diff options
author | Adam Langley <agl@chromium.org> | 2024-01-08 12:22:26 -0800 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2024-01-19 18:24:42 +0000 |
commit | 929518a74286cd5957d30039b7cca96f49cc836b (patch) | |
tree | cea2b1037df1818b4aabd5e397559c12ee7ecf83 /rust | |
parent | a8e5e3419680575b831c0536214467166a4dac84 (diff) | |
download | boringssl-929518a74286cd5957d30039b7cca96f49cc836b.zip boringssl-929518a74286cd5957d30039b7cca96f49cc836b.tar.gz boringssl-929518a74286cd5957d30039b7cca96f49cc836b.tar.bz2 |
Reworking bssl_crypto: rand
Change-Id: I49e1b11b6eba1f2ddc190c5c070f133cce10b2f7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65175
Reviewed-by: Bob Beck <bbe@google.com>
Diffstat (limited to 'rust')
-rw-r--r-- | rust/bssl-crypto/src/lib.rs | 6 | ||||
-rw-r--r-- | rust/bssl-crypto/src/rand.rs | 45 |
2 files changed, 39 insertions, 12 deletions
diff --git a/rust/bssl-crypto/src/lib.rs b/rust/bssl-crypto/src/lib.rs index 61a8dbc..753cc79 100644 --- a/rust/bssl-crypto/src/lib.rs +++ b/rust/bssl-crypto/src/lib.rs @@ -50,9 +50,6 @@ pub mod hkdf; pub mod hmac; -/// Random number generation. -pub mod rand; - pub mod x25519; pub mod ec; @@ -63,6 +60,9 @@ mod scoped; mod mem; pub use mem::constant_time_compare; +mod rand; +pub use rand::{rand_array, rand_bytes}; + #[cfg(test)] mod test_helpers; diff --git a/rust/bssl-crypto/src/rand.rs b/rust/bssl-crypto/src/rand.rs index 9fdbe0a..c6d419f 100644 --- a/rust/bssl-crypto/src/rand.rs +++ b/rust/bssl-crypto/src/rand.rs @@ -13,29 +13,56 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -use crate::CSliceMut; +//! Getting random bytes. -/// Fills buf with random bytes. In the event that sufficient random data can not be obtained, -/// BoringSSL will abort, so the assert will never be hit. +use crate::{with_output_array, FfiMutSlice}; + +/// Fills `buf` with random bytes. pub fn rand_bytes(buf: &mut [u8]) { - let mut ffi_buf = CSliceMut::from(buf); - let result = unsafe { bssl_sys::RAND_bytes(ffi_buf.as_mut_ptr(), ffi_buf.len()) }; - assert_eq!(result, 1, "BoringSSL RAND_bytes API failed unexpectedly"); + // Safety: `RAND_bytes` writes exactly `buf.len()` bytes. + let ret = unsafe { bssl_sys::RAND_bytes(buf.as_mut_ffi_ptr(), buf.len()) }; + + // BoringSSL's `RAND_bytes` always succeeds returning 1, or crashes the + // address space if the PRNG can not provide random data. + debug_assert!(ret == 1); +} + +/// Returns an array of random bytes. +pub fn rand_array<const N: usize>() -> [u8; N] { + unsafe { + with_output_array(|out, out_len| { + // Safety: `RAND_bytes` writes exactly `out_len` bytes, as required. + let ret = bssl_sys::RAND_bytes(out, out_len); + // BoringSSL RAND_bytes always succeeds returning 1, or crashes the + // address space if the PRNG can not provide random data. + debug_assert!(ret == 1); + }) + } } #[cfg(test)] mod tests { - use super::rand_bytes; + use super::*; #[test] - fn test_rand_bytes() { + fn fill() { let mut buf = [0; 32]; rand_bytes(&mut buf); } #[test] - fn test_rand_bytes_empty() { + fn fill_empty() { let mut buf = []; rand_bytes(&mut buf); } + + #[test] + fn array() { + let _rand: [u8; 32] = rand_array(); + } + + #[test] + fn empty_array() { + let _rand: [u8; 0] = rand_array(); + } } |