• Stephan Mueller's avatar
    crypto: drbg - replace spinlock with mutex · 76899a41
    Stephan Mueller authored
    The creation of a shadow copy is intended to only hold a short term
    lock. But the drawback is that parallel users have a very similar DRBG
    state which only differs by a high-resolution time stamp.
    The DRBG will now hold a long term lock. Therefore, the lock is changed
    to a mutex which implies that the DRBG can only be used in process
    The lock now guards the instantiation as well as the entire DRBG
    generation operation. Therefore, multiple callers are fully serialized
    when generating a random number.
    As the locking is changed to use a long-term lock to avoid such similar
    DRBG states, the entire creation and maintenance of a shadow copy can be
    Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
drbg.c 54.2 KB