RAND_F_DRBG_SETUP:117:drbg_setup
RAND_F_GET_ENTROPY:106:get_entropy
RAND_F_RAND_BYTES:100:RAND_bytes
-RAND_F_RAND_DRBG_ENABLE_LOCKING:119:RAND_DRBG_enable_locking
+RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking
RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate
RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate
RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new
* LOCKING
*
* The three shared DRBGs are intended to be used concurrently, so they
- * support locking by default. It is the callers responsibility to wrap
- * calls to functions like RAND_DRBG_generate() which modify the DRBGs
- * internal state with calls to RAND_DRBG_lock() and RAND_DRBG_unlock().
- * The functions RAND_bytes() and RAND_priv_bytes() take the locks
- * automatically, so using the RAND api is thread safe as before.
- *
- * All other DRBG instances don't have locking enabled by default, because
- * they are intendended to be used by a single thread. If it is desired,
- * locking can be enabled using RAND_DRBG_enable_locking(). However, instead
- * of accessing a single DRBG instance concurrently from different threads,
- * it is recommended to instantiate a separate DRBG instance per thread.
+ * support locking. The RAND methods take the locks automatically, so using
+ * the RAND api (in particular RAND_bytes() and RAND_priv_bytes()) is
+ * thread-safe. Note however that accessing the shared DRBGs directly via
+ * the RAND_DRBG interface is *not* thread-safe.
+ *
+ * All other DRBG instances don't support locking, because they are
+ * intendended to be used by a single thread. Instead of accessing a single
+ * DRBG instance concurrently from different threads, it is recommended to
+ * instantiate a separate DRBG instance per thread. Using the same shared
+ * DRBG (preferrably the public DRBG) as parent of DRBG instances on
+ * different threads is safe.
*/
*
* Returns 1 on success, 0 on failure.
*/
-int RAND_DRBG_lock(RAND_DRBG *drbg)
+int rand_drbg_lock(RAND_DRBG *drbg)
{
if (drbg->lock != NULL)
return CRYPTO_THREAD_write_lock(drbg->lock);
*
* Returns 1 on success, 0 on failure.
*/
-int RAND_DRBG_unlock(RAND_DRBG *drbg)
+int rand_drbg_unlock(RAND_DRBG *drbg)
{
if (drbg->lock != NULL)
return CRYPTO_THREAD_unlock(drbg->lock);
*
* Returns 1 on success, 0 on failure.
*/
-int RAND_DRBG_enable_locking(RAND_DRBG *drbg)
+int rand_drbg_enable_locking(RAND_DRBG *drbg)
{
if (drbg->state != DRBG_UNINITIALISED) {
RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
if (drbg == NULL)
return NULL;
- if (RAND_DRBG_enable_locking(drbg) == 0)
+ if (rand_drbg_enable_locking(drbg) == 0)
goto err;
if (parent == NULL) {
if (drbg == NULL)
return 0;
- RAND_DRBG_lock(drbg);
+ rand_drbg_lock(drbg);
ret = RAND_DRBG_bytes(drbg, out, count);
- RAND_DRBG_unlock(drbg);
+ rand_drbg_unlock(drbg);
return ret;
}
return 0;
}
- RAND_DRBG_lock(drbg);
+ rand_drbg_lock(drbg);
ret = rand_drbg_restart(drbg, buf,
(size_t)(unsigned int)num,
(size_t)(8*randomness));
- RAND_DRBG_unlock(drbg);
+ rand_drbg_unlock(drbg);
return ret;
}
if (drbg == NULL)
return 0;
- RAND_DRBG_lock(drbg);
+ rand_drbg_lock(drbg);
ret = drbg->state == DRBG_READY ? 1 : 0;
- RAND_DRBG_unlock(drbg);
+ rand_drbg_unlock(drbg);
return ret;
}
{ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0),
- "RAND_DRBG_enable_locking"},
+ "rand_drbg_enable_locking"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0),
"RAND_DRBG_generate"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0),
int rand_drbg_restart(RAND_DRBG *drbg,
const unsigned char *buffer, size_t len, size_t entropy);
+/* locking api */
+int rand_drbg_lock(RAND_DRBG *drbg);
+int rand_drbg_unlock(RAND_DRBG *drbg);
+int rand_drbg_enable_locking(RAND_DRBG *drbg);
+
+
/* initializes the AES-CTR DRBG implementation */
int drbg_ctr_init(RAND_DRBG *drbg);
* generating bits from it. (Note: taking the lock will be a no-op
* if locking if drbg->parent->lock == NULL.)
*/
- RAND_DRBG_lock(drbg->parent);
+ rand_drbg_lock(drbg->parent);
if (RAND_DRBG_generate(drbg->parent,
buffer, bytes_needed,
0,
(unsigned char *)drbg, sizeof(*drbg)) != 0)
bytes = bytes_needed;
- RAND_DRBG_unlock(drbg->parent);
+ rand_drbg_unlock(drbg->parent);
entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
}
if (drbg == NULL)
return 0;
- RAND_DRBG_lock(drbg);
+ rand_drbg_lock(drbg);
ret = rand_drbg_restart(drbg, NULL, 0, 0);
- RAND_DRBG_unlock(drbg);
+ rand_drbg_unlock(drbg);
return ret;
return 0;
/* We have to lock the DRBG before generating bits from it. */
- RAND_DRBG_lock(drbg);
+ rand_drbg_lock(drbg);
ret = RAND_DRBG_bytes(drbg, buf, num);
- RAND_DRBG_unlock(drbg);
+ rand_drbg_unlock(drbg);
return ret;
}
int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
-int RAND_DRBG_lock(RAND_DRBG *drbg);
-int RAND_DRBG_unlock(RAND_DRBG *drbg);
-int RAND_DRBG_enable_locking(RAND_DRBG *drbg);
-
RAND_DRBG *RAND_DRBG_get0_master(void);
RAND_DRBG *RAND_DRBG_get0_public(void);
RAND_DRBG *RAND_DRBG_get0_private(void);
EVP_sha512_224 4443 1_1_1 EXIST::FUNCTION:
OCSP_basic_sign_ctx 4444 1_1_1 EXIST::FUNCTION:OCSP
RAND_DRBG_bytes 4445 1_1_1 EXIST::FUNCTION:
-RAND_DRBG_lock 4446 1_1_1 EXIST::FUNCTION:
-RAND_DRBG_unlock 4447 1_1_1 EXIST::FUNCTION:
-RAND_DRBG_enable_locking 4448 1_1_1 EXIST::FUNCTION:
-RAND_DRBG_secure_new 4449 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_vctrl 4450 1_1_1 EXIST::FUNCTION:
+RAND_DRBG_secure_new 4446 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_vctrl 4447 1_1_1 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff