Skip to content

Commit

Permalink
Provide aws_lc_assert_entropy_cpu_jitter()
Browse files Browse the repository at this point in the history
  • Loading branch information
justsmth committed Dec 31, 2024
1 parent 4ca10b9 commit 1a1ad10
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 1 deletion.
9 changes: 9 additions & 0 deletions crypto/crypto_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
#include <openssl/crypto.h>
#include <openssl/cipher.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
#include <openssl/service_indicator.h>

#include <gtest/gtest.h>
Expand Down Expand Up @@ -73,6 +74,14 @@ TEST(CryptoTest, Strndup) {
EXPECT_STREQ("", str.get());
}

TEST(CryptoTest, aws_lc_assert_entropy_cpu_jitter) {
#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
ASSERT_EQ(1, aws_lc_assert_entropy_cpu_jitter());
#else
ASSERT_DEATH_IF_SUPPORTED( { aws_lc_assert_entropy_cpu_jitter(); } , "");
#endif
}

TEST(CryptoTest, OPENSSL_hexstr2buf) {
const char *test_cases[][2] = {{"a2", "\xa2"},
{"a213", "\xa2\x13"},
Expand Down
10 changes: 9 additions & 1 deletion crypto/fipsmodule/rand/rand.c
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,14 @@

#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
static const unsigned kReseedInterval = 16777216;
int aws_lc_assert_entropy_cpu_jitter(void) {
return 1;
}
#elif defined(FIPS_ENTROPY_SOURCE_PASSIVE)
static const unsigned kReseedInterval = 4096;
int aws_lc_assert_entropy_cpu_jitter(void) {
abort();
}
#else
#error "A FIPS entropy source must be explicitly defined"
#endif
Expand All @@ -86,7 +92,9 @@ static const unsigned kReseedInterval = 4096;
#error "A FIPS entropy source must not be defined for non-FIPS build"
#endif
static const unsigned kReseedInterval = 4096;

int aws_lc_assert_entropy_cpu_jitter(void) {
abort();
}
#endif // defined(BORINGSSL_FIPS)


Expand Down
4 changes: 4 additions & 0 deletions include/openssl/rand.h
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,10 @@ OPENSSL_EXPORT const RAND_METHOD *RAND_get_rand_method(void);
// RAND_set_rand_method returns one.
OPENSSL_EXPORT int RAND_set_rand_method(const RAND_METHOD *);

// aws_lc_assert_entropy_cpu_jitter will abort the process if CPU jitter entropy
// was not enabled for the build.
OPENSSL_EXPORT int aws_lc_assert_entropy_cpu_jitter(void);

// RAND_keep_random_devices_open does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void RAND_keep_random_devices_open(int a);

Expand Down

0 comments on commit 1a1ad10

Please sign in to comment.