X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frand%2Fdrbg_lib.c;h=13b640bb9b0e3e98864bf1336f8dcd40614368e7;hp=5d3d0f2fd718fe92ae6e7ae9a8f8afd43ae1ea27;hb=3ce1c27b56fa9856693e5c98331cebaa2a3accfa;hpb=39571fcabf688a6efc4a567f6a8e5d4297b064cb diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 5d3d0f2fd7..13b640bb9b 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -90,6 +90,21 @@ static RAND_DRBG *drbg_private; * |randomness| argument). This will immediately reseed the DRBG. * The and DRBG will detect this on their next generate * call and reseed, pulling randomness from . + * + * LOCKING + * + * The three shared DRBGs are intended to be used concurrently, so they + * support locking by default. It is the callers responsibility to wrap + * calls to functions like RAND_DRBG_generate() which modify the DRBGs + * internal state with calls to RAND_DRBG_lock() and RAND_DRBG_unlock(). + * The functions RAND_bytes() and RAND_priv_bytes() take the locks + * automatically, so using the RAND api is thread safe as before. + * + * All other DRBG instances don't have locking enabled by default, because + * they are intendended to be used by a single thread. If it is desired, + * locking can be enabled using RAND_DRBG_enable_locking(). However, instead + * of accessing a single DRBG instance concurrently from different threads, + * it is recommended to instantiate a separate DRBG instance per thread. */ @@ -98,7 +113,7 @@ static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG"; static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT; -static RAND_DRBG *drbg_setup(const char *name, RAND_DRBG *parent); +static RAND_DRBG *drbg_setup(RAND_DRBG *parent); static void drbg_cleanup(RAND_DRBG *drbg); /* @@ -534,6 +549,40 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 1; } +/* + * Generates |outlen| random bytes and stores them in |out|. It will + * using the given |drbg| to generate the bytes. + * + * Requires that drbg->lock is already locked for write, if non-null. + * + * Returns 1 on success 0 on failure. + */ +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) +{ + unsigned char *additional = NULL; + size_t additional_len; + size_t chunk; + size_t ret; + + additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen); + + for ( ; outlen > 0; outlen -= chunk, out += chunk) { + chunk = outlen; + if (chunk > drbg->max_request) + chunk = drbg->max_request; + ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len); + if (!ret) + goto err; + } + ret = 1; + +err: + if (additional_len != 0) + OPENSSL_secure_clear_free(additional, additional_len); + + return ret; +} + /* * Set the RAND_DRBG callbacks for obtaining entropy and nonce. * @@ -622,6 +671,69 @@ int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval) return 1; } + +/* + * Locks the given drbg. Locking a drbg which does not have locking + * enabled is considered a successful no-op. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_lock(RAND_DRBG *drbg) +{ + if (drbg->lock != NULL) + return CRYPTO_THREAD_write_lock(drbg->lock); + + return 1; +} + +/* + * Unlocks the given drbg. Unlocking a drbg which does not have locking + * enabled is considered a successful no-op. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_unlock(RAND_DRBG *drbg) +{ + if (drbg->lock != NULL) + return CRYPTO_THREAD_unlock(drbg->lock); + + return 1; +} + +/* + * Enables locking for the given drbg + * + * Locking can only be enabled if the random generator + * is in the uninitialized state. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_enable_locking(RAND_DRBG *drbg) +{ + if (drbg->state != DRBG_UNINITIALISED) { + RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, + RAND_R_DRBG_ALREADY_INITIALIZED); + return 0; + } + + if (drbg->lock == NULL) { + if (drbg->parent != NULL && drbg->lock == NULL) { + RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, + RAND_R_PARENT_LOCKING_NOT_ENABLED); + return 0; + } + + drbg->lock = CRYPTO_THREAD_lock_new(); + if (drbg->lock == NULL) { + RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, + RAND_R_FAILED_TO_CREATE_LOCK); + return 0; + } + } + + return 1; +} + /* * Get and set the EXDATA */ @@ -644,24 +756,18 @@ void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx) /* * Allocates a new global DRBG on the secure heap (if enabled) and * initializes it with default settings. - * A global lock for the DRBG is created with the given name. * * Returns a pointer to the new DRBG instance on success, NULL on failure. */ -static RAND_DRBG *drbg_setup(const char *name, RAND_DRBG *parent) +static RAND_DRBG *drbg_setup(RAND_DRBG *parent) { RAND_DRBG *drbg; - if (name == NULL) { - RANDerr(RAND_F_DRBG_SETUP, ERR_R_INTERNAL_ERROR); - return NULL; - } - drbg = OPENSSL_secure_zalloc(sizeof(RAND_DRBG)); if (drbg == NULL) return NULL; - drbg->lock = CRYPTO_THREAD_glock_new(name); + drbg->lock = CRYPTO_THREAD_lock_new(); if (drbg->lock == NULL) { RANDerr(RAND_F_DRBG_SETUP, RAND_R_FAILED_TO_CREATE_LOCK); goto err; @@ -715,9 +821,9 @@ DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init) if (!OPENSSL_init_crypto(0, NULL)) return 0; - drbg_master = drbg_setup("drbg_master", NULL); - drbg_public = drbg_setup("drbg_public", drbg_master); - drbg_private = drbg_setup("drbg_private", drbg_master); + drbg_master = drbg_setup(NULL); + drbg_public = drbg_setup(drbg_master); + drbg_private = drbg_setup(drbg_master); if (drbg_master == NULL || drbg_public == NULL || drbg_private == NULL) return 0; @@ -748,29 +854,16 @@ void rand_drbg_cleanup_int(void) /* Implements the default OpenSSL RAND_bytes() method */ static int drbg_bytes(unsigned char *out, int count) { - int ret = 0; - size_t chunk; + int ret; RAND_DRBG *drbg = RAND_DRBG_get0_public(); if (drbg == NULL) return 0; - CRYPTO_THREAD_write_lock(drbg->lock); - if (drbg->state == DRBG_UNINITIALISED) - goto err; + RAND_DRBG_lock(drbg); + ret = RAND_DRBG_bytes(drbg, out, count); + RAND_DRBG_unlock(drbg); - for ( ; count > 0; count -= chunk, out += chunk) { - chunk = count; - if (chunk > drbg->max_request) - chunk = drbg->max_request; - ret = RAND_DRBG_generate(drbg, out, chunk, 0, NULL, 0); - if (!ret) - goto err; - } - ret = 1; - -err: - CRYPTO_THREAD_unlock(drbg->lock); return ret; } @@ -796,11 +889,11 @@ static int drbg_add(const void *buf, int num, double randomness) return 0; } - CRYPTO_THREAD_write_lock(drbg->lock); + RAND_DRBG_lock(drbg); ret = rand_drbg_restart(drbg, buf, (size_t)(unsigned int)num, (size_t)(8*randomness)); - CRYPTO_THREAD_unlock(drbg->lock); + RAND_DRBG_unlock(drbg); return ret; } @@ -820,9 +913,9 @@ static int drbg_status(void) if (drbg == NULL) return 0; - CRYPTO_THREAD_write_lock(drbg->lock); + RAND_DRBG_lock(drbg); ret = drbg->state == DRBG_READY ? 1 : 0; - CRYPTO_THREAD_unlock(drbg->lock); + RAND_DRBG_unlock(drbg); return ret; }