# HG changeset patch # User Bob Owen Remove boringssl option from rand_util. diff --git a/base/rand_util.h b/base/rand_util.h --- a/base/rand_util.h +++ b/base/rand_util.h @@ -11,17 +11,17 @@ #include #include #include "base/base_export.h" #include "base/compiler_specific.h" #include "base/gtest_prod_util.h" #include "build/build_config.h" -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !defined(MOZ_SANDBOX) #include "third_party/boringssl/src/include/openssl/rand.h" #endif namespace memory_simulator { class MemoryHolder; } namespace base { @@ -31,17 +31,17 @@ class TimeDelta; namespace internal { #if BUILDFLAG(IS_ANDROID) // Sets the implementation of RandBytes according to the corresponding // base::Feature. Thread safe: allows to switch while RandBytes() is in use. void ConfigureRandBytesFieldTrial(); #endif -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !defined(MOZ_SANDBOX) void ConfigureBoringSSLBackedRandBytesFieldTrial(); #endif // Returns a random double in range [0, 1). For use in allocator shim to avoid // infinite recursion. Thread-safe. BASE_EXPORT double RandDoubleAvoidAllocation(); } // namespace internal @@ -107,17 +107,17 @@ class RandomBitGenerator { static constexpr result_type min() { return 0; } static constexpr result_type max() { return UINT64_MAX; } result_type operator()() const { return RandUint64(); } RandomBitGenerator() = default; ~RandomBitGenerator() = default; }; -#if !BUILDFLAG(IS_NACL) +#if !BUILDFLAG(IS_NACL) && !defined(MOZ_SANDBOX) class NonAllocatingRandomBitGenerator { public: using result_type = uint64_t; static constexpr result_type min() { return 0; } static constexpr result_type max() { return UINT64_MAX; } result_type operator()() const { uint64_t result; RAND_get_system_entropy_for_custom_prng(reinterpret_cast(&result), diff --git a/base/rand_util_win.cc b/base/rand_util_win.cc --- a/base/rand_util_win.cc +++ b/base/rand_util_win.cc @@ -10,27 +10,30 @@ #include #include #include #include #include "base/check.h" #include "base/feature_list.h" +#if !defined(MOZ_SANDBOX) #include "third_party/boringssl/src/include/openssl/crypto.h" #include "third_party/boringssl/src/include/openssl/rand.h" +#endif // Prototype for ProcessPrng. // See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng extern "C" { BOOL WINAPI ProcessPrng(PBYTE pbData, SIZE_T cbData); } namespace base { +#if !defined(MOZ_SANDBOX) namespace internal { namespace { // The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and // rand_util_posix.cc. std::atomic g_use_boringssl; @@ -45,39 +48,42 @@ void ConfigureBoringSSLBackedRandBytesFi std::memory_order_relaxed); } bool UseBoringSSLForRandBytes() { return g_use_boringssl.load(std::memory_order_relaxed); } } // namespace internal +#endif namespace { // Import bcryptprimitives!ProcessPrng rather than cryptbase!RtlGenRandom to // avoid opening a handle to \\Device\KsecDD in the renderer. decltype(&ProcessPrng) GetProcessPrng() { HMODULE hmod = LoadLibraryW(L"bcryptprimitives.dll"); CHECK(hmod); decltype(&ProcessPrng) process_prng_fn = reinterpret_cast( GetProcAddress(hmod, "ProcessPrng")); CHECK(process_prng_fn); return process_prng_fn; } void RandBytes(void* output, size_t output_length, bool avoid_allocation) { +#if !defined(MOZ_SANDBOX) if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) { // Ensure BoringSSL is initialized so it can use things like RDRAND. CRYPTO_library_init(); // BoringSSL's RAND_bytes always returns 1. Any error aborts the program. (void)RAND_bytes(static_cast(output), output_length); return; } +#endif static decltype(&ProcessPrng) process_prng_fn = GetProcessPrng(); BOOL success = process_prng_fn(static_cast(output), output_length); // ProcessPrng is documented to always return TRUE. CHECK(success); } } // namespace