Google Git
Sign in
boringssl/boringssl.git/5cf3298140ae4e4d219a0703c5280fa327c361fa^!/.
commit
5cf3298140ae4e4d219a0703c5280fa327c361fa
[log]
author
Adam Langley <agl@google.com>
Mon Oct 14 12:46:37 2019 -0700
committer
Adam Langley <agl@google.com>
Mon Oct 14 21:32:23 2019 +0000
tree
b1313e31377931b6b83557f7fb96e790746efc20
parent
2865bce1b2ede077074f36f29e81ba4696185b23 [diff]
Fix the FIPS + fuzzing build.

Recent changes to the PRNG seeding in FIPS mode broke the build when
trying to build with both FIPS and fuzzing enabled.

Change-Id: I069b4af1fdd4efaef96e3e3b3a1e0197faabe2e1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38184
Reviewed-by: Matt Braithwaite <mab@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h
index 07563b7..280aae4 100644
--- a/crypto/fipsmodule/rand/internal.h
+++ b/crypto/fipsmodule/rand/internal.h

@@ -40,7 +40,7 @@
 // system.
 void CRYPTO_sysrand(uint8_t *buf, size_t len);
 
-#if defined(OPENSSL_URANDOM) && defined(BORINGSSL_FIPS)
+#if defined(OPENSSL_URANDOM) || defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
 // CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
 // operating system. It may draw from the |GRND_RANDOM| pool on Android,
 // depending on the vendor's configuration.

diff --git a/crypto/rand_extra/deterministic.c b/crypto/rand_extra/deterministic.c
index 17fa71e..34547ea 100644
--- a/crypto/rand_extra/deterministic.c
+++ b/crypto/rand_extra/deterministic.c

@@ -45,4 +45,12 @@
   g_num_calls++;
 }
 
+void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
+  CRYPTO_sysrand(out, requested);
+}
+
+void CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) {
+  CRYPTO_sysrand(out, requested);
+}
+
 #endif  // BORINGSSL_UNSAFE_DETERMINISTIC_MODE