Source code
Revision control
Copy as Markdown
Other Tools
# HG changeset patch
# User Bob Owen <bobowencode@gmail.com>
Remove boringssl option from rand_util.
diff --git a/base/rand_util.h b/base/rand_util.h
--- a/base/rand_util.h
+++ b/base/rand_util.h
@@ -11,17 +11,17 @@
#include <algorithm>
#include <string>
#include "base/base_export.h"
#include "base/compiler_specific.h"
#include "base/gtest_prod_util.h"
#include "build/build_config.h"
-#if !BUILDFLAG(IS_NACL)
+#if !BUILDFLAG(IS_NACL) && !defined(MOZ_SANDBOX)
#include "third_party/boringssl/src/include/openssl/rand.h"
#endif
namespace memory_simulator {
class MemoryHolder;
}
namespace base {
@@ -31,17 +31,17 @@ class TimeDelta;
namespace internal {
#if BUILDFLAG(IS_ANDROID)
// Sets the implementation of RandBytes according to the corresponding
// base::Feature. Thread safe: allows to switch while RandBytes() is in use.
void ConfigureRandBytesFieldTrial();
#endif
-#if !BUILDFLAG(IS_NACL)
+#if !BUILDFLAG(IS_NACL) && !defined(MOZ_SANDBOX)
void ConfigureBoringSSLBackedRandBytesFieldTrial();
#endif
// Returns a random double in range [0, 1). For use in allocator shim to avoid
// infinite recursion. Thread-safe.
BASE_EXPORT double RandDoubleAvoidAllocation();
} // namespace internal
@@ -107,17 +107,17 @@ class RandomBitGenerator {
static constexpr result_type min() { return 0; }
static constexpr result_type max() { return UINT64_MAX; }
result_type operator()() const { return RandUint64(); }
RandomBitGenerator() = default;
~RandomBitGenerator() = default;
};
-#if !BUILDFLAG(IS_NACL)
+#if !BUILDFLAG(IS_NACL) && !defined(MOZ_SANDBOX)
class NonAllocatingRandomBitGenerator {
public:
using result_type = uint64_t;
static constexpr result_type min() { return 0; }
static constexpr result_type max() { return UINT64_MAX; }
result_type operator()() const {
uint64_t result;
RAND_get_system_entropy_for_custom_prng(reinterpret_cast<uint8_t*>(&result),
diff --git a/base/rand_util_win.cc b/base/rand_util_win.cc
--- a/base/rand_util_win.cc
+++ b/base/rand_util_win.cc
@@ -10,27 +10,30 @@
#include <stdint.h>
#include <algorithm>
#include <atomic>
#include <limits>
#include "base/check.h"
#include "base/feature_list.h"
+#if !defined(MOZ_SANDBOX)
#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/rand.h"
+#endif
// Prototype for ProcessPrng.
extern "C" {
BOOL WINAPI ProcessPrng(PBYTE pbData, SIZE_T cbData);
}
namespace base {
+#if !defined(MOZ_SANDBOX)
namespace internal {
namespace {
// The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and
// rand_util_posix.cc.
std::atomic<bool> g_use_boringssl;
@@ -45,39 +48,42 @@ void ConfigureBoringSSLBackedRandBytesFi
std::memory_order_relaxed);
}
bool UseBoringSSLForRandBytes() {
return g_use_boringssl.load(std::memory_order_relaxed);
}
} // namespace internal
+#endif
namespace {
// Import bcryptprimitives!ProcessPrng rather than cryptbase!RtlGenRandom to
// avoid opening a handle to \\Device\KsecDD in the renderer.
decltype(&ProcessPrng) GetProcessPrng() {
HMODULE hmod = LoadLibraryW(L"bcryptprimitives.dll");
CHECK(hmod);
decltype(&ProcessPrng) process_prng_fn =
reinterpret_cast<decltype(&ProcessPrng)>(
GetProcAddress(hmod, "ProcessPrng"));
CHECK(process_prng_fn);
return process_prng_fn;
}
void RandBytes(void* output, size_t output_length, bool avoid_allocation) {
+#if !defined(MOZ_SANDBOX)
if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) {
// Ensure BoringSSL is initialized so it can use things like RDRAND.
CRYPTO_library_init();
// BoringSSL's RAND_bytes always returns 1. Any error aborts the program.
(void)RAND_bytes(static_cast<uint8_t*>(output), output_length);
return;
}
+#endif
static decltype(&ProcessPrng) process_prng_fn = GetProcessPrng();
BOOL success = process_prng_fn(static_cast<BYTE*>(output), output_length);
// ProcessPrng is documented to always return TRUE.
CHECK(success);
}
} // namespace