Document thread safety for HMAC_DRBG

random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-09 18:45:10 +01:00
parent e39b2192e5
commit 478847cca3

View File

@ -158,7 +158,17 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* \note During the initial seeding, this function calls * \note During the initial seeding, this function calls
* the entropy source to obtain a nonce * the entropy source to obtain a nonce
* whose length is half the entropy length. * whose length is half the entropy length.
* */
#if defined(MBEDTLS_THREADING_C)
/**
* \note When Mbed TLS is built with threading support,
* after this function returns successfully,
* it is safe to call mbedtls_hmac_drbg_random()
* from multiple threads. Other operations, including
* reseeding, are not thread-safe.
*/
#endif /* MBEDTLS_THREADING_C */
/**
* \param ctx HMAC_DRBG context to be seeded. * \param ctx HMAC_DRBG context to be seeded.
* \param md_info MD algorithm to use for HMAC_DRBG. * \param md_info MD algorithm to use for HMAC_DRBG.
* \param f_entropy The entropy callback, taking as arguments the * \param f_entropy The entropy callback, taking as arguments the
@ -197,7 +207,17 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
* *
* This function is meant for use in algorithms that need a pseudorandom * This function is meant for use in algorithms that need a pseudorandom
* input such as deterministic ECDSA. * input such as deterministic ECDSA.
* */
#if defined(MBEDTLS_THREADING_C)
/**
* \note When Mbed TLS is built with threading support,
* after this function returns successfully,
* it is safe to call mbedtls_hmac_drbg_random()
* from multiple threads. Other operations, including
* reseeding, are not thread-safe.
*/
#endif /* MBEDTLS_THREADING_C */
/**
* \param ctx HMAC_DRBG context to be initialised. * \param ctx HMAC_DRBG context to be initialised.
* \param md_info MD algorithm to use for HMAC_DRBG. * \param md_info MD algorithm to use for HMAC_DRBG.
* \param data Concatenation of the initial entropy string and * \param data Concatenation of the initial entropy string and
@ -260,6 +280,11 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
/** /**
* \brief This function updates the state of the HMAC_DRBG context. * \brief This function updates the state of the HMAC_DRBG context.
* *
* \note This function is not thread-safe. It is not safe
* to call this function if another thread might be
* concurrently obtaining random numbers from the same
* context or updating or reseeding the same context.
*
* \param ctx The HMAC_DRBG context. * \param ctx The HMAC_DRBG context.
* \param additional The data to update the state with. * \param additional The data to update the state with.
* If this is \c NULL, there is no additional data. * If this is \c NULL, there is no additional data.
@ -276,6 +301,11 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
* \brief This function reseeds the HMAC_DRBG context, that is * \brief This function reseeds the HMAC_DRBG context, that is
* extracts data from the entropy source. * extracts data from the entropy source.
* *
* \note This function is not thread-safe. It is not safe
* to call this function if another thread might be
* concurrently obtaining random numbers from the same
* context or updating or reseeding the same context.
*
* \param ctx The HMAC_DRBG context. * \param ctx The HMAC_DRBG context.
* \param additional Additional data to add to the state. * \param additional Additional data to add to the state.
* If this is \c NULL, there is no additional data * If this is \c NULL, there is no additional data
@ -301,6 +331,11 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
* This function automatically reseeds if the reseed counter is exceeded * This function automatically reseeds if the reseed counter is exceeded
* or prediction resistance is enabled. * or prediction resistance is enabled.
* *
* \note This function is not thread-safe. It is not safe
* to call this function if another thread might be
* concurrently obtaining random numbers from the same
* context or updating or reseeding the same context.
*
* \param p_rng The HMAC_DRBG context. This must be a pointer to a * \param p_rng The HMAC_DRBG context. This must be a pointer to a
* #mbedtls_hmac_drbg_context structure. * #mbedtls_hmac_drbg_context structure.
* \param output The buffer to fill. * \param output The buffer to fill.
@ -330,7 +365,16 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
* *
* This function automatically reseeds if the reseed counter is exceeded * This function automatically reseeds if the reseed counter is exceeded
* or prediction resistance is enabled. * or prediction resistance is enabled.
* */
#if defined(MBEDTLS_THREADING_C)
/**
* \note When Mbed TLS is built with threading support,
* it is safe to call mbedtls_ctr_drbg_random()
* from multiple threads. Other operations, including
* reseeding, are not thread-safe.
*/
#endif /* MBEDTLS_THREADING_C */
/**
* \param p_rng The HMAC_DRBG context. This must be a pointer to a * \param p_rng The HMAC_DRBG context. This must be a pointer to a
* #mbedtls_hmac_drbg_context structure. * #mbedtls_hmac_drbg_context structure.
* \param output The buffer to fill. * \param output The buffer to fill.