1 // Copyright 2024 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
16 #define OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
17 
18 #include <openssl/base.h>
19 
20 #include <stdio.h>
21 
22 // Provided by libcrypto, called from BCM
23 
24 #if defined(__cplusplus)
25 extern "C" {
26 #endif
27 
28 // Provided by libcrypto, called from BCM
29 
30 // CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
31 // from the operating system, if the operating system requires initialization.
32 void CRYPTO_init_sysrand(void);
33 
34 // CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating
35 // system.
36 void CRYPTO_sysrand(uint8_t *buf, size_t len);
37 
38 // CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
39 // operating system, or early /dev/urandom data, and returns 1, _if_ the entropy
40 // pool is initialized or if getrandom() is not available and not in FIPS mode.
41 // Otherwise it will not block and will instead fill |buf| with all zeros and
42 // return 0.
43 int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len);
44 
45 // CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
46 // operating system. It may draw from the |GRND_RANDOM| pool on Android,
47 // depending on the vendor's configuration.
48 void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
49 
50 // RAND_need_entropy is called whenever the BCM module has stopped because it
51 // has run out of entropy.
52 void RAND_need_entropy(size_t bytes_needed);
53 
54 // crypto_get_fork_generation returns the fork generation number for the current
55 // process, or zero if not supported on the platform. The fork generation number
56 // is a non-zero, strictly-monotonic counter with the property that, if queried
57 // in an address space and then again in a subsequently forked copy, the forked
58 // address space will observe a greater value.
59 //
60 // This function may be used to clear cached values across a fork. When
61 // initializing a cache, record the fork generation. Before using the cache,
62 // check if the fork generation has changed. If so, drop the cache and update
63 // the save fork generation. Note this logic transparently handles platforms
64 // which always return zero.
65 //
66 // This is not reliably supported on all platforms which implement |fork|, so it
67 // should only be used as a hardening measure.
68 OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
69 
70 // CRYPTO_fork_detect_force_madv_wipeonfork_for_testing is an internal detail
71 // used for testing purposes.
72 OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
73     int on);
74 
75 // CRYPTO_get_stderr returns stderr. This function exists to avoid BCM needing
76 // a data dependency on libc.
77 FILE *CRYPTO_get_stderr(void);
78 
79 
80 #if defined(__cplusplus)
81 }  // extern C
82 #endif
83 
84 #endif  // OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
85