Replace Entropy with RAND_bytes
/dev/urandom is not an approved random number generator
for NIAP certification. Changing to use BoringSSL's
RAND_bytes(), which is approved.
Bug: 121272336
Test: Ran Keystore CTS tests against Walleye, no new
test failures observed.
Change-Id: I0fb87c955512074fa714c1986ce99063ab430470
Merged-In: I579d140ef56c90b477b0d8989e3b02375681aee8
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index 82d4e69..52e83c8 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -32,7 +32,6 @@
#include <keystore/keystore_return_types.h>
#include "KeyStore.h"
-#include "entropy.h"
#include "key_store_service.h"
#include "legacy_keymaster_device_wrapper.h"
#include "permissions.h"
@@ -136,9 +135,6 @@
CHECK(argc >= 2) << "A directory must be specified!";
CHECK(chdir(argv[1]) != -1) << "chdir: " << argv[1] << ": " << strerror(errno);
- Entropy entropy;
- CHECK(entropy.open()) << "Failed to open entropy source.";
-
auto kmDevices = initializeKeymasters();
CHECK(kmDevices[SecurityLevel::SOFTWARE]) << "Missing software Keymaster device";
@@ -155,7 +151,7 @@
SecurityLevel minimalAllowedSecurityLevelForNewKeys =
halVersion.majorVersion >= 2 ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE;
- keystore::KeyStore keyStore(&entropy, kmDevices, minimalAllowedSecurityLevelForNewKeys);
+ keystore::KeyStore keyStore(kmDevices, minimalAllowedSecurityLevelForNewKeys);
keyStore.initialize();
android::sp<android::IServiceManager> sm = android::defaultServiceManager();
android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);