Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / e489a0371ed8251bc80d0a0328767d568cb1da30^! / . / keystore / KeyStore.h
commite489a0371ed8251bc80d0a0328767d568cb1da30[log] [tgz]
authorBranden Archer <brarcher@google.com>Fri Dec 28 09:10:49 2018 -0800
committerBranden Archer <brarcher@google.com>Fri Jan 11 12:35:55 2019 -0800
treee3fc13f5165f1e3f76b5e33bb719d2c10fe96433
parentf8feed620bd607427ded702cce91bb0eb749bc6a [diff] [blame]
Replace Entropy with RAND_bytes

/dev/urandom is not an approved random number generator
for NIAP certification. Changing to use BoringSSL's
RAND_bytes(), which is approved.

Bug: 121272336
Test: Ran Keystore CTS tests against Walleye, no new
      test failures observed.
Change-Id: I0fb87c955512074fa714c1986ce99063ab430470
Merged-In: I579d140ef56c90b477b0d8989e3b02375681aee8

diff --git a/keystore/KeyStore.h b/keystore/KeyStore.h
index 23476d2..f0fe9d3 100644
--- a/keystore/KeyStore.h
+++ b/keystore/KeyStore.h

@@ -40,7 +40,7 @@
 
 class KeyStore {
   public:
-    KeyStore(Entropy* entropy, const KeymasterDevices& kmDevices,
+    KeyStore(const KeymasterDevices& kmDevices,
              SecurityLevel minimalAllowedSecurityLevelForNewKeys);
     ~KeyStore();
 
@@ -140,7 +140,6 @@
     static const char* kMetaDataFile;
     static const android::String16 kRsaKeyType;
     static const android::String16 kEcKeyType;
-    Entropy* mEntropy;
 
     KeymasterDevices mKmDevices;
     bool mAllowNewFallback;