbg_delete_thread_state()\n");
+#endif
+ drbg_delete_thread_state();
+ }
+
+ if (opts & OPENSSL_INIT_THREAD_RAND) {
+#ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+ "marking thread for rand\n");
+#endif
+ locals->rand = 1;
+ }
+
#include "rand_lcl.h"
#include "internal/thread_once.h"
#include "internal/rand_int.h"
#include "rand_lcl.h"
#include "internal/thread_once.h"
#include "internal/rand_int.h"
+#include "internal/cryptlib_int.h"
/*
* Support framework for NIST SP 800-90A DRBG, AES-CTR mode.
/*
* Support framework for NIST SP 800-90A DRBG, AES-CTR mode.
* sources or by consuming randomnes which was added by RAND_add()
*/
static RAND_DRBG *drbg_master;
* sources or by consuming randomnes which was added by RAND_add()
*/
static RAND_DRBG *drbg_master;
-/*
- * THE PUBLIC DRBG
- *
- * Used by default for generating random bytes using RAND_bytes().
- */
-static RAND_DRBG *drbg_public;
-/*
- * THE PRIVATE DRBG
- *
- * Used by default for generating private keys using RAND_priv_bytes()
- */
-static RAND_DRBG *drbg_private;
static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_THREAD_LOCAL private_drbg_thread_local_key;
+static CRYPTO_THREAD_LOCAL public_drbg_thread_local_key;
if (RAND_DRBG_set(drbg, type, flags) == 0)
goto err;
if (RAND_DRBG_set(drbg, type, flags) == 0)
goto err;
- if (parent != NULL && drbg->strength > parent->strength) {
- /*
- * We currently don't support the algorithm from NIST SP 800-90C
- * 10.1.2 to use a weaker DRBG as source
- */
- RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
- goto err;
+ if (parent != NULL) {
+ rand_drbg_lock(parent);
+ if (drbg->strength > parent->strength) {
+ /*
+ * We currently don't support the algorithm from NIST SP 800-90C
+ * 10.1.2 to use a weaker DRBG as source
+ */
+ rand_drbg_unlock(parent);
+ RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+ goto err;
+ }
+ rand_drbg_unlock(parent);
}
if (!RAND_DRBG_set_callbacks(drbg, rand_drbg_get_entropy,
}
if (!RAND_DRBG_set_callbacks(drbg, rand_drbg_get_entropy,
if (drbg == NULL)
return NULL;
if (drbg == NULL)
return NULL;
- if (rand_drbg_enable_locking(drbg) == 0)
+ /* Only the master DRBG needs to have a lock */
+ if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
goto err;
/* enable seed propagation */
goto err;
/* enable seed propagation */
*/
DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)
{
*/
DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)
{
/*
* ensure that libcrypto is initialized, otherwise the
* DRBG locks are not cleaned up properly
/*
* ensure that libcrypto is initialized, otherwise the
* DRBG locks are not cleaned up properly
if (!OPENSSL_init_crypto(0, NULL))
return 0;
if (!OPENSSL_init_crypto(0, NULL))
return 0;
+ ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND);
+
drbg_master = drbg_setup(NULL);
drbg_master = drbg_setup(NULL);
- drbg_public = drbg_setup(drbg_master);
- drbg_private = drbg_setup(drbg_master);
- if (drbg_master == NULL || drbg_public == NULL || drbg_private == NULL)
+ ret &= CRYPTO_THREAD_init_local(&private_drbg_thread_local_key, NULL);
+ ret &= CRYPTO_THREAD_init_local(&public_drbg_thread_local_key, NULL);
+
+ if (drbg_master == NULL || ret == 0)
/* Clean up the global DRBGs before exit */
void rand_drbg_cleanup_int(void)
{
/* Clean up the global DRBGs before exit */
void rand_drbg_cleanup_int(void)
{
- RAND_DRBG_free(drbg_private);
- RAND_DRBG_free(drbg_public);
RAND_DRBG_free(drbg_master);
RAND_DRBG_free(drbg_master);
- drbg_private = drbg_public = drbg_master = NULL;
+ CRYPTO_THREAD_cleanup_local(&private_drbg_thread_local_key);
+ CRYPTO_THREAD_cleanup_local(&public_drbg_thread_local_key);
+}
+
+void drbg_delete_thread_state()
+{
+ RAND_DRBG *drbg;
+
+ drbg = CRYPTO_THREAD_get_local(&public_drbg_thread_local_key);
+ RAND_DRBG_free(drbg);
+
+ drbg = CRYPTO_THREAD_get_local(&private_drbg_thread_local_key);
+ RAND_DRBG_free(drbg);
}
/* Implements the default OpenSSL RAND_bytes() method */
}
/* Implements the default OpenSSL RAND_bytes() method */
if (drbg == NULL)
return 0;
if (drbg == NULL)
return 0;
ret = RAND_DRBG_bytes(drbg, out, count);
ret = RAND_DRBG_bytes(drbg, out, count);
- rand_drbg_unlock(drbg);
*/
RAND_DRBG *RAND_DRBG_get0_public(void)
{
*/
RAND_DRBG *RAND_DRBG_get0_public(void)
{
if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
return NULL;
if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
return NULL;
+ drbg = CRYPTO_THREAD_get_local(&public_drbg_thread_local_key);
+ if (drbg == NULL) {
+ ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND);
+ drbg = drbg_setup(drbg_master);
+ CRYPTO_THREAD_set_local(&public_drbg_thread_local_key, drbg);
+ }
+ return drbg;
*/
RAND_DRBG *RAND_DRBG_get0_private(void)
{
*/
RAND_DRBG *RAND_DRBG_get0_private(void)
{
if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
return NULL;
if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
return NULL;
+ drbg = CRYPTO_THREAD_get_local(&private_drbg_thread_local_key);
+ if (drbg == NULL) {
+ ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND);
+ drbg = drbg_setup(drbg_master);
+ CRYPTO_THREAD_set_local(&private_drbg_thread_local_key, drbg);
+ }
+ return drbg;
}
RAND_METHOD rand_meth = {
}
RAND_METHOD rand_meth = {
if (drbg == NULL)
return 0;
if (drbg == NULL)
return 0;
- /* We have to lock the DRBG before generating bits from it. */
- rand_drbg_lock(drbg);
ret = RAND_DRBG_bytes(drbg, buf, num);
ret = RAND_DRBG_bytes(drbg, buf, num);
- rand_drbg_unlock(drbg);