X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frand%2Fdrbg_lib.c;h=c43f571d643ed0e88ce5c945db7cd967ade40150;hp=c592a7b9d07486774a465d912e2a615d2f1fdcb0;hb=812b15370613da4768d91b9e566fdf5a30c06805;hpb=4d921bfb8b4161f735e5d3bc19fae264816c9c40 diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index c592a7b9d0..c43f571d64 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -94,17 +94,17 @@ static RAND_DRBG *drbg_private; * LOCKING * * The three shared DRBGs are intended to be used concurrently, so they - * support locking by default. It is the callers responsibility to wrap - * calls to functions like RAND_DRBG_generate() which modify the DRBGs - * internal state with calls to RAND_DRBG_lock() and RAND_DRBG_unlock(). - * The functions RAND_bytes() and RAND_priv_bytes() take the locks - * automatically, so using the RAND api is thread safe as before. - * - * All other DRBG instances don't have locking enabled by default, because - * they are intendended to be used by a single thread. If it is desired, - * locking can be enabled using RAND_DRBG_enable_locking(). However, instead - * of accessing a single DRBG instance concurrently from different threads, - * it is recommended to instantiate a separate DRBG instance per thread. + * support locking. The RAND methods take the locks automatically, so using + * the RAND api (in particular RAND_bytes() and RAND_priv_bytes()) is + * thread-safe. Note however that accessing the shared DRBGs directly via + * the RAND_DRBG interface is *not* thread-safe. + * + * All other DRBG instances don't support locking, because they are + * intendended to be used by a single thread. Instead of accessing a single + * DRBG instance concurrently from different threads, it is recommended to + * instantiate a separate DRBG instance per thread. Using the same shared + * DRBG (preferrably the public DRBG) as parent of DRBG instances on + * different threads is safe. */ @@ -708,7 +708,7 @@ int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval) * * Returns 1 on success, 0 on failure. */ -int RAND_DRBG_lock(RAND_DRBG *drbg) +int rand_drbg_lock(RAND_DRBG *drbg) { if (drbg->lock != NULL) return CRYPTO_THREAD_write_lock(drbg->lock); @@ -722,7 +722,7 @@ int RAND_DRBG_lock(RAND_DRBG *drbg) * * Returns 1 on success, 0 on failure. */ -int RAND_DRBG_unlock(RAND_DRBG *drbg) +int rand_drbg_unlock(RAND_DRBG *drbg) { if (drbg->lock != NULL) return CRYPTO_THREAD_unlock(drbg->lock); @@ -738,7 +738,7 @@ int RAND_DRBG_unlock(RAND_DRBG *drbg) * * Returns 1 on success, 0 on failure. */ -int RAND_DRBG_enable_locking(RAND_DRBG *drbg) +int rand_drbg_enable_locking(RAND_DRBG *drbg) { if (drbg->state != DRBG_UNINITIALISED) { RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, @@ -797,7 +797,7 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent) if (drbg == NULL) return NULL; - if (RAND_DRBG_enable_locking(drbg) == 0) + if (rand_drbg_enable_locking(drbg) == 0) goto err; if (parent == NULL) { @@ -869,9 +869,9 @@ static int drbg_bytes(unsigned char *out, int count) if (drbg == NULL) return 0; - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = RAND_DRBG_bytes(drbg, out, count); - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; } @@ -898,11 +898,11 @@ static int drbg_add(const void *buf, int num, double randomness) return 0; } - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, (size_t)(unsigned int)num, (size_t)(8*randomness)); - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; } @@ -922,9 +922,9 @@ static int drbg_status(void) if (drbg == NULL) return 0; - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = drbg->state == DRBG_READY ? 1 : 0; - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; }