* |randomness| argument). This will immediately reseed the <master> DRBG.
* The <public> and <private> DRBG will detect this on their next generate
* call and reseed, pulling randomness from <master>.
+ *
+ * LOCKING
+ *
+ * The three shared DRBGs are intended to be used concurrently, so they
+ * support locking by default. It is the callers responsibility to wrap
+ * calls to functions like RAND_DRBG_generate() which modify the DRBGs
+ * internal state with calls to RAND_DRBG_lock() and RAND_DRBG_unlock().
+ * The functions RAND_bytes() and RAND_priv_bytes() take the locks
+ * automatically, so using the RAND api is thread safe as before.
+ *
+ * All other DRBG instances don't have locking enabled by default, because
+ * they are intendended to be used by a single thread. If it is desired,
+ * locking can be enabled using RAND_DRBG_enable_locking(). However, instead
+ * of accessing a single DRBG instance concurrently from different threads,
+ * it is recommended to instantiate a separate DRBG instance per thread.
*/
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
-static RAND_DRBG *drbg_setup(const char *name, RAND_DRBG *parent);
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
static void drbg_cleanup(RAND_DRBG *drbg);
/*
return 1;
}
+/*
+ * Generates |outlen| random bytes and stores them in |out|. It will
+ * using the given |drbg| to generate the bytes.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success 0 on failure.
+ */
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
+{
+ unsigned char *additional = NULL;
+ size_t additional_len;
+ size_t chunk;
+ size_t ret;
+
+ additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen);
+
+ for ( ; outlen > 0; outlen -= chunk, out += chunk) {
+ chunk = outlen;
+ if (chunk > drbg->max_request)
+ chunk = drbg->max_request;
+ ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len);
+ if (!ret)
+ goto err;
+ }
+ ret = 1;
+
+err:
+ if (additional_len != 0)
+ OPENSSL_secure_clear_free(additional, additional_len);
+
+ return ret;
+}
+
/*
* Set the RAND_DRBG callbacks for obtaining entropy and nonce.
*
return 1;
}
+
+/*
+ * Locks the given drbg. Locking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_lock(RAND_DRBG *drbg)
+{
+ if (drbg->lock != NULL)
+ return CRYPTO_THREAD_write_lock(drbg->lock);
+
+ return 1;
+}
+
+/*
+ * Unlocks the given drbg. Unlocking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_unlock(RAND_DRBG *drbg)
+{
+ if (drbg->lock != NULL)
+ return CRYPTO_THREAD_unlock(drbg->lock);
+
+ return 1;
+}
+
+/*
+ * Enables locking for the given drbg
+ *
+ * Locking can only be enabled if the random generator
+ * is in the uninitialized state.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_enable_locking(RAND_DRBG *drbg)
+{
+ if (drbg->state != DRBG_UNINITIALISED) {
+ RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+ RAND_R_DRBG_ALREADY_INITIALIZED);
+ return 0;
+ }
+
+ if (drbg->lock == NULL) {
+ if (drbg->parent != NULL && drbg->lock == NULL) {
+ RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+ RAND_R_PARENT_LOCKING_NOT_ENABLED);
+ return 0;
+ }
+
+ drbg->lock = CRYPTO_THREAD_lock_new();
+ if (drbg->lock == NULL) {
+ RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+ RAND_R_FAILED_TO_CREATE_LOCK);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
/*
* Get and set the EXDATA
*/
/*
* Allocates a new global DRBG on the secure heap (if enabled) and
* initializes it with default settings.
- * A global lock for the DRBG is created with the given name.
*
* Returns a pointer to the new DRBG instance on success, NULL on failure.
*/
-static RAND_DRBG *drbg_setup(const char *name, RAND_DRBG *parent)
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
{
RAND_DRBG *drbg;
- if (name == NULL) {
- RANDerr(RAND_F_DRBG_SETUP, ERR_R_INTERNAL_ERROR);
- return NULL;
- }
-
drbg = OPENSSL_secure_zalloc(sizeof(RAND_DRBG));
if (drbg == NULL)
return NULL;
- drbg->lock = CRYPTO_THREAD_glock_new(name);
+ drbg->lock = CRYPTO_THREAD_lock_new();
if (drbg->lock == NULL) {
RANDerr(RAND_F_DRBG_SETUP, RAND_R_FAILED_TO_CREATE_LOCK);
goto err;
if (!OPENSSL_init_crypto(0, NULL))
return 0;
- drbg_master = drbg_setup("drbg_master", NULL);
- drbg_public = drbg_setup("drbg_public", drbg_master);
- drbg_private = drbg_setup("drbg_private", drbg_master);
+ drbg_master = drbg_setup(NULL);
+ drbg_public = drbg_setup(drbg_master);
+ drbg_private = drbg_setup(drbg_master);
if (drbg_master == NULL || drbg_public == NULL || drbg_private == NULL)
return 0;
/* Implements the default OpenSSL RAND_bytes() method */
static int drbg_bytes(unsigned char *out, int count)
{
- int ret = 0;
- size_t chunk;
+ int ret;
RAND_DRBG *drbg = RAND_DRBG_get0_public();
if (drbg == NULL)
return 0;
- CRYPTO_THREAD_write_lock(drbg->lock);
- if (drbg->state == DRBG_UNINITIALISED)
- goto err;
+ RAND_DRBG_lock(drbg);
+ ret = RAND_DRBG_bytes(drbg, out, count);
+ RAND_DRBG_unlock(drbg);
- for ( ; count > 0; count -= chunk, out += chunk) {
- chunk = count;
- if (chunk > drbg->max_request)
- chunk = drbg->max_request;
- ret = RAND_DRBG_generate(drbg, out, chunk, 0, NULL, 0);
- if (!ret)
- goto err;
- }
- ret = 1;
-
-err:
- CRYPTO_THREAD_unlock(drbg->lock);
return ret;
}
return 0;
}
- CRYPTO_THREAD_write_lock(drbg->lock);
+ RAND_DRBG_lock(drbg);
ret = rand_drbg_restart(drbg, buf,
(size_t)(unsigned int)num,
(size_t)(8*randomness));
- CRYPTO_THREAD_unlock(drbg->lock);
+ RAND_DRBG_unlock(drbg);
return ret;
}
if (drbg == NULL)
return 0;
- CRYPTO_THREAD_write_lock(drbg->lock);
+ RAND_DRBG_lock(drbg);
ret = drbg->state == DRBG_READY ? 1 : 0;
- CRYPTO_THREAD_unlock(drbg->lock);
+ RAND_DRBG_unlock(drbg);
return ret;
}