Simplify urandom and move iOS source into its own file (#2379)

Refactor urandom.c to be more readable:

Introduces explicit states
Factor out code into self-contained functions
Removes if/defs, in particular, drops any FIPS macro's
Factors out iOS source CCRandomGenerateBytes() into its own file.

Author: torben-hansen

crypto/CMakeLists.txt

@@ -468,6 +468,7 @@ add_library(
   poly1305/poly1305_arm.c
   poly1305/poly1305_vec.c
   pool/pool.c
+  rand_extra/ccrandomgeneratebytes.c
   rand_extra/deterministic.c
   rand_extra/getentropy.c
   rand_extra/rand_extra.c
@@ -818,6 +819,7 @@ if(BUILD_TESTING)
     pkcs8/pkcs12_test.cc
     poly1305/poly1305_test.cc
     pool/pool_test.cc
+    rand_extra/ccrandomgeneratebytes_test.cc
     rand_extra/getentropy_test.cc
     rand_extra/rand_test.cc
     refcount_test.cc

crypto/fipsmodule/rand/rand_isolated_test.cc

@@ -783,6 +783,10 @@ TEST_F(randIsolatedTest, RngKatWithUbe) {
     GTEST_SKIP() << "Test not supported when UBE is not supported";
   }
 
+  if (runtimeEmulationIsIntelSde() && addressSanitizerIsEnabled()) {
+    GTEST_SKIP() << "Test not supported under Intel SDE + ASAN";
+  }
+
   auto runTest = [](RngKatTestUtils::TestType type) {
     RngKatTestUtils::RngKatTestEnv env(type);
     exit(env.runTest() ? 0 : 1);
@@ -803,6 +807,10 @@ TEST_F(randIsolatedTest, RngKatNoUbe) {
     GTEST_SKIP() << "Test not supported when UBE is supported";
   }
 
+  if (runtimeEmulationIsIntelSde() && addressSanitizerIsEnabled()) {
+    GTEST_SKIP() << "Test not supported under Intel SDE + ASAN";
+  }
+
   auto runTest = [](RngKatTestUtils::TestType type) {
     RngKatTestUtils::RngKatTestEnv env(type);
     exit(env.runTest() ? 0 : 1);

crypto/rand_extra/ccrandomgeneratebytes.c

@@ -0,0 +1,33 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+#include <openssl/rand.h>
+
+#include "internal.h"
+
+#if defined(OPENSSL_RAND_CCRANDOMGENERATEBYTES)
+
+#include <CommonCrypto/CommonRandom.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+void CRYPTO_sysrand(uint8_t *out, size_t requested) {
+
+  if (requested == 0) {
+    return;
+  }
+
+  // To get system randomness on iOS we use |CCRandomGenerateBytes|. On MacOS we
+  // use |getentropy| but iOS doesn't expose that.
+  if (CCRandomGenerateBytes(out, requested) != kCCSuccess) {
+    fprintf(stderr, "CCRandomGenerateBytes failed.\n");
+    abort();
+  }
+}
+
+void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
+  CRYPTO_sysrand(out, requested);
+}
+
+#endif

crypto/rand_extra/ccrandomgeneratebytes_test.cc

@@ -0,0 +1,43 @@
+#if !defined(_DEFAULT_SOURCE)
+#define _DEFAULT_SOURCE  // Needed for getentropy on musl and glibc
+#endif
+
+#include <openssl/rand.h>
+
+#include "internal.h"
+
+#if defined(OPENSSL_RAND_CCRANDOMGENERATEBYTES)
+
+#include <gtest/gtest.h>
+
+#include <openssl/span.h>
+
+#include <CommonCrypto/CommonRandom.h>
+
+#include "../test/test_util.h"
+
+// This test is, strictly speaking, flaky, but we use large enough buffers
+// that the probability of failing when we should pass is negligible.
+
+TEST(CCRandomGenerateBytesTest, NotObviouslyBroken) {
+  static const uint8_t kZeros[256] = {0};
+
+  uint8_t buf1[256] = {0}, buf2[256] = {0}, buf3[256] = {0};
+
+  EXPECT_EQ(CCRandomGenerateBytes(buf1, sizeof(buf1)), kCCSuccess);
+  EXPECT_EQ(CCRandomGenerateBytes(buf2, sizeof(buf2)), kCCSuccess);
+  EXPECT_NE(Bytes(buf1), Bytes(buf2));
+  EXPECT_NE(Bytes(buf1), Bytes(kZeros));
+  EXPECT_NE(Bytes(buf2), Bytes(kZeros));
+
+  // Ensure that the implementation is not simply returning the memory unchanged.
+  memcpy(buf3, buf1, sizeof(buf3));
+  EXPECT_EQ(CCRandomGenerateBytes(buf1, sizeof(buf1)), kCCSuccess);
+  EXPECT_NE(Bytes(buf1), Bytes(buf3));
+
+  // |CCRandomGenerateBytes| supports bigger inputs.
+  uint8_t buf4[1024] = {0}, buf5[1024] = {0};
+  EXPECT_NE(Bytes(buf4), Bytes(buf5));
+}
+
+#endif // defined(OPENSSL_RAND_CCRANDOMGENERATEBYTES)

crypto/rand_extra/internal.h

@@ -10,6 +10,8 @@
 #define OPENSSL_RAND_WINDOWS
 #elif defined(OPENSSL_MACOS) || defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)
 #define OPENSSL_RAND_GETENTROPY
+#elif defined(OPENSSL_IOS)
+#define OPENSSL_RAND_CCRANDOMGENERATEBYTES
 #else
 #define OPENSSL_RAND_URANDOM
 #endif