| Avi Drissman | e4622aa | 2022-09-08 20:36:06 | [diff] [blame] | 1 | // Copyright 2012 The Chromium Authors |
| [email protected] | 05f9b68 | 2008-09-29 22:18:01 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "base/rand_util.h" |
| 6 | |
| [email protected] | 8c37218a | 2014-01-24 00:01:14 | [diff] [blame] | 7 | #include <windows.h> |
| Bruce Dawson | a1e1cfcb | 2022-11-22 20:04:35 | [diff] [blame] | 8 | |
| avi | 9b6f4293 | 2015-12-26 22:15:14 | [diff] [blame] | 9 | #include <stddef.h> |
| 10 | #include <stdint.h> |
| [email protected] | 05f9b68 | 2008-09-29 22:18:01 | [diff] [blame] | 11 | |
| [email protected] | 8c37218a | 2014-01-24 00:01:14 | [diff] [blame] | 12 | #include <algorithm> |
| Daniel Cheng | b6bbf5a6 | 2022-09-09 18:26:34 | [diff] [blame] | 13 | #include <atomic> |
| [email protected] | 8c37218a | 2014-01-24 00:01:14 | [diff] [blame] | 14 | #include <limits> |
| 15 | |
| Hans Wennborg | c3cffa6 | 2020-04-27 10:09:12 | [diff] [blame] | 16 | #include "base/check.h" |
| Daniel Cheng | b6bbf5a6 | 2022-09-09 18:26:34 | [diff] [blame] | 17 | #include "base/feature_list.h" |
| Daniel Cheng | b6bbf5a6 | 2022-09-09 18:26:34 | [diff] [blame] | 18 | #include "third_party/boringssl/src/include/openssl/rand.h" |
| [email protected] | 05f9b68 | 2008-09-29 22:18:01 | [diff] [blame] | 19 | |
| Alex Gough | d28e61a | 2023-07-11 18:45:34 | [diff] [blame] | 20 | // Prototype for ProcessPrng. |
| 21 | // See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng |
| 22 | extern "C" { |
| 23 | BOOL WINAPI ProcessPrng(PBYTE pbData, SIZE_T cbData); |
| 24 | } |
| 25 | |
| [email protected] | 05f9b68 | 2008-09-29 22:18:01 | [diff] [blame] | 26 | namespace base { |
| 27 | |
| Mark Mentovai | 5d6e763 | 2023-08-11 17:21:43 | [diff] [blame] | 28 | namespace internal { |
| 29 | |
| 30 | namespace { |
| 31 | |
| 32 | // The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and |
| 33 | // rand_util_posix.cc. |
| 34 | std::atomic<bool> g_use_boringssl; |
| 35 | |
| 36 | BASE_FEATURE(kUseBoringSSLForRandBytes, |
| 37 | "UseBoringSSLForRandBytes", |
| 38 | FEATURE_DISABLED_BY_DEFAULT); |
| 39 | |
| 40 | } // namespace |
| 41 | |
| 42 | void ConfigureBoringSSLBackedRandBytesFieldTrial() { |
| 43 | g_use_boringssl.store(FeatureList::IsEnabled(kUseBoringSSLForRandBytes), |
| 44 | std::memory_order_relaxed); |
| 45 | } |
| 46 | |
| 47 | bool UseBoringSSLForRandBytes() { |
| 48 | return g_use_boringssl.load(std::memory_order_relaxed); |
| 49 | } |
| 50 | |
| 51 | } // namespace internal |
| 52 | |
| Egor Pasko | 1c7e624 | 2022-09-20 12:45:39 | [diff] [blame] | 53 | namespace { |
| 54 | |
| Alex Gough | d28e61a | 2023-07-11 18:45:34 | [diff] [blame] | 55 | // Import bcryptprimitives!ProcessPrng rather than cryptbase!RtlGenRandom to |
| 56 | // avoid opening a handle to \\Device\KsecDD in the renderer. |
| 57 | decltype(&ProcessPrng) GetProcessPrng() { |
| 58 | HMODULE hmod = LoadLibraryW(L"bcryptprimitives.dll"); |
| 59 | CHECK(hmod); |
| 60 | decltype(&ProcessPrng) process_prng_fn = |
| 61 | reinterpret_cast<decltype(&ProcessPrng)>( |
| 62 | GetProcAddress(hmod, "ProcessPrng")); |
| 63 | CHECK(process_prng_fn); |
| 64 | return process_prng_fn; |
| 65 | } |
| 66 | |
| danakj | 95305d27 | 2024-05-09 20:38:44 | [diff] [blame] | 67 | void RandBytesInternal(span<uint8_t> output, bool avoid_allocation) { |
| Mark Mentovai | 5d6e763 | 2023-08-11 17:21:43 | [diff] [blame] | 68 | if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) { |
| Daniel Cheng | b6bbf5a6 | 2022-09-09 18:26:34 | [diff] [blame] | 69 | // BoringSSL's RAND_bytes always returns 1. Any error aborts the program. |
| Austin Sullivan | a41f7f6 | 2024-01-09 20:11:50 | [diff] [blame] | 70 | (void)RAND_bytes(output.data(), output.size()); |
| Daniel Cheng | b6bbf5a6 | 2022-09-09 18:26:34 | [diff] [blame] | 71 | return; |
| 72 | } |
| 73 | |
| Alex Gough | d28e61a | 2023-07-11 18:45:34 | [diff] [blame] | 74 | static decltype(&ProcessPrng) process_prng_fn = GetProcessPrng(); |
| Austin Sullivan | a41f7f6 | 2024-01-09 20:11:50 | [diff] [blame] | 75 | BOOL success = |
| 76 | process_prng_fn(static_cast<BYTE*>(output.data()), output.size()); |
| Alex Gough | d28e61a | 2023-07-11 18:45:34 | [diff] [blame] | 77 | // ProcessPrng is documented to always return TRUE. |
| 78 | CHECK(success); |
| [email protected] | c910c5a | 2014-01-23 02:14:28 | [diff] [blame] | 79 | } |
| 80 | |
| Egor Pasko | 1c7e624 | 2022-09-20 12:45:39 | [diff] [blame] | 81 | } // namespace |
| 82 | |
| Austin Sullivan | a41f7f6 | 2024-01-09 20:11:50 | [diff] [blame] | 83 | void RandBytes(span<uint8_t> output) { |
| danakj | 95305d27 | 2024-05-09 20:38:44 | [diff] [blame] | 84 | RandBytesInternal(output, /*avoid_allocation=*/false); |
| Egor Pasko | 1c7e624 | 2022-09-20 12:45:39 | [diff] [blame] | 85 | } |
| 86 | |
| 87 | namespace internal { |
| 88 | |
| 89 | double RandDoubleAvoidAllocation() { |
| 90 | uint64_t number; |
| danakj | 95305d27 | 2024-05-09 20:38:44 | [diff] [blame] | 91 | RandBytesInternal(byte_span_from_ref(number), |
| 92 | /*avoid_allocation=*/true); |
| Egor Pasko | 1c7e624 | 2022-09-20 12:45:39 | [diff] [blame] | 93 | // This transformation is explained in rand_util.cc. |
| 94 | return (number >> 11) * 0x1.0p-53; |
| 95 | } |
| 96 | |
| 97 | } // namespace internal |
| 98 | |
| [email protected] | 05f9b68 | 2008-09-29 22:18:01 | [diff] [blame] | 99 | } // namespace base |
