Use getentropy on macOS 10.12 and later.

Bug: 287 Change-Id: I40760bdba8dcaab9c5c38d52d6479138f52eccbd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37284 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
2019-08-30 16:00:33 -04:00 · 2019-08-30 16:00:33 -04:00 · 40633ac196
commit 40633ac196
parent 6f80629b6c
2 changed files with 38 additions and 8 deletions
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c
@ -54,6 +54,10 @@
 #endif
 #endif  // OPENSSL_LINUX

+#if defined(OPENSSL_MACOS)
+#include <sys/random.h>
+#endif
+
 #include <openssl/thread.h>
 #include <openssl/mem.h>

@ -176,6 +180,15 @@ static void init_once(void) {
  }
 #endif  // USE_NR_getrandom

+#if defined(OPENSSL_MACOS)
+  // getentropy is available in macOS 10.12 and up. iOS 10 and up may also
+  // support it, but the header is missing. See https://crbug.com/boringssl/287.
+  if (__builtin_available(macos 10.12, *)) {
+    *urandom_fd_bss_get() = kHaveGetrandom;
+    return;
+  }
+#endif
+
  // Android FIPS builds must support getrandom.
 #if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID)
  perror("getrandom not found");
@ -229,6 +242,9 @@ DEFINE_STATIC_ONCE(wait_for_entropy_once)
 static void wait_for_entropy(void) {
  int fd = *urandom_fd_bss_get();
  if (fd == kHaveGetrandom) {
+    // |getrandom| and |getentropy| support blocking in |fill_with_entropy|
+    // directly. For |getrandom|, we first probe with a non-blocking call to aid
+    // debugging.
 #if defined(USE_NR_getrandom)
    if (*getrandom_ready_bss_get()) {
      // The entropy pool was already initialized in |init_once|.
@ -260,16 +276,12 @@ static void wait_for_entropy(void) {
          boringssl_getrandom(&dummy, sizeof(dummy), 0 /* no flags */);
    }

-    if (getrandom_ret == 1) {
-      return;
+    if (getrandom_ret != 1) {
+      perror("getrandom");
+      abort();
    }
-
-    perror("getrandom");
-    abort();
-#else
-    fprintf(stderr, "urandom fd corrupt.\n");
-    abort();
 #endif  // USE_NR_getrandom
+    return;
  }

 #if defined(BORINGSSL_FIPS)
@ -353,6 +365,19 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block) {
    if (*urandom_fd_bss_get() == kHaveGetrandom) {
 #if defined(USE_NR_getrandom)
      r = boringssl_getrandom(out, len, block ? 0 : GRND_NONBLOCK);
+#elif defined(OPENSSL_MACOS)
+      if (__builtin_available(macos 10.12, *)) {
+        // |getentropy| can only request 256 bytes at a time.
+        size_t todo = len <= 256 ? len : 256;
+        if (getentropy(out, todo) != 0) {
+          r = -1;
+        } else {
+          r = (ssize_t)todo;
+        }
+      } else {
+        fprintf(stderr, "urandom fd corrupt.\n");
+        abort();
+      }
 #else  // USE_NR_getrandom
      fprintf(stderr, "urandom fd corrupt.\n");
      abort();
--- a/include/openssl/base.h
+++ b/include/openssl/base.h
@ -124,6 +124,11 @@ extern "C" {

 #if defined(__APPLE__)
 #define OPENSSL_APPLE
+// Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
+// targets macOS specifically.
+#if defined(TARGET_OS_OSX) && TARGET_OS_OSX
+#define OPENSSL_MACOS
+#endif
 #if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE
 #define OPENSSL_IOS
 #endif