Replace Entropy with RAND_bytes
/dev/urandom is not an approved random number generator
for NIAP certification. Changing to use BoringSSL's
RAND_bytes(), which is approved.
Bug: 121272336
Test: Ran Keystore CTS tests against Walleye, no new
test failures observed.
Change-Id: I0fb87c955512074fa714c1986ce99063ab430470
Merged-In: I579d140ef56c90b477b0d8989e3b02375681aee8
diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index d21c691..ca5cb74 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp
@@ -19,12 +19,12 @@
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
+#include <openssl/rand.h>
#include <string.h>
#include <cutils/log.h>
#include "blob.h"
-#include "entropy.h"
#include "keystore_utils.h"
@@ -205,8 +205,7 @@
}
}
-ResponseCode Blob::writeBlob(const std::string& filename, const uint8_t* aes_key, State state,
- Entropy* entropy) {
+ResponseCode Blob::writeBlob(const std::string& filename, const uint8_t* aes_key, State state) {
ALOGV("writing blob %s", filename.c_str());
const size_t dataLength = mBlob.length;
@@ -219,7 +218,7 @@
}
memset(mBlob.initialization_vector, 0, AES_BLOCK_SIZE);
- if (!entropy->generate_random_data(mBlob.initialization_vector, kGcmIvSizeBytes)) {
+ if (!RAND_bytes(mBlob.initialization_vector, kGcmIvSizeBytes)) {
ALOGW("Could not read random data for: %s", filename.c_str());
return ResponseCode::SYSTEM_ERROR;
}