From: Dr. Matthias St. Pierre Date: Thu, 15 Feb 2018 09:29:56 +0000 (+0100) Subject: DRBG: make locking api truly private X-Git-Tag: OpenSSL_1_1_1-pre2~142 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=812b15370613da4768d91b9e566fdf5a30c06805 DRBG: make locking api truly private In PR #5295 it was decided that the locking api should remain private and used only inside libcrypto. However, the locking functions were added back to `libcrypto.num` by `mkdef.pl`, because the function prototypes were still listed in `internal/rand.h`. (This header contains functions which are internal, but shared between libcrypto and libssl.) This commit moves the prototypes to `rand_lcl.h` and changes the names to lowercase, following the convention therein. It also corrects an outdated documenting comment. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5375) --- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8d00463d85..43001be9d9 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -890,7 +890,7 @@ RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy RAND_F_DRBG_SETUP:117:drbg_setup RAND_F_GET_ENTROPY:106:get_entropy RAND_F_RAND_BYTES:100:RAND_bytes -RAND_F_RAND_DRBG_ENABLE_LOCKING:119:RAND_DRBG_enable_locking +RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index c592a7b9d0..c43f571d64 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -94,17 +94,17 @@ static RAND_DRBG *drbg_private; * LOCKING * * The three shared DRBGs are intended to be used concurrently, so they - * support locking by default. It is the callers responsibility to wrap - * calls to functions like RAND_DRBG_generate() which modify the DRBGs - * internal state with calls to RAND_DRBG_lock() and RAND_DRBG_unlock(). - * The functions RAND_bytes() and RAND_priv_bytes() take the locks - * automatically, so using the RAND api is thread safe as before. - * - * All other DRBG instances don't have locking enabled by default, because - * they are intendended to be used by a single thread. If it is desired, - * locking can be enabled using RAND_DRBG_enable_locking(). However, instead - * of accessing a single DRBG instance concurrently from different threads, - * it is recommended to instantiate a separate DRBG instance per thread. + * support locking. The RAND methods take the locks automatically, so using + * the RAND api (in particular RAND_bytes() and RAND_priv_bytes()) is + * thread-safe. Note however that accessing the shared DRBGs directly via + * the RAND_DRBG interface is *not* thread-safe. + * + * All other DRBG instances don't support locking, because they are + * intendended to be used by a single thread. Instead of accessing a single + * DRBG instance concurrently from different threads, it is recommended to + * instantiate a separate DRBG instance per thread. Using the same shared + * DRBG (preferrably the public DRBG) as parent of DRBG instances on + * different threads is safe. */ @@ -708,7 +708,7 @@ int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval) * * Returns 1 on success, 0 on failure. */ -int RAND_DRBG_lock(RAND_DRBG *drbg) +int rand_drbg_lock(RAND_DRBG *drbg) { if (drbg->lock != NULL) return CRYPTO_THREAD_write_lock(drbg->lock); @@ -722,7 +722,7 @@ int RAND_DRBG_lock(RAND_DRBG *drbg) * * Returns 1 on success, 0 on failure. */ -int RAND_DRBG_unlock(RAND_DRBG *drbg) +int rand_drbg_unlock(RAND_DRBG *drbg) { if (drbg->lock != NULL) return CRYPTO_THREAD_unlock(drbg->lock); @@ -738,7 +738,7 @@ int RAND_DRBG_unlock(RAND_DRBG *drbg) * * Returns 1 on success, 0 on failure. */ -int RAND_DRBG_enable_locking(RAND_DRBG *drbg) +int rand_drbg_enable_locking(RAND_DRBG *drbg) { if (drbg->state != DRBG_UNINITIALISED) { RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, @@ -797,7 +797,7 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent) if (drbg == NULL) return NULL; - if (RAND_DRBG_enable_locking(drbg) == 0) + if (rand_drbg_enable_locking(drbg) == 0) goto err; if (parent == NULL) { @@ -869,9 +869,9 @@ static int drbg_bytes(unsigned char *out, int count) if (drbg == NULL) return 0; - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = RAND_DRBG_bytes(drbg, out, count); - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; } @@ -898,11 +898,11 @@ static int drbg_add(const void *buf, int num, double randomness) return 0; } - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, buf, (size_t)(unsigned int)num, (size_t)(8*randomness)); - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; } @@ -922,9 +922,9 @@ static int drbg_status(void) if (drbg == NULL) return 0; - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = drbg->state == DRBG_READY ? 1 : 0; - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; } diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index e8ec44ae12..e92c33f4da 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -20,7 +20,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = { {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0), - "RAND_DRBG_enable_locking"}, + "rand_drbg_enable_locking"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0), "RAND_DRBG_generate"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0), diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index a63b28be4e..ceba8bba3f 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -222,6 +222,12 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len); int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *buffer, size_t len, size_t entropy); +/* locking api */ +int rand_drbg_lock(RAND_DRBG *drbg); +int rand_drbg_unlock(RAND_DRBG *drbg); +int rand_drbg_enable_locking(RAND_DRBG *drbg); + + /* initializes the AES-CTR DRBG implementation */ int drbg_ctr_init(RAND_DRBG *drbg); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 289acf3039..7b8b8fcb48 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -203,13 +203,13 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, * generating bits from it. (Note: taking the lock will be a no-op * if locking if drbg->parent->lock == NULL.) */ - RAND_DRBG_lock(drbg->parent); + rand_drbg_lock(drbg->parent); if (RAND_DRBG_generate(drbg->parent, buffer, bytes_needed, 0, (unsigned char *)drbg, sizeof(*drbg)) != 0) bytes = bytes_needed; - RAND_DRBG_unlock(drbg->parent); + rand_drbg_unlock(drbg->parent); entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes); } @@ -405,9 +405,9 @@ int RAND_poll(void) if (drbg == NULL) return 0; - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = rand_drbg_restart(drbg, NULL, 0, 0); - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; @@ -797,9 +797,9 @@ int RAND_priv_bytes(unsigned char *buf, int num) return 0; /* We have to lock the DRBG before generating bits from it. */ - RAND_DRBG_lock(drbg); + rand_drbg_lock(drbg); ret = RAND_DRBG_bytes(drbg, buf, num); - RAND_DRBG_unlock(drbg); + rand_drbg_unlock(drbg); return ret; } diff --git a/include/internal/rand.h b/include/internal/rand.h index 8d3e4528ba..d56742e533 100644 --- a/include/internal/rand.h +++ b/include/internal/rand.h @@ -48,10 +48,6 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); -int RAND_DRBG_lock(RAND_DRBG *drbg); -int RAND_DRBG_unlock(RAND_DRBG *drbg); -int RAND_DRBG_enable_locking(RAND_DRBG *drbg); - RAND_DRBG *RAND_DRBG_get0_master(void); RAND_DRBG *RAND_DRBG_get0_public(void); RAND_DRBG *RAND_DRBG_get0_private(void); diff --git a/util/libcrypto.num b/util/libcrypto.num index c4384e6de7..54560632bc 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4501,8 +4501,5 @@ EVP_sha512_256 4442 1_1_1 EXIST::FUNCTION: EVP_sha512_224 4443 1_1_1 EXIST::FUNCTION: OCSP_basic_sign_ctx 4444 1_1_1 EXIST::FUNCTION:OCSP RAND_DRBG_bytes 4445 1_1_1 EXIST::FUNCTION: -RAND_DRBG_lock 4446 1_1_1 EXIST::FUNCTION: -RAND_DRBG_unlock 4447 1_1_1 EXIST::FUNCTION: -RAND_DRBG_enable_locking 4448 1_1_1 EXIST::FUNCTION: -RAND_DRBG_secure_new 4449 1_1_1 EXIST::FUNCTION: -OSSL_STORE_vctrl 4450 1_1_1 EXIST::FUNCTION: +RAND_DRBG_secure_new 4446 1_1_1 EXIST::FUNCTION: +OSSL_STORE_vctrl 4447 1_1_1 EXIST::FUNCTION: