Google Git
Sign in
boringssl/boringssl.git/2b8a057ca238025ec92b040da692bafc08b6e6f3^!/.
commit
2b8a057ca238025ec92b040da692bafc08b6e6f3
[log]
author
Bob Beck <bbe@google.com>
Mon Jul 10 13:17:59 2023 -0600
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Tue Jul 11 19:32:21 2023 +0000
tree
972ae2abd648d308ce8450026a66739d1265fdc4
parent
a36ac0a2e78adc0752a46eb01b7e048272241769 [diff]
Entropy changes for trusty and windows.

Add a rand_extra file for trusty, bump the BORINGSSL_API_VERION
and mark both trusty and windows as non-forking so we do not
require fork detection support.

Update-Note:
Prior to API version 24, Trusty maintained their own CRYPTO_sysrand
implementations outside of the BoringSSL tree.  With this change
they are not expected to provide CRYPTO_sysrand, it is maintained
inside the BoringSSL tree.

Change-Id: Iabcef024ff85bd767e2869a6ff27a64236322325
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61465
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index e004f19..d1cc984 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt

@@ -203,6 +203,7 @@
   rand_extra/ios.c
   rand_extra/passive.c
   rand_extra/rand_extra.c
+  rand_extra/trusty.c
   rand_extra/windows.c
   rc4/rc4.c
   refcount.c

diff --git a/crypto/fipsmodule/rand/fork_detect.c b/crypto/fipsmodule/rand/fork_detect.c
index 5ae1544..71a02c8 100644
--- a/crypto/fipsmodule/rand/fork_detect.c
+++ b/crypto/fipsmodule/rand/fork_detect.c

@@ -140,8 +140,20 @@
   *g_force_madv_wipeonfork_enabled_bss_get() = on;
 }
 
-#else   // !OPENSSL_LINUX
+#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY)
 
+// These platforms are guaranteed not to fork, and therefore do not require
+// fork detection support. Returning a constant non zero value makes BoringSSL
+// assume address space duplication is not a concern and adding entropy to
+// every RAND_bytes call is not needed.
+uint64_t CRYPTO_get_fork_generation(void) { return 0xc0ffee; }
+
+#else
+
+// These platforms may fork, but we do not have a mitigation mechanism in
+// place.  Returning a constant zero value makes BoringSSL assume that address
+// space duplication could have occured on any call entropy must be added to
+// every RAND_bytes call.
 uint64_t CRYPTO_get_fork_generation(void) { return 0; }
 
-#endif  // OPENSSL_LINUX
+#endif

diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h
index 595013d..91bbe58 100644
--- a/crypto/fipsmodule/rand/internal.h
+++ b/crypto/fipsmodule/rand/internal.h

@@ -29,7 +29,7 @@
 #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
 #define OPENSSL_RAND_DETERMINISTIC
 #elif defined(OPENSSL_TRUSTY)
-// Trusty's PRNG file is, for now, maintained outside the tree.
+#define OPENSSL_RAND_TRUSTY
 #elif defined(OPENSSL_WINDOWS)
 #define OPENSSL_RAND_WINDOWS
 #elif defined(OPENSSL_LINUX)

diff --git a/crypto/rand_extra/trusty.c b/crypto/rand_extra/trusty.c
new file mode 100644
index 0000000..d5b82e9
--- /dev/null
+++ b/crypto/rand_extra/trusty.c

@@ -0,0 +1,38 @@
+/* Copyright (c) 2023, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/rand.h>
+
+#include "../fipsmodule/rand/internal.h"
+
+#if defined(OPENSSL_RAND_TRUSTY)
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <sys/types.h>
+#include <uapi/err.h>
+
+#include <lib/rng/trusty_rng.h>
+
+void CRYPTO_sysrand(uint8_t *out, size_t requested) {
+  if (trusty_rng_hw_rand(out, requested) != NO_ERROR) {
+    abort();
+  }
+}
+
+void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
+  CRYPTO_sysrand(out, requested);
+}
+
+#endif  // OPENSSL_RAND_TRUSTY

diff --git a/include/openssl/base.h b/include/openssl/base.h
index 1cdad84..38d6474 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h

@@ -108,7 +108,7 @@
 // A consumer may use this symbol in the preprocessor to temporarily build
 // against multiple revisions of BoringSSL at the same time. It is not
 // recommended to do so for longer than is necessary.
-#define BORINGSSL_API_VERSION 23
+#define BORINGSSL_API_VERSION 24
 
 #if defined(BORINGSSL_SHARED_LIBRARY)