Move urandom and OS entropy support out of BCM
BCM uses only passive entropy, in that from BCM's
point of view, entropy is requested and obtained
from an external source, and fed to BCM's CTR_DRBG
as required. With this change entropy is always gathered
in an OS specific manner outside of BCM by libcrypto,
while the CTR_DRBG remains in BCM using that entropy.
BCM functions (but not yet the tests!) now no longer
use the public RAND_bytes function, but instead use
BCM_rand_bytes which uses the BCM module CTR_DRBG.
BCM_rand_bytes is in turn used by libcrypto to implement
the public RAND_bytes function. All public RAND_
functions are now implemented in rand_extra.
As part of this two new headers are introduced to
start defining the interface boundary between libcrypto
and BCM.
crypto/bcm_support.h <- Functions implemented by libcrypto
and used by bcm
fipsmodule/bcm_interface.h <- Functions implemented by
bcm and used by libcrypto.
Bug: 723
Change-Id: I6b618dfe4df257f67971e88cbd79126c837e21d6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68147
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/build.json b/build.json
index 766117f..6f6271a 100644
--- a/build.json
+++ b/build.json
@@ -80,7 +80,6 @@
"crypto/fipsmodule/rand/ctrdrbg.c",
"crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
- "crypto/fipsmodule/rand/urandom.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
"crypto/fipsmodule/rsa/rsa.c",
@@ -298,6 +297,7 @@
"crypto/rand_extra/passive.c",
"crypto/rand_extra/rand_extra.c",
"crypto/rand_extra/trusty.c",
+ "crypto/rand_extra/urandom.c",
"crypto/rand_extra/windows.c",
"crypto/rc4/rc4.c",
"crypto/refcount.c",
@@ -496,7 +496,7 @@
"crypto/ec_extra/internal.h",
"crypto/err/internal.h",
"crypto/evp/internal.h",
- "crypto/fipsmodule/aes/internal.h",
+ "crypto/fipsmodule/bcm_interface.h",
"crypto/fipsmodule/bn/internal.h",
"crypto/fipsmodule/bn/rsaz_exp.h",
"crypto/fipsmodule/cipher/internal.h",
@@ -513,13 +513,13 @@
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
"crypto/fipsmodule/rand/fork_detect.h",
- "crypto/fipsmodule/rand/getrandom_fillin.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
"crypto/fipsmodule/sha/internal.h",
"crypto/fipsmodule/tls/internal.h",
"crypto/hrss/internal.h",
+ "crypto/bcm_support.h",
"crypto/internal.h",
"crypto/keccak/internal.h",
"crypto/kyber/internal.h",
@@ -531,6 +531,8 @@
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
"crypto/pool/internal.h",
+ "crypto/rand_extra/getrandom_fillin.h",
+ "crypto/rand_extra/sysrand_internal.h",
"crypto/rsa_extra/internal.h",
"crypto/spx/address.h",
"crypto/spx/fors.h",
@@ -913,7 +915,7 @@
},
"urandom_test": {
"srcs": [
- "crypto/fipsmodule/rand/urandom_test.cc"
+ "crypto/rand_extra/urandom_test.cc"
]
},
"pki_test": {
diff --git a/crypto/bcm_support.h b/crypto/bcm_support.h
new file mode 100644
index 0000000..a6f005b
--- /dev/null
+++ b/crypto/bcm_support.h
@@ -0,0 +1,73 @@
+/* Copyright (c) 2024, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
+#define OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
+
+#include <openssl/base.h>
+
+// Provided by libcrypto, called from BCM
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
+#define OPENSSL_RAND_DETERMINISTIC
+#elif defined(OPENSSL_TRUSTY)
+#define OPENSSL_RAND_TRUSTY
+#elif defined(OPENSSL_WINDOWS)
+#define OPENSSL_RAND_WINDOWS
+#elif defined(OPENSSL_LINUX)
+#define OPENSSL_RAND_URANDOM
+#elif defined(OPENSSL_APPLE) && !defined(OPENSSL_MACOS)
+// Unlike macOS, iOS and similar hide away getentropy().
+#define OPENSSL_RAND_IOS
+#else
+// By default if you are integrating BoringSSL we expect you to
+// provide getentropy from the <unistd.h> header file.
+#define OPENSSL_RAND_GETENTROPY
+#endif
+
+// Provided by libcrypto, called from BCM
+
+// CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
+// from the operating system, if the operating system requires initialization.
+void CRYPTO_init_sysrand(void);
+
+// CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating
+// system.
+void CRYPTO_sysrand(uint8_t *buf, size_t len);
+
+// CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
+// operating system, or early /dev/urandom data, and returns 1, _if_ the entropy
+// pool is initialized or if getrandom() is not available and not in FIPS mode.
+// Otherwise it will not block and will instead fill |buf| with all zeros and
+// return 0.
+int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len);
+
+// CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
+// operating system. It may draw from the |GRND_RANDOM| pool on Android,
+// depending on the vendor's configuration.
+void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
+
+// RAND_need_entropy is called whenever the BCM module has stopped because it
+// has run out of entropy.
+void RAND_need_entropy(size_t bytes_needed);
+
+#if defined(__cplusplus)
+} // extern C
+#endif
+
+#endif // OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
diff --git a/crypto/crypto.c b/crypto/crypto.c
index 724a774..ddf4038 100644
--- a/crypto/crypto.c
+++ b/crypto/crypto.c
@@ -18,6 +18,7 @@
#include "fipsmodule/rand/fork_detect.h"
#include "fipsmodule/rand/internal.h"
+#include "bcm_support.h"
#include "internal.h"
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 48becb9..d9cc6c3 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -28,6 +28,7 @@
#include <openssl/hmac.h>
#include <openssl/sha.h>
+#include "bcm_interface.h"
#include "../internal.h"
#include "aes/aes.c"
@@ -94,7 +95,6 @@
#include "rand/ctrdrbg.c"
#include "rand/fork_detect.c"
#include "rand/rand.c"
-#include "rand/urandom.c"
#include "rsa/blinding.c"
#include "rsa/padding.c"
#include "rsa/rsa.c"
@@ -193,7 +193,7 @@
assert_within(start, AES_encrypt, end);
assert_within(start, RSA_sign, end);
- assert_within(start, RAND_bytes, end);
+ assert_within(start, BCM_rand_bytes, end);
assert_within(start, EC_GROUP_cmp, end);
assert_within(start, SHA256_Update, end);
assert_within(start, ecdsa_verify_fixed, end);
diff --git a/crypto/fipsmodule/bcm_interface.h b/crypto/fipsmodule/bcm_interface.h
new file mode 100644
index 0000000..9687b79
--- /dev/null
+++ b/crypto/fipsmodule/bcm_interface.h
@@ -0,0 +1,89 @@
+/* Copyright (c) 2024, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_BCM_INTERFACE_H
+#define OPENSSL_HEADER_CRYPTO_BCM_INTERFACE_H
+
+// This header will eventually become the interface between BCM and the
+// rest of libcrypto. More cleanly separating the two is still a work in
+// progress (see https://crbug.com/boringssl/722) so, at the moment, we
+// consider this no different from any other header in BCM.
+//
+// Over time, calls from libcrypto to BCM will all move to this header
+// and the separation will become more meaningful.
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+// Enumerated types for return values from bcm functions, both infallible
+// and fallible functions. Two success values are used to correspond to the
+// FIPS service indicator. For the moment, the official service indicator
+// remains the counter, not these values. Once we fully transition to
+// these return values from bcm we will change that.
+enum bcm_infallible_t {
+ bcm_infallible_approved,
+ bcm_infallible_not_approved,
+};
+
+enum bcm_status_t {
+ bcm_status_approved,
+ bcm_status_not_approved,
+
+ // Failure codes, which must all be negative.
+ bcm_status_failure,
+};
+typedef enum bcm_status_t bcm_status;
+typedef enum bcm_infallible_t bcm_infallible;
+
+OPENSSL_INLINE int bcm_success(bcm_status status) {
+ return status == bcm_status_approved || status == bcm_status_not_approved;
+}
+
+#if defined(BORINGSSL_FIPS)
+
+// We overread from /dev/urandom or RDRAND by a factor of 10 and XOR to whiten.
+// TODO(bbe): disentangle this value which is used to calculate the size of the
+// stack buffer in RAND_need entropy based on a calculation.
+#define BORINGSSL_FIPS_OVERREAD 10
+
+#endif // BORINGSSL_FIPS
+
+// BCM_rand_load_entropy supplies |entropy_len| bytes of entropy to the BCM
+// module. The |want_additional_input| parameter is true iff the entropy was
+// obtained from a source other than the system, e.g. directly from the CPU.
+bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len,
+ int want_additional_input);
+
+// BCM_rand_bytes is the same as the public |RAND_bytes| function, other
+// than returning a bcm_infallible status indicator.
+OPENSSL_EXPORT bcm_infallible BCM_rand_bytes(uint8_t *out, size_t out_len);
+
+// BCM_rand_bytes_hwrng attempts to fill |out| with |len| bytes of entropy from
+// the CPU hardware random number generator if one is present.
+// bcm_status_approved is returned on success, and a failure status is
+// returned otherwise.
+bcm_status BCM_rand_bytes_hwrng(uint8_t *out, size_t len);
+
+// BCM_rand_bytes_with_additional_data samples from the RNG after mixing 32
+// bytes from |user_additional_data| in.
+bcm_infallible BCM_rand_bytes_with_additional_data(
+ uint8_t *out, size_t out_len, const uint8_t user_additional_data[32]);
+
+
+#if defined(__cplusplus)
+} // extern C
+#endif
+
+#endif // OPENSSL_HEADER_CRYPTO_BCM_INTERFACE_H
diff --git a/crypto/fipsmodule/bn/random.c b/crypto/fipsmodule/bn/random.c
index f57d1c6..b3012de 100644
--- a/crypto/fipsmodule/bn/random.c
+++ b/crypto/fipsmodule/bn/random.c
@@ -113,10 +113,9 @@
#include <string.h>
#include <openssl/err.h>
-#include <openssl/rand.h>
+#include "../../bcm_support.h"
#include "../../internal.h"
-#include "../rand/internal.h"
#include "../service_indicator/internal.h"
#include "internal.h"
@@ -157,7 +156,7 @@
}
FIPS_service_indicator_lock_state();
- RAND_bytes((uint8_t *)rnd->d, words * sizeof(BN_ULONG));
+ BCM_rand_bytes((uint8_t *)rnd->d, words * sizeof(BN_ULONG));
FIPS_service_indicator_unlock_state();
rnd->d[words - 1] &= mask;
@@ -225,8 +224,7 @@
while (words > 0 && max_exclusive[words - 1] == 0) {
words--;
}
- if (words == 0 ||
- (words == 1 && max_exclusive[0] <= min_inclusive)) {
+ if (words == 0 || (words == 1 && max_exclusive[0] <= min_inclusive)) {
OPENSSL_PUT_ERROR(BN, BN_R_INVALID_RANGE);
return 0;
}
@@ -275,8 +273,8 @@
// Steps 4 and 5. Use |words| and |mask| together to obtain a string of N
// bits, where N is the bit length of |max_exclusive|.
FIPS_service_indicator_lock_state();
- RAND_bytes_with_additional_data((uint8_t *)out, words * sizeof(BN_ULONG),
- additional_data);
+ BCM_rand_bytes_with_additional_data(
+ (uint8_t *)out, words * sizeof(BN_ULONG), additional_data);
FIPS_service_indicator_unlock_state();
out[words - 1] &= mask;
@@ -326,7 +324,7 @@
// Select a uniform random number with num_bits(max_exclusive) bits.
FIPS_service_indicator_lock_state();
- RAND_bytes((uint8_t *)r->d, words * sizeof(BN_ULONG));
+ BCM_rand_bytes((uint8_t *)r->d, words * sizeof(BN_ULONG));
FIPS_service_indicator_unlock_state();
r->d[words - 1] &= mask;
diff --git a/crypto/fipsmodule/cipher/e_aes.c b/crypto/fipsmodule/cipher/e_aes.c
index 6c556ee..ab05e43 100644
--- a/crypto/fipsmodule/cipher/e_aes.c
+++ b/crypto/fipsmodule/cipher/e_aes.c
@@ -56,11 +56,11 @@
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/nid.h>
-#include <openssl/rand.h>
#include "internal.h"
#include "../../internal.h"
#include "../aes/internal.h"
+#include "../bcm_interface.h"
#include "../modes/internal.h"
#include "../service_indicator/internal.h"
#include "../delocate.h"
@@ -471,11 +471,11 @@
}
OPENSSL_memcpy(gctx->iv, ptr, arg);
if (c->encrypt) {
- // |RAND_bytes| calls within the fipsmodule should be wrapped with state
- // lock functions to avoid updating the service indicator with the DRBG
- // functions.
+ // |BCM_rand_bytes| calls within the fipsmodule should be wrapped with
+ // state lock functions to avoid updating the service indicator with the
+ // DRBG functions.
FIPS_service_indicator_lock_state();
- RAND_bytes(gctx->iv + arg, gctx->ivlen - arg);
+ BCM_rand_bytes(gctx->iv + arg, gctx->ivlen - arg);
FIPS_service_indicator_unlock_state();
}
gctx->iv_gen = 1;
@@ -1167,10 +1167,11 @@
return 0;
}
- // |RAND_bytes| calls within the fipsmodule should be wrapped with state lock
- // functions to avoid updating the service indicator with the DRBG functions.
+ // |BCM_rand_bytes| calls within the fipsmodule should be wrapped with state
+ // lock functions to avoid updating the service indicator with the DRBG
+ // functions.
FIPS_service_indicator_lock_state();
- RAND_bytes(nonce, sizeof(nonce));
+ BCM_rand_bytes(nonce, sizeof(nonce));
FIPS_service_indicator_unlock_state();
const struct aead_aes_gcm_ctx *gcm_ctx =
diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h
index 91bbe58..b9a1acf 100644
--- a/crypto/fipsmodule/rand/internal.h
+++ b/crypto/fipsmodule/rand/internal.h
@@ -18,92 +18,13 @@
#include <openssl/aes.h>
#include <openssl/ctrdrbg.h>
-#include "../../internal.h"
+#include "../../bcm_support.h"
#include "../modes/internal.h"
#if defined(__cplusplus)
extern "C" {
#endif
-
-#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
-#define OPENSSL_RAND_DETERMINISTIC
-#elif defined(OPENSSL_TRUSTY)
-#define OPENSSL_RAND_TRUSTY
-#elif defined(OPENSSL_WINDOWS)
-#define OPENSSL_RAND_WINDOWS
-#elif defined(OPENSSL_LINUX)
-#define OPENSSL_RAND_URANDOM
-#elif defined(OPENSSL_APPLE) && !defined(OPENSSL_MACOS)
-// Unlike macOS, iOS and similar hide away getentropy().
-#define OPENSSL_RAND_IOS
-#else
-// By default if you are integrating BoringSSL we expect you to
-// provide getentropy from the <unistd.h> header file.
-#define OPENSSL_RAND_GETENTROPY
-#endif
-
-// RAND_bytes_with_additional_data samples from the RNG after mixing 32 bytes
-// from |user_additional_data| in.
-void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
- const uint8_t user_additional_data[32]);
-
-#if defined(BORINGSSL_FIPS)
-
-// We overread from /dev/urandom or RDRAND by a factor of 10 and XOR to whiten.
-#define BORINGSSL_FIPS_OVERREAD 10
-
-// CRYPTO_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable
-// for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
-// entropy came directly from the CPU and zero if it came from the OS. It
-// actively obtains entropy from the CPU/OS and so should not be called from
-// within the FIPS module.
-void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
- int *out_used_cpu);
-
-// RAND_load_entropy supplies |entropy_len| bytes of entropy to the module. The
-// |want_additional_input| parameter is true iff the entropy was obtained from
-// a source other than the system, e.g. directly from the CPU.
-void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
- int want_additional_input);
-
-// RAND_need_entropy is implemented outside of the FIPS module and is called
-// when the module has stopped because it has run out of entropy.
-void RAND_need_entropy(size_t bytes_needed);
-
-#endif // BORINGSSL_FIPS
-
-// CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating
-// system.
-void CRYPTO_sysrand(uint8_t *buf, size_t len);
-
-// CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
-// operating system. It may draw from the |GRND_RANDOM| pool on Android,
-// depending on the vendor's configuration.
-void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
-
-#if defined(OPENSSL_RAND_URANDOM) || defined(OPENSSL_RAND_WINDOWS)
-// CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
-// from the operating system.
-void CRYPTO_init_sysrand(void);
-#else
-OPENSSL_INLINE void CRYPTO_init_sysrand(void) {}
-#endif // defined(OPENSSL_RAND_URANDOM) || defined(OPENSSL_RAND_WINDOWS)
-
-#if defined(OPENSSL_RAND_URANDOM)
-// CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
-// operating system, or early /dev/urandom data, and returns 1, _if_ the entropy
-// pool is initialized or if getrandom() is not available and not in FIPS mode.
-// Otherwise it will not block and will instead fill |buf| with all zeros and
-// return 0.
-int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len);
-#else
-OPENSSL_INLINE int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
- CRYPTO_sysrand(buf, len);
- return 1;
-}
-#endif // defined(OPENSSL_RAND_URANDOM)
-
// rand_fork_unsafe_buffering_enabled returns whether fork-unsafe buffering has
// been enabled via |RAND_enable_fork_unsafe_buffering|.
int rand_fork_unsafe_buffering_enabled(void);
diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c
index 1097f06..8adcffe 100644
--- a/crypto/fipsmodule/rand/rand.c
+++ b/crypto/fipsmodule/rand/rand.c
@@ -12,8 +12,6 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/rand.h>
-
#include <assert.h>
#include <limits.h>
#include <string.h>
@@ -26,10 +24,10 @@
#include <openssl/ctrdrbg.h>
#include <openssl/mem.h>
-#include "internal.h"
-#include "fork_detect.h"
-#include "../../internal.h"
+#include "../../bcm_support.h"
+#include "../bcm_interface.h"
#include "../delocate.h"
+#include "internal.h"
// It's assumed that the operating system always has an unfailing source of
@@ -99,7 +97,7 @@
CTR_DRBG_clear(&cur->drbg);
}
// The locks are deliberately left locked so that any threads that are still
- // running will hang if they try to call |RAND_bytes|. It also ensures
+ // running will hang if they try to call |BCM_rand_bytes|. It also ensures
// |rand_thread_state_free| cannot free any thread state while we've taken the
// lock.
}
@@ -164,26 +162,24 @@
#else
-static int rdrand(uint8_t *buf, size_t len) {
- return 0;
-}
+static int rdrand(uint8_t *buf, size_t len) { return 0; }
#endif
-#if defined(BORINGSSL_FIPS)
-
-void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
- int *out_want_additional_input) {
- *out_want_additional_input = 0;
- if (have_rdrand() && rdrand(out_entropy, out_entropy_len)) {
- *out_want_additional_input = 1;
- } else {
- CRYPTO_sysrand_for_seed(out_entropy, out_entropy_len);
+bcm_status BCM_rand_bytes_hwrng(uint8_t *buf, const size_t len) {
+ if (!have_rdrand()) {
+ return bcm_status_failure;
}
+ if (rdrand(buf, len)) {
+ return bcm_status_not_approved;
+ }
+ return bcm_status_failure;
}
+#if defined(BORINGSSL_FIPS)
+
// In passive entropy mode, entropy is supplied from outside of the module via
-// |RAND_load_entropy| and is stored in global instance of the following
+// |BCM_rand_load_entropy| and is stored in global instance of the following
// structure.
struct entropy_buffer {
@@ -202,8 +198,8 @@
DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer);
DEFINE_STATIC_MUTEX(entropy_buffer_lock);
-void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
- int want_additional_input) {
+bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len,
+ int want_additional_input) {
struct entropy_buffer *const buffer = entropy_buffer_bss_get();
CRYPTO_MUTEX_lock_write(entropy_buffer_lock_bss_get());
@@ -214,9 +210,9 @@
OPENSSL_memcpy(&buffer->bytes[buffer->bytes_valid], entropy, entropy_len);
buffer->bytes_valid += entropy_len;
- buffer->want_additional_input |=
- want_additional_input && (entropy_len != 0);
+ buffer->want_additional_input |= want_additional_input && (entropy_len != 0);
CRYPTO_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
+ return bcm_infallible_not_approved;
}
// get_seed_entropy fills |out_entropy_len| bytes of |out_entropy| from the
@@ -330,10 +326,10 @@
#endif
-void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
- const uint8_t user_additional_data[32]) {
+bcm_infallible BCM_rand_bytes_with_additional_data(
+ uint8_t *out, size_t out_len, const uint8_t user_additional_data[32]) {
if (out_len == 0) {
- return;
+ return bcm_infallible_approved;
}
const uint64_t fork_generation = CRYPTO_get_fork_generation();
@@ -473,21 +469,11 @@
#if defined(BORINGSSL_FIPS)
CRYPTO_MUTEX_unlock_read(&state->clear_drbg_lock);
#endif
+ return bcm_infallible_approved;
}
-int RAND_bytes(uint8_t *out, size_t out_len) {
+bcm_infallible BCM_rand_bytes(uint8_t *out, size_t out_len) {
static const uint8_t kZeroAdditionalData[32] = {0};
- RAND_bytes_with_additional_data(out, out_len, kZeroAdditionalData);
- return 1;
-}
-
-int RAND_pseudo_bytes(uint8_t *buf, size_t len) {
- return RAND_bytes(buf, len);
-}
-
-void RAND_get_system_entropy_for_custom_prng(uint8_t *buf, size_t len) {
- if (len > 256) {
- abort();
- }
- CRYPTO_sysrand_for_seed(buf, len);
+ BCM_rand_bytes_with_additional_data(out, out_len, kZeroAdditionalData);
+ return bcm_infallible_approved;
}
diff --git a/crypto/fipsmodule/rsa/padding.c b/crypto/fipsmodule/rsa/padding.c
index 998e459..e4c1c1c 100644
--- a/crypto/fipsmodule/rsa/padding.c
+++ b/crypto/fipsmodule/rsa/padding.c
@@ -63,11 +63,11 @@
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/mem.h>
-#include <openssl/rand.h>
#include <openssl/sha.h>
#include "internal.h"
#include "../service_indicator/internal.h"
+#include "../bcm_interface.h"
#include "../../internal.h"
@@ -369,9 +369,7 @@
if (!salt) {
goto err;
}
- if (!RAND_bytes(salt, sLen)) {
- goto err;
- }
+ BCM_rand_bytes(salt, sLen);
}
maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen;
@@ -394,7 +392,6 @@
}
p = EM;
-
// Initial PS XORs with all zeroes which is a NOP so just update
// pointer. Note from a test above this value is guaranteed to
// be non-negative.
diff --git a/crypto/fipsmodule/service_indicator/internal.h b/crypto/fipsmodule/service_indicator/internal.h
index bbc4e4e..38b4677 100644
--- a/crypto/fipsmodule/service_indicator/internal.h
+++ b/crypto/fipsmodule/service_indicator/internal.h
@@ -28,8 +28,8 @@
// stop |FIPS_service_indicator_update_state| from actually updating the service
// indicator. This is used when a primitive calls a potentially approved
// primitive to avoid false positives. For example, just because a key
-// generation calls |RAND_bytes| (and thus the approved DRBG) doesn't mean that
-// the key generation operation itself is approved.
+// generation calls |BCM_rand_bytes| (and thus the approved DRBG) doesn't mean
+// that the key generation operation itself is approved.
//
// This lock nests: i.e. locking twice is fine so long as each lock is paired
// with an unlock. If the (64-bit) counter overflows, the process aborts.
diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
index e7221fa..089bbd7 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc
+++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -30,12 +30,13 @@
#include <openssl/hmac.h>
#include <openssl/md4.h>
#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <openssl/rand.h> // TODO(bbe): only for RAND_bytes call below, replace with BCM call
#include <openssl/rsa.h>
#include <openssl/service_indicator.h>
#include "../../test/abi_test.h"
#include "../../test/test_util.h"
+#include "../bcm_interface.h"
#include "../bn/internal.h"
#include "../rand/internal.h"
#include "../tls/internal.h"
diff --git a/crypto/rand_extra/deterministic.c b/crypto/rand_extra/deterministic.c
index d1d582b..d31d52b 100644
--- a/crypto/rand_extra/deterministic.c
+++ b/crypto/rand_extra/deterministic.c
@@ -14,7 +14,8 @@
#include <openssl/rand.h>
-#include "../fipsmodule/rand/internal.h"
+#include "../bcm_support.h"
+#include "sysrand_internal.h"
#if defined(OPENSSL_RAND_DETERMINISTIC)
@@ -35,6 +36,8 @@
void RAND_reset_for_fuzzing(void) { g_num_calls = 0; }
+void CRYPTO_init_sysrand(void) {}
+
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
static const uint8_t kZeroKey[32];
@@ -50,6 +53,11 @@
CRYPTO_chacha_20(out, out, requested, kZeroKey, nonce, 0);
}
+int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
+ CRYPTO_sysrand(buf, len);
+ return 1;
+}
+
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
CRYPTO_sysrand(out, requested);
}
diff --git a/crypto/rand_extra/getentropy.c b/crypto/rand_extra/getentropy.c
index 234b9b6..4400d96 100644
--- a/crypto/rand_extra/getentropy.c
+++ b/crypto/rand_extra/getentropy.c
@@ -18,7 +18,8 @@
#include <openssl/rand.h>
-#include "../fipsmodule/rand/internal.h"
+#include "../bcm_support.h"
+#include "sysrand_internal.h"
#if defined(OPENSSL_RAND_GETENTROPY)
@@ -30,6 +31,8 @@
#include <sys/random.h>
#endif
+void CRYPTO_init_sysrand(void) {}
+
// CRYPTO_sysrand puts |requested| random bytes into |out|.
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
while (requested > 0) {
@@ -45,6 +48,11 @@
}
}
+int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
+ CRYPTO_sysrand(buf, len);
+ return 1;
+}
+
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
CRYPTO_sysrand(out, requested);
}
diff --git a/crypto/fipsmodule/rand/getrandom_fillin.h b/crypto/rand_extra/getrandom_fillin.h
similarity index 100%
rename from crypto/fipsmodule/rand/getrandom_fillin.h
rename to crypto/rand_extra/getrandom_fillin.h
diff --git a/crypto/rand_extra/ios.c b/crypto/rand_extra/ios.c
index 73f0ef3..424cd94 100644
--- a/crypto/rand_extra/ios.c
+++ b/crypto/rand_extra/ios.c
@@ -14,19 +14,27 @@
#include <openssl/rand.h>
-#include "../fipsmodule/rand/internal.h"
+#include "../bcm_support.h"
+#include "sysrand_internal.h"
#if defined(OPENSSL_RAND_IOS)
#include <stdlib.h>
#include <CommonCrypto/CommonRandom.h>
+void CRYPTO_init_sysrand(void) {}
+
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
if (CCRandomGenerateBytes(out, requested) != kCCSuccess) {
abort();
}
}
+int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
+ CRYPTO_sysrand(buf, len);
+ return 1;
+}
+
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
CRYPTO_sysrand(out, requested);
}
diff --git a/crypto/rand_extra/passive.c b/crypto/rand_extra/passive.c
index c54e2e8..08e0ad2 100644
--- a/crypto/rand_extra/passive.c
+++ b/crypto/rand_extra/passive.c
@@ -14,11 +14,27 @@
#include <openssl/ctrdrbg.h>
-#include "../fipsmodule/rand/internal.h"
+#include "../fipsmodule/bcm_interface.h"
+#include "../bcm_support.h"
#include "../internal.h"
#if defined(BORINGSSL_FIPS)
+// passive_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable
+// for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
+// entropy came directly from the CPU and zero if it came from the OS. It
+// actively obtains entropy from the CPU/OS
+static void passive_get_seed_entropy(uint8_t *out_entropy,
+ size_t out_entropy_len,
+ int *out_want_additional_input) {
+ *out_want_additional_input = 0;
+ if (bcm_success(BCM_rand_bytes_hwrng(out_entropy, out_entropy_len))) {
+ *out_want_additional_input = 1;
+ } else {
+ CRYPTO_sysrand_for_seed(out_entropy, out_entropy_len);
+ }
+}
+
#define ENTROPY_READ_LEN \
(/* last_block size */ 16 + CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD)
@@ -143,7 +159,7 @@
if (get_seed_from_daemon(buf, todo)) {
want_additional_input = 1;
} else {
- CRYPTO_get_seed_entropy(buf, todo, &want_additional_input);
+ passive_get_seed_entropy(buf, todo, &want_additional_input);
}
if (boringssl_fips_break_test("CRNG")) {
@@ -152,7 +168,7 @@
OPENSSL_memset(buf, 0, todo);
}
- RAND_load_entropy(buf, todo, want_additional_input);
+ BCM_rand_load_entropy(buf, todo, want_additional_input);
}
#endif // FIPS
diff --git a/crypto/rand_extra/rand_extra.c b/crypto/rand_extra/rand_extra.c
index e73b99e..87cd030 100644
--- a/crypto/rand_extra/rand_extra.c
+++ b/crypto/rand_extra/rand_extra.c
@@ -12,10 +12,20 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/rand.h>
-
#include <limits.h>
+#include <openssl/rand.h>
+
+#include "../bcm_support.h"
+#include "../fipsmodule/bcm_interface.h"
+
+
+int RAND_bytes(uint8_t *buf, size_t len) {
+ BCM_rand_bytes(buf, len);
+ return 1;
+}
+
+int RAND_pseudo_bytes(uint8_t *buf, size_t len) { return RAND_bytes(buf, len); }
void RAND_seed(const void *buf, int num) {
// OpenSSH calls |RAND_seed| before jailing on the assumption that any needed
@@ -28,7 +38,7 @@
if (num < 0) { // read the "whole file"
return 1;
} else if (num <= INT_MAX) {
- return (int) num;
+ return (int)num;
} else {
return INT_MAX;
}
@@ -38,37 +48,30 @@
void RAND_add(const void *buf, int num, double entropy) {}
-int RAND_egd(const char *path) {
- return 255;
-}
+int RAND_egd(const char *path) { return 255; }
-int RAND_poll(void) {
- return 1;
-}
+int RAND_poll(void) { return 1; }
-int RAND_status(void) {
- return 1;
-}
+int RAND_status(void) { return 1; }
static const struct rand_meth_st kSSLeayMethod = {
- RAND_seed,
- RAND_bytes,
- RAND_cleanup,
- RAND_add,
- RAND_pseudo_bytes,
- RAND_status,
+ RAND_seed, RAND_bytes, RAND_cleanup,
+ RAND_add, RAND_pseudo_bytes, RAND_status,
};
-RAND_METHOD *RAND_SSLeay(void) {
- return (RAND_METHOD*) &kSSLeayMethod;
-}
+RAND_METHOD *RAND_SSLeay(void) { return (RAND_METHOD *)&kSSLeayMethod; }
-RAND_METHOD *RAND_OpenSSL(void) {
- return RAND_SSLeay();
-}
+RAND_METHOD *RAND_OpenSSL(void) { return RAND_SSLeay(); }
const RAND_METHOD *RAND_get_rand_method(void) { return RAND_SSLeay(); }
int RAND_set_rand_method(const RAND_METHOD *method) { return 1; }
void RAND_cleanup(void) {}
+
+void RAND_get_system_entropy_for_custom_prng(uint8_t *buf, size_t len) {
+ if (len > 256) {
+ abort();
+ }
+ CRYPTO_sysrand_for_seed(buf, len);
+}
diff --git a/crypto/rand_extra/sysrand_internal.h b/crypto/rand_extra/sysrand_internal.h
new file mode 100644
index 0000000..12bbfca
--- /dev/null
+++ b/crypto/rand_extra/sysrand_internal.h
@@ -0,0 +1,37 @@
+/* Copyright (c) 2024, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H
+#define OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H
+
+#include <openssl/base.h>
+
+#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
+#define OPENSSL_RAND_DETERMINISTIC
+#elif defined(OPENSSL_TRUSTY)
+#define OPENSSL_RAND_TRUSTY
+#elif defined(OPENSSL_WINDOWS)
+#define OPENSSL_RAND_WINDOWS
+#elif defined(OPENSSL_LINUX)
+#define OPENSSL_RAND_URANDOM
+#elif defined(OPENSSL_APPLE) && !defined(OPENSSL_MACOS)
+// Unlike macOS, iOS and similar hide away getentropy().
+#define OPENSSL_RAND_IOS
+#else
+// By default if you are integrating BoringSSL we expect you to
+// provide getentropy from the <unistd.h> header file.
+#define OPENSSL_RAND_GETENTROPY
+#endif
+
+#endif // OPENSSL_HEADER_CRYPTO__SYSRAND_INTERNAL_H
diff --git a/crypto/rand_extra/trusty.c b/crypto/rand_extra/trusty.c
index d5b82e9..98aba2b 100644
--- a/crypto/rand_extra/trusty.c
+++ b/crypto/rand_extra/trusty.c
@@ -14,7 +14,8 @@
#include <openssl/rand.h>
-#include "../fipsmodule/rand/internal.h"
+#include "../bcm_support.h"
+#include "sysrand_internal.h"
#if defined(OPENSSL_RAND_TRUSTY)
#include <stdint.h>
@@ -25,12 +26,19 @@
#include <lib/rng/trusty_rng.h>
+void CRYPTO_init_sysrand(void) {}
+
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
if (trusty_rng_hw_rand(out, requested) != NO_ERROR) {
abort();
}
}
+int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
+ CRYPTO_sysrand(buf, len);
+ return 1;
+}
+
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
CRYPTO_sysrand(out, requested);
}
diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/rand_extra/urandom.c
similarity index 91%
rename from crypto/fipsmodule/rand/urandom.c
rename to crypto/rand_extra/urandom.c
index 66ad873..8ad0e96 100644
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/rand_extra/urandom.c
@@ -18,7 +18,8 @@
#include <openssl/rand.h>
-#include "internal.h"
+#include "../bcm_support.h"
+#include "sysrand_internal.h"
#if defined(OPENSSL_RAND_URANDOM)
@@ -62,8 +63,7 @@
#include <openssl/mem.h>
#include "getrandom_fillin.h"
-#include "../delocate.h"
-#include "../../internal.h"
+#include "../internal.h"
#if defined(USE_NR_getrandom)
@@ -96,17 +96,17 @@
static const int kHaveGetrandom = -3;
// urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
-DEFINE_BSS_GET(int, urandom_fd)
+static int urandom_fd;
#if defined(USE_NR_getrandom)
// getrandom_ready is one if |getrandom| had been initialized by the time
// |init_once| was called and zero otherwise.
-DEFINE_BSS_GET(int, getrandom_ready)
+static int getrandom_ready;
// extra_getrandom_flags_for_seed contains a value that is ORed into the flags
// for getrandom() when reading entropy for a seed.
-DEFINE_BSS_GET(int, extra_getrandom_flags_for_seed)
+static int extra_getrandom_flags_for_seed;
// On Android, check a system property to decide whether to set
// |extra_getrandom_flags_for_seed| otherwise they will default to zero. If
@@ -123,14 +123,14 @@
value[length] = 0;
if (OPENSSL_strcasecmp(value, "true") == 0) {
- *extra_getrandom_flags_for_seed_bss_get() = GRND_RANDOM;
+ extra_getrandom_flags_for_seed = GRND_RANDOM;
}
#endif
}
#endif // USE_NR_getrandom
-DEFINE_STATIC_ONCE(rand_once)
+static CRYPTO_once_t rand_once = CRYPTO_ONCE_INIT;
// init_once initializes the state of this module to values previously
// requested. This is the only function that modifies |urandom_fd|, which may be
@@ -142,7 +142,7 @@
ssize_t getrandom_ret =
boringssl_getrandom(&dummy, sizeof(dummy), GRND_NONBLOCK);
if (getrandom_ret == 1) {
- *getrandom_ready_bss_get() = 1;
+ getrandom_ready = 1;
have_getrandom = 1;
} else if (getrandom_ret == -1 && errno == EAGAIN) {
// We have getrandom, but the entropy pool has not been initialized yet.
@@ -157,7 +157,7 @@
}
if (have_getrandom) {
- *urandom_fd_bss_get() = kHaveGetrandom;
+ urandom_fd = kHaveGetrandom;
maybe_set_extra_getrandom_flags();
return;
}
@@ -185,19 +185,19 @@
abort();
}
- *urandom_fd_bss_get() = fd;
+ urandom_fd = fd;
}
-DEFINE_STATIC_ONCE(wait_for_entropy_once)
+static CRYPTO_once_t wait_for_entropy_once = CRYPTO_ONCE_INIT;
static void wait_for_entropy(void) {
- int fd = *urandom_fd_bss_get();
+ int fd = urandom_fd;
if (fd == kHaveGetrandom) {
// |getrandom| and |getentropy| support blocking in |fill_with_entropy|
// directly. For |getrandom|, we first probe with a non-blocking call to aid
// debugging.
#if defined(USE_NR_getrandom)
- if (*getrandom_ready_bss_get()) {
+ if (getrandom_ready) {
// The entropy pool was already initialized in |init_once|.
return;
}
@@ -256,13 +256,13 @@
#if defined (USE_NR_getrandom)
if (seed) {
- getrandom_flags |= *extra_getrandom_flags_for_seed_bss_get();
+ getrandom_flags |= extra_getrandom_flags_for_seed;
}
#endif
CRYPTO_init_sysrand();
if (block) {
- CRYPTO_once(wait_for_entropy_once_bss_get(), wait_for_entropy);
+ CRYPTO_once(&wait_for_entropy_once, wait_for_entropy);
}
// Clear |errno| so it has defined value if |read| or |getrandom|
@@ -271,7 +271,7 @@
while (len > 0) {
ssize_t r;
- if (*urandom_fd_bss_get() == kHaveGetrandom) {
+ if (urandom_fd == kHaveGetrandom) {
#if defined(USE_NR_getrandom)
r = boringssl_getrandom(out, len, getrandom_flags);
#else // USE_NR_getrandom
@@ -280,7 +280,7 @@
#endif
} else {
do {
- r = read(*urandom_fd_bss_get(), out, len);
+ r = read(urandom_fd, out, len);
} while (r == -1 && errno == EINTR);
}
@@ -295,7 +295,7 @@
}
void CRYPTO_init_sysrand(void) {
- CRYPTO_once(rand_once_bss_get(), init_once);
+ CRYPTO_once(&rand_once, init_once);
}
// CRYPTO_sysrand puts |requested| random bytes into |out|.
diff --git a/crypto/fipsmodule/rand/urandom_test.cc b/crypto/rand_extra/urandom_test.cc
similarity index 99%
rename from crypto/fipsmodule/rand/urandom_test.cc
rename to crypto/rand_extra/urandom_test.cc
index 08e4183..fe13d7b 100644
--- a/crypto/fipsmodule/rand/urandom_test.cc
+++ b/crypto/rand_extra/urandom_test.cc
@@ -20,7 +20,8 @@
#include <openssl/rand.h>
#include "getrandom_fillin.h"
-#include "internal.h"
+#include "../internal.h"
+
#if (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
!defined(BORINGSSL_SHARED_LIBRARY) && defined(OPENSSL_RAND_URANDOM) && \
@@ -35,9 +36,6 @@
#include <sys/un.h>
#include <sys/user.h>
-#include "fork_detect.h"
-#include "getrandom_fillin.h"
-
#if !defined(PTRACE_O_EXITKILL)
#define PTRACE_O_EXITKILL (1 << 20)
#endif
diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.c
index 6b407b7..a44774d 100644
--- a/crypto/rand_extra/windows.c
+++ b/crypto/rand_extra/windows.c
@@ -14,7 +14,9 @@
#include <openssl/rand.h>
-#include "../fipsmodule/rand/internal.h"
+#include "../bcm_support.h"
+#include "../internal.h"
+#include "sysrand_internal.h"
#if defined(OPENSSL_RAND_WINDOWS)
@@ -88,6 +90,11 @@
#endif // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP
+int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
+ CRYPTO_sysrand(buf, len);
+ return 1;
+}
+
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
CRYPTO_sysrand(out, requested);
}
diff --git a/gen/sources.bzl b/gen/sources.bzl
index b989a33..1566051 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -83,7 +83,6 @@
"crypto/fipsmodule/rand/ctrdrbg.c",
"crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
- "crypto/fipsmodule/rand/urandom.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
"crypto/fipsmodule/rsa/rsa.c",
@@ -397,6 +396,7 @@
"crypto/rand_extra/passive.c",
"crypto/rand_extra/rand_extra.c",
"crypto/rand_extra/trusty.c",
+ "crypto/rand_extra/urandom.c",
"crypto/rand_extra/windows.c",
"crypto/rc4/rc4.c",
"crypto/refcount.c",
@@ -584,6 +584,7 @@
crypto_internal_headers = [
"crypto/asn1/internal.h",
+ "crypto/bcm_support.h",
"crypto/bio/internal.h",
"crypto/bytestring/internal.h",
"crypto/chacha/internal.h",
@@ -598,7 +599,7 @@
"crypto/ec_extra/internal.h",
"crypto/err/internal.h",
"crypto/evp/internal.h",
- "crypto/fipsmodule/aes/internal.h",
+ "crypto/fipsmodule/bcm_interface.h",
"crypto/fipsmodule/bn/internal.h",
"crypto/fipsmodule/bn/rsaz_exp.h",
"crypto/fipsmodule/cipher/internal.h",
@@ -615,7 +616,6 @@
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
"crypto/fipsmodule/rand/fork_detect.h",
- "crypto/fipsmodule/rand/getrandom_fillin.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
@@ -633,6 +633,8 @@
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
"crypto/pool/internal.h",
+ "crypto/rand_extra/getrandom_fillin.h",
+ "crypto/rand_extra/sysrand_internal.h",
"crypto/rsa_extra/internal.h",
"crypto/spx/address.h",
"crypto/spx/fors.h",
@@ -2766,5 +2768,5 @@
]
urandom_test_sources = [
- "crypto/fipsmodule/rand/urandom_test.cc",
+ "crypto/rand_extra/urandom_test.cc",
]
diff --git a/gen/sources.cmake b/gen/sources.cmake
index a2a374e..5956a7c 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -87,7 +87,6 @@
crypto/fipsmodule/rand/ctrdrbg.c
crypto/fipsmodule/rand/fork_detect.c
crypto/fipsmodule/rand/rand.c
- crypto/fipsmodule/rand/urandom.c
crypto/fipsmodule/rsa/blinding.c
crypto/fipsmodule/rsa/padding.c
crypto/fipsmodule/rsa/rsa.c
@@ -411,6 +410,7 @@
crypto/rand_extra/passive.c
crypto/rand_extra/rand_extra.c
crypto/rand_extra/trusty.c
+ crypto/rand_extra/urandom.c
crypto/rand_extra/windows.c
crypto/rc4/rc4.c
crypto/refcount.c
@@ -602,6 +602,7 @@
CRYPTO_INTERNAL_HEADERS
crypto/asn1/internal.h
+ crypto/bcm_support.h
crypto/bio/internal.h
crypto/bytestring/internal.h
crypto/chacha/internal.h
@@ -616,7 +617,7 @@
crypto/ec_extra/internal.h
crypto/err/internal.h
crypto/evp/internal.h
- crypto/fipsmodule/aes/internal.h
+ crypto/fipsmodule/bcm_interface.h
crypto/fipsmodule/bn/internal.h
crypto/fipsmodule/bn/rsaz_exp.h
crypto/fipsmodule/cipher/internal.h
@@ -633,7 +634,6 @@
crypto/fipsmodule/md5/internal.h
crypto/fipsmodule/modes/internal.h
crypto/fipsmodule/rand/fork_detect.h
- crypto/fipsmodule/rand/getrandom_fillin.h
crypto/fipsmodule/rand/internal.h
crypto/fipsmodule/rsa/internal.h
crypto/fipsmodule/service_indicator/internal.h
@@ -651,6 +651,8 @@
crypto/pkcs8/internal.h
crypto/poly1305/internal.h
crypto/pool/internal.h
+ crypto/rand_extra/getrandom_fillin.h
+ crypto/rand_extra/sysrand_internal.h
crypto/rsa_extra/internal.h
crypto/spx/address.h
crypto/spx/fors.h
@@ -2832,5 +2834,5 @@
set(
URANDOM_TEST_SOURCES
- crypto/fipsmodule/rand/urandom_test.cc
+ crypto/rand_extra/urandom_test.cc
)
diff --git a/gen/sources.gni b/gen/sources.gni
index 2f95ed5..55574c3 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -83,7 +83,6 @@
"crypto/fipsmodule/rand/ctrdrbg.c",
"crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
- "crypto/fipsmodule/rand/urandom.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
"crypto/fipsmodule/rsa/rsa.c",
@@ -397,6 +396,7 @@
"crypto/rand_extra/passive.c",
"crypto/rand_extra/rand_extra.c",
"crypto/rand_extra/trusty.c",
+ "crypto/rand_extra/urandom.c",
"crypto/rand_extra/windows.c",
"crypto/rc4/rc4.c",
"crypto/refcount.c",
@@ -584,6 +584,7 @@
crypto_internal_headers = [
"crypto/asn1/internal.h",
+ "crypto/bcm_support.h",
"crypto/bio/internal.h",
"crypto/bytestring/internal.h",
"crypto/chacha/internal.h",
@@ -598,7 +599,7 @@
"crypto/ec_extra/internal.h",
"crypto/err/internal.h",
"crypto/evp/internal.h",
- "crypto/fipsmodule/aes/internal.h",
+ "crypto/fipsmodule/bcm_interface.h",
"crypto/fipsmodule/bn/internal.h",
"crypto/fipsmodule/bn/rsaz_exp.h",
"crypto/fipsmodule/cipher/internal.h",
@@ -615,7 +616,6 @@
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
"crypto/fipsmodule/rand/fork_detect.h",
- "crypto/fipsmodule/rand/getrandom_fillin.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
@@ -633,6 +633,8 @@
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
"crypto/pool/internal.h",
+ "crypto/rand_extra/getrandom_fillin.h",
+ "crypto/rand_extra/sysrand_internal.h",
"crypto/rsa_extra/internal.h",
"crypto/spx/address.h",
"crypto/spx/fors.h",
@@ -2766,5 +2768,5 @@
]
urandom_test_sources = [
- "crypto/fipsmodule/rand/urandom_test.cc",
+ "crypto/rand_extra/urandom_test.cc",
]
diff --git a/gen/sources.json b/gen/sources.json
index 407f3ac..d6ef92d 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -68,7 +68,6 @@
"crypto/fipsmodule/rand/ctrdrbg.c",
"crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
- "crypto/fipsmodule/rand/urandom.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
"crypto/fipsmodule/rsa/rsa.c",
@@ -381,6 +380,7 @@
"crypto/rand_extra/passive.c",
"crypto/rand_extra/rand_extra.c",
"crypto/rand_extra/trusty.c",
+ "crypto/rand_extra/urandom.c",
"crypto/rand_extra/windows.c",
"crypto/rc4/rc4.c",
"crypto/refcount.c",
@@ -566,6 +566,7 @@
],
"internal_hdrs": [
"crypto/asn1/internal.h",
+ "crypto/bcm_support.h",
"crypto/bio/internal.h",
"crypto/bytestring/internal.h",
"crypto/chacha/internal.h",
@@ -580,7 +581,7 @@
"crypto/ec_extra/internal.h",
"crypto/err/internal.h",
"crypto/evp/internal.h",
- "crypto/fipsmodule/aes/internal.h",
+ "crypto/fipsmodule/bcm_interface.h",
"crypto/fipsmodule/bn/internal.h",
"crypto/fipsmodule/bn/rsaz_exp.h",
"crypto/fipsmodule/cipher/internal.h",
@@ -597,7 +598,6 @@
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
"crypto/fipsmodule/rand/fork_detect.h",
- "crypto/fipsmodule/rand/getrandom_fillin.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
@@ -615,6 +615,8 @@
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
"crypto/pool/internal.h",
+ "crypto/rand_extra/getrandom_fillin.h",
+ "crypto/rand_extra/sysrand_internal.h",
"crypto/rsa_extra/internal.h",
"crypto/spx/address.h",
"crypto/spx/fors.h",
@@ -2748,7 +2750,7 @@
},
"urandom_test": {
"srcs": [
- "crypto/fipsmodule/rand/urandom_test.cc"
+ "crypto/rand_extra/urandom_test.cc"
]
}
}
\ No newline at end of file
