Convert drbg_lib to use OPENSSL_CTX for its global data

typedef struct rand_pool_st RAND_POOL;

void rand_cleanup_int(void);

void rand_drbg_cleanup_int(void);

void drbg_delete_thread_state(void);

void rand_fork(void);

    OSSL_TRACE(INIT, "OPENSSL_cleanup: rand_cleanup_int()\n");

    rand_cleanup_int();

    OSSL_TRACE(INIT, "OPENSSL_cleanup: rand_drbg_cleanup_int()\n");

    rand_drbg_cleanup_int();

    OSSL_TRACE(INIT, "OPENSSL_cleanup: conf_modules_free_int()\n");

    conf_modules_free_int();

 * a much bigger deal than just re-setting an allocated resource.)

 */

typedef struct drbg_global_st {

    /*

     * The three shared DRBG instances

     *

     * all threads. The necessary locking is managed automatically by its child

     * DRBG instances during reseeding.

     */

static RAND_DRBG *master_drbg;

    RAND_DRBG *master_drbg;

    /*

     * The <public> DRBG

     *

     * Used by default for generating random bytes using RAND_bytes().

     *

 * The <public> DRBG is thread-local, i.e., there is one instance per thread.

     * The <public> DRBG is thread-local, i.e., there is one instance per

     * thread.

     */

static CRYPTO_THREAD_LOCAL public_drbg;

    CRYPTO_THREAD_LOCAL public_drbg;

    /*

     * The <private> DRBG

     *

     * Used by default for generating private keys using RAND_priv_bytes()

     *

 * The <private> DRBG is thread-local, i.e., there is one instance per thread.

     * The <private> DRBG is thread-local, i.e., there is one instance per

     * thread.

     */

static CRYPTO_THREAD_LOCAL private_drbg;

    CRYPTO_THREAD_LOCAL private_drbg;

} DRBG_GLOBAL;

/* NIST SP 800-90A DRBG recommends the use of a personalization string. */

static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;

static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;

#define RAND_DRBG_TYPE_FLAGS    ( \

    RAND_DRBG_FLAG_MASTER | RAND_DRBG_FLAG_PUBLIC | RAND_DRBG_FLAG_PRIVATE )

    RAND_DRBG_FLAG_CTR_NO_DF | RAND_DRBG_FLAG_HMAC | RAND_DRBG_TYPE_FLAGS;

static RAND_DRBG *drbg_setup(RAND_DRBG *parent, int drbg_type);

static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent, int drbg_type);

static RAND_DRBG *rand_drbg_new(int secure,

static RAND_DRBG *rand_drbg_new(OPENSSL_CTX *ctx,

                                int secure,

                                int type,

                                unsigned int flags,

                                RAND_DRBG *parent);

 *

 * Returns a pointer to the new DRBG instance on success, NULL on failure.

 */

static RAND_DRBG *rand_drbg_new(int secure,

static RAND_DRBG *rand_drbg_new(OPENSSL_CTX *ctx,

                                int secure,

                                int type,

                                unsigned int flags,

                                RAND_DRBG *parent)

        return NULL;

    }

    drbg->libctx = ctx;

    drbg->secure = secure && CRYPTO_secure_allocated(drbg);

    drbg->fork_count = rand_fork_count;

    drbg->parent = parent;

    return NULL;

}

RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx, int type, unsigned int flags,

                            RAND_DRBG *parent)

{

    return rand_drbg_new(ctx, 0, type, flags, parent);

}

RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent)

{

    return rand_drbg_new(0, type, flags, parent);

    return RAND_DRBG_new_ex(NULL, type, flags, parent);

}

RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent)

RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx, int type,

                                   unsigned int flags, RAND_DRBG *parent)

{

    return rand_drbg_new(1, type, flags, parent);

    return rand_drbg_new(ctx, 1, type, flags, parent);

}

RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent)

{

    return RAND_DRBG_secure_new_ex(NULL, type, flags, parent);

}

/*

 * Uninstantiate |drbg| and free all memory.

 */

 *

 * Returns a pointer to the new DRBG instance on success, NULL on failure.

 */

static RAND_DRBG *drbg_setup(RAND_DRBG *parent, int drbg_type)

static RAND_DRBG *drbg_setup(OPENSSL_CTX *ctx, RAND_DRBG *parent, int drbg_type)

{

    RAND_DRBG *drbg;

    drbg = RAND_DRBG_secure_new(rand_drbg_type[drbg_type],

    drbg = RAND_DRBG_secure_new_ex(ctx, rand_drbg_type[drbg_type],

                                   rand_drbg_flags[drbg_type], parent);

    if (drbg == NULL)

        return NULL;

}

/*

 * Initialize the global DRBGs on first use.

 * Returns 1 on success, 0 on failure.

 * Initialize the OPENSSL_CTX global DRBGs on first use.

 * Returns the allocated global data on success or NULL on failure.

 */

DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)

static void *drbg_ossl_ctx_new(OPENSSL_CTX *libctx)

{

    /*

     * ensure that libcrypto is initialized, otherwise the

     * DRBG locks are not cleaned up properly

     */

    if (!OPENSSL_init_crypto(0, NULL))

        return 0;

    DRBG_GLOBAL *dgbl = OPENSSL_zalloc(sizeof(*dgbl));

    if (!CRYPTO_THREAD_init_local(&private_drbg, NULL))

        return 0;

    if (dgbl == NULL)

        return NULL;

    if (!CRYPTO_THREAD_init_local(&public_drbg, NULL))

    if (!CRYPTO_THREAD_init_local(&dgbl->private_drbg, NULL))

        goto err1;

    master_drbg = drbg_setup(NULL, RAND_DRBG_TYPE_MASTER);

    if (master_drbg == NULL)

    if (!CRYPTO_THREAD_init_local(&dgbl->public_drbg, NULL))

        goto err2;

    return 1;

    dgbl->master_drbg = drbg_setup(libctx, NULL, RAND_DRBG_TYPE_MASTER);

    if (dgbl->master_drbg == NULL)

        goto err3;

    return dgbl;

 err3:

    CRYPTO_THREAD_cleanup_local(&dgbl->public_drbg);

 err2:

    CRYPTO_THREAD_cleanup_local(&public_drbg);

    CRYPTO_THREAD_cleanup_local(&dgbl->private_drbg);

 err1:

    CRYPTO_THREAD_cleanup_local(&private_drbg);

    return 0;

    OPENSSL_free(dgbl);

    return NULL;

}

/* Clean up the global DRBGs before exit */

void rand_drbg_cleanup_int(void)

static void drbg_ossl_ctx_free(void *vdgbl)

{

    if (master_drbg != NULL) {

        RAND_DRBG_free(master_drbg);

        master_drbg = NULL;

    DRBG_GLOBAL *dgbl = vdgbl;

        CRYPTO_THREAD_cleanup_local(&private_drbg);

        CRYPTO_THREAD_cleanup_local(&public_drbg);

    RAND_DRBG_free(dgbl->master_drbg);

    CRYPTO_THREAD_cleanup_local(&dgbl->private_drbg);

    CRYPTO_THREAD_cleanup_local(&dgbl->public_drbg);

    OPENSSL_free(dgbl);

}

static const OPENSSL_CTX_METHOD drbg_ossl_ctx_method = {

    drbg_ossl_ctx_new,

    drbg_ossl_ctx_free,

};

static DRBG_GLOBAL *drbg_get_global(OPENSSL_CTX *libctx)

{

    return openssl_ctx_get_data(libctx, OPENSSL_CTX_DRBG_INDEX,

                                &drbg_ossl_ctx_method);

}

void drbg_delete_thread_state(void)

{

    DRBG_GLOBAL *dgbl = drbg_get_global(ctx);

    RAND_DRBG *drbg;

    drbg = CRYPTO_THREAD_get_local(&public_drbg);

    CRYPTO_THREAD_set_local(&public_drbg, NULL);

    if (dgbl == NULL)

        return;

    drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg);

    CRYPTO_THREAD_set_local(&dgbl->public_drbg, NULL);

    RAND_DRBG_free(drbg);

    drbg = CRYPTO_THREAD_get_local(&private_drbg);

    CRYPTO_THREAD_set_local(&private_drbg, NULL);

    drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg);

    CRYPTO_THREAD_set_local(&dgbl->private_drbg, NULL);

    RAND_DRBG_free(drbg);

}

 * Returns pointer to the DRBG on success, NULL on failure.

 *

 */

RAND_DRBG *RAND_DRBG_get0_master(void)

RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx)

{

    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))

    DRBG_GLOBAL *dgbl = drbg_get_global(ctx);

    if (dgbl == NULL)

        return NULL;

    return master_drbg;

    return dgbl->master_drbg;

}

RAND_DRBG *RAND_DRBG_get0_master(void)

{

    return OPENSSL_CTX_get0_master_drbg(NULL);

}

/*

 * Get the public DRBG.

 * Returns pointer to the DRBG on success, NULL on failure.

 */

RAND_DRBG *RAND_DRBG_get0_public(void)

RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx)

{

    DRBG_GLOBAL *dgbl = drbg_get_global(ctx);

    RAND_DRBG *drbg;

    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))

    if (dgbl == NULL)

        return NULL;

    drbg = CRYPTO_THREAD_get_local(&public_drbg);

    drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg);

    if (drbg == NULL) {

        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))

            return NULL;

        drbg = drbg_setup(master_drbg, RAND_DRBG_TYPE_PUBLIC);

        CRYPTO_THREAD_set_local(&public_drbg, drbg);

        drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PUBLIC);

        CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg);

    }

    return drbg;

}

RAND_DRBG *RAND_DRBG_get0_public(void)

{

    return OPENSSL_CTX_get0_public_drbg(NULL);

}

/*

 * Get the private DRBG.

 * Returns pointer to the DRBG on success, NULL on failure.

 */

RAND_DRBG *RAND_DRBG_get0_private(void)

RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx)

{

    DRBG_GLOBAL *dgbl = drbg_get_global(ctx);

    RAND_DRBG *drbg;

    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))

    if (dgbl == NULL)

        return NULL;

    drbg = CRYPTO_THREAD_get_local(&private_drbg);

    drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg);

    if (drbg == NULL) {

        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))

            return NULL;

        drbg = drbg_setup(master_drbg, RAND_DRBG_TYPE_PRIVATE);

        CRYPTO_THREAD_set_local(&private_drbg, drbg);

        drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PRIVATE);

        CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg);

    }

    return drbg;

}

RAND_DRBG *RAND_DRBG_get0_private(void)

{

    return OPENSSL_CTX_get0_private_drbg(NULL);

}

RAND_METHOD rand_meth = {

    drbg_seed,

    drbg_bytes,

 */

struct rand_drbg_st {

    CRYPTO_RWLOCK *lock;

    /* The library context this DRBG is associated with, if any */

    OPENSSL_CTX *libctx;

    RAND_DRBG *parent;

    int secure; /* 1: allocated on the secure heap, 0: otherwise */

    int type; /* the nid of the underlying algorithm */

# define OPENSSL_CTX_PROPERTY_DEFN_INDEX            2

# define OPENSSL_CTX_PROPERTY_STRING_INDEX          3

# define OPENSSL_CTX_NAMEMAP_INDEX                  4

# define OPENSSL_CTX_MAX_INDEXES                    5

# define OPENSSL_CTX_DRBG_INDEX                     5

# define OPENSSL_CTX_MAX_INDEXES                    6

typedef struct openssl_ctx_method {

    void *(*new_func)(OPENSSL_CTX *ctx);