| commit | e39d13656889639655ceec15ab3a1aa5a4e50652 | [log] [tgz] |
|---|---|---|
| author | Adam Langley <alangley@gmail.com> | Wed Aug 21 15:44:15 2019 -0700 |
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | Thu Aug 22 14:57:58 2019 +0000 |
| tree | e98f55f8e2c433d5a49f300c42d3fe07c0447d3f | |
| parent | 9747a53284134ee8b52b4dc12fd8b939151a4d15 [diff] |
Require getrandom in Android FIPS builds. In order to make the entropy story a little simplier, drop support for using /dev/urandom from Android FIPS builds. Change-Id: I4c35618dcae1550142e60a886a8b51ba0df765a3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37205 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c index 56e4fbd..f63857f 100644 --- a/crypto/fipsmodule/rand/urandom.c +++ b/crypto/fipsmodule/rand/urandom.c
@@ -183,6 +183,12 @@ } #endif // USE_NR_getrandom + // Android FIPS builds must support getrandom. +#if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID) + perror("getrandom not found"); + abort(); +#endif + if (fd == kUnset) { do { fd = open("/dev/urandom", O_RDONLY);