kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
55db667c62
boringssl/crypto/rand_extra/forkunsafe.c
Adam Langley e6bf9065af Remove pooling of PRNG state. 
Prior to 82639e6f we used thread-local data for the PRNG state. That
change switched to using a mutex-protected pool instead in order to save
memory in heavily-threaded applications.

However, the pool mutex can get extremely hot in cases where the PRNG is
heavily used. 8e8f2504 was a short-term work around, but supporting both
modes is overly complex.

This change moves back to the state of the prior to 82639e6f. The best
way to review this is to diff the changed files against '82639e6f^' and
note that the only difference is a comment added in rand.c:
https://paste.googleplex.com/4997991748337664

Change-Id: I8febce089696fa6bc39f94f4a1e268127a8f78db
Reviewed-on: https://boringssl-review.googlesource.com/c/34024
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2019-01-03 20:19:44 +00:00

47 lines
1.5 KiB
C
Raw Blame History

/* Copyright (c) 2017, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/rand.h>
#include <stdlib.h>
#include "../fipsmodule/rand/internal.h"
// g_buffering_enabled is true if fork-unsafe buffering has been enabled.
static int g_buffering_enabled = 0;
// g_lock protects |g_buffering_enabled|.
static struct CRYPTO_STATIC_MUTEX g_lock = CRYPTO_STATIC_MUTEX_INIT;
#if !defined(OPENSSL_WINDOWS)
void RAND_enable_fork_unsafe_buffering(int fd) {
// We no longer support setting the file-descriptor with this function.
if (fd != -1) {
abort();
}
CRYPTO_STATIC_MUTEX_lock_write(&g_lock);
g_buffering_enabled = 1;
CRYPTO_STATIC_MUTEX_unlock_write(&g_lock);
}
#endif
int rand_fork_unsafe_buffering_enabled(void) {
CRYPTO_STATIC_MUTEX_lock_read(&g_lock);
const int ret = g_buffering_enabled;
CRYPTO_STATIC_MUTEX_unlock_read(&g_lock);
return ret;
}
Reference in New Issue View Git Blame Copy Permalink