Always have CRYPTO_sysrand_for_seed.
Trusty wants to seed from a different RNG than the one that supplies
per-draw entropy. This is a no-op change unless you're substituting in
your own implementations of these functions.
To see that it's a no-op in urandom.c, note that it only changes the
|seed| argument to |fill_with_entropy|. That causes the value of
|extra_getrandom_flags_for_seed_bss_get| to be ORed into the flags,
but that value will always be zero unless it's an Android FIPS build.
Change-Id: Ic8d954df3074559cbf1bfee1ae91a4a2b7e14d9d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48485
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h
index ac97b7c..127e5d1 100644
--- a/crypto/fipsmodule/rand/internal.h
+++ b/crypto/fipsmodule/rand/internal.h
@@ -65,16 +65,16 @@
// system.
void CRYPTO_sysrand(uint8_t *buf, size_t len);
-#if defined(OPENSSL_URANDOM)
-// CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
-// from the operating system.
-void CRYPTO_init_sysrand(void);
-
// CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
// operating system. It may draw from the |GRND_RANDOM| pool on Android,
// depending on the vendor's configuration.
void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
+#if defined(OPENSSL_URANDOM)
+// CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
+// from the operating system.
+void CRYPTO_init_sysrand(void);
+
// CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
// operating system, or early /dev/urandom data, and returns 1, _if_ the entropy
// pool is initialized or if getrandom() is not available and not in FIPS mode.
@@ -84,10 +84,6 @@
#else
OPENSSL_INLINE void CRYPTO_init_sysrand(void) {}
-OPENSSL_INLINE void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len) {
- CRYPTO_sysrand(buf, len);
-}
-
OPENSSL_INLINE int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
CRYPTO_sysrand(buf, len);
return 1;
diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c
index 089b814..29c43ae 100644
--- a/crypto/fipsmodule/rand/rand.c
+++ b/crypto/fipsmodule/rand/rand.c
@@ -293,7 +293,7 @@
int *out_used_cpu) {
// If not in FIPS mode, we don't overread from the system entropy source and
// we don't depend only on the hardware RDRAND.
- CRYPTO_sysrand(seed, CTR_DRBG_ENTROPY_LEN);
+ CRYPTO_sysrand_for_seed(seed, CTR_DRBG_ENTROPY_LEN);
*out_used_cpu = 0;
}
diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c
index 8464e9e..fa0a333 100644
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c
@@ -367,6 +367,10 @@
return 1;
}
+void CRYPTO_init_sysrand(void) {
+ CRYPTO_once(rand_once_bss_get(), init_once);
+}
+
// CRYPTO_sysrand puts |requested| random bytes into |out|.
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
if (!fill_with_entropy(out, requested, /*block=*/1, /*seed=*/0)) {
@@ -375,18 +379,12 @@
}
}
-void CRYPTO_init_sysrand(void) {
- CRYPTO_once(rand_once_bss_get(), init_once);
-}
-
-#if defined(BORINGSSL_FIPS)
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
if (!fill_with_entropy(out, requested, /*block=*/1, /*seed=*/1)) {
perror("entropy fill failed");
abort();
}
}
-#endif // BORINGSSL_FIPS
int CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) {
if (fill_with_entropy(out, requested, /*block=*/0, /*seed=*/0)) {
diff --git a/crypto/rand_extra/deterministic.c b/crypto/rand_extra/deterministic.c
index 38cfd11..435f063 100644
--- a/crypto/rand_extra/deterministic.c
+++ b/crypto/rand_extra/deterministic.c
@@ -49,4 +49,8 @@
CRYPTO_chacha_20(out, out, requested, kZeroKey, nonce, 0);
}
+void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
+ CRYPTO_sysrand(out, requested);
+}
+
#endif // BORINGSSL_UNSAFE_DETERMINISTIC_MODE
diff --git a/crypto/rand_extra/fuchsia.c b/crypto/rand_extra/fuchsia.c
index 0514d80..ee6cfdb 100644
--- a/crypto/rand_extra/fuchsia.c
+++ b/crypto/rand_extra/fuchsia.c
@@ -27,4 +27,8 @@
zx_cprng_draw(out, requested);
}
+void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
+ CRYPTO_sysrand(out, requested);
+}
+
#endif // OPENSSL_FUCHSIA && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE
diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.c
index 82d5542..8ade689 100644
--- a/crypto/rand_extra/windows.c
+++ b/crypto/rand_extra/windows.c
@@ -66,4 +66,8 @@
return;
}
+void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
+ CRYPTO_sysrand(out, requested);
+}
+
#endif // OPENSSL_WINDOWS && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE
