Google Git
Sign in
pigweed / third_party / boringssl / boringssl / 5f627e569fd8048c4912feb24b0fb1f5494b18c0^! / .
commit5f627e569fd8048c4912feb24b0fb1f5494b18c0[log] [tgz]
authorBob Beck <bbe@google.com>Wed Aug 31 12:49:41 2022 -0600
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Aug 31 19:44:18 2022 +0000
treefe4304162ea8c6491a49d891ba0a339915570f1b
parentb8e784e69f2af690fd2c5e9b8bd273512637d866 [diff]
Add RAND_get_system_entropy_for_custom_prng

This adds a boringssl interface to get up to 256 bytes of system
entropy from system entropy sources without going through
RAND_bytes. It should only be used for seeding custom prng's
or where malloc() should not be called from boringssl.

Just as with RAND_bytes(), this can abort the program on failure.

Bug: chromium:1295105

Change-Id: Ia55509702970608fe09cfee9809d02f107c15c8c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54045
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c
index bf0f486..b3c8a74 100644
--- a/crypto/fipsmodule/rand/rand.c
+++ b/crypto/fipsmodule/rand/rand.c

@@ -469,3 +469,10 @@
 int RAND_pseudo_bytes(uint8_t *buf, size_t len) {
   return RAND_bytes(buf, len);
 }
+
+void RAND_get_system_entropy_for_custom_prng(uint8_t *buf, size_t len) {
+  if (len > 256) {
+    abort();
+  }
+  CRYPTO_sysrand_for_seed(buf, len);
+}

diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index bd41f9e..586274d 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h

@@ -25,9 +25,20 @@
 // Random number generation.
 
 
-// RAND_bytes writes |len| bytes of random data to |buf| and returns one.
+// RAND_bytes writes |len| bytes of random data to |buf| and returns one. In the
+// event that sufficient random data can not be obtained, |abort| is called.
 OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len);
 
+// RAND_get_system_entropy_for_custom_prng writes |len| bytes of random data
+// from a system entropy source to |buf|. The maximum length of entropy which
+// may be requested is 256 bytes. If more than 256 bytes of data is requested,
+// or if sufficient random data can not be obtained, |abort| is called.
+// |RAND_bytes| should normally be used instead of this function. This function
+// should only be used for seed values or where |malloc| should not be called
+// from BoringSSL. This function is not FIPS compliant.
+OPENSSL_EXPORT void RAND_get_system_entropy_for_custom_prng(uint8_t *buf,
+                                                            size_t len);
+
 // RAND_cleanup frees any resources used by the RNG. This is not safe if other
 // threads might still be calling |RAND_bytes|.
 OPENSSL_EXPORT void RAND_cleanup(void);