Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide FIPS_is_entropy_cpu_jitter() #2088

Merged
merged 2 commits into from
Jan 3, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions crypto/crypto_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,14 @@ TEST(CryptoTest, Strndup) {
EXPECT_STREQ("", str.get());
}

TEST(CryptoTest, aws_lc_assert_entropy_cpu_jitter) {
#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
ASSERT_EQ(1, FIPS_is_entropy_cpu_jitter());
#else
ASSERT_EQ(0, FIPS_is_entropy_cpu_jitter());
#endif
}

TEST(CryptoTest, OPENSSL_hexstr2buf) {
const char *test_cases[][2] = {{"a2", "\xa2"},
{"a213", "\xa2\x13"},
Expand Down
8 changes: 8 additions & 0 deletions crypto/fipsmodule/self_check/fips.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@ int FIPS_mode(void) {
#endif
}

int FIPS_is_entropy_cpu_jitter(void) {
#if defined(FIPS_ENTROPY_SOURCE_JITTER_CPU)
return 1;
#else
return 0;
#endif
}

int FIPS_mode_set(int on) { return on == FIPS_mode(); }

#if defined(BORINGSSL_FIPS_140_3)
Expand Down
4 changes: 4 additions & 0 deletions include/openssl/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,10 @@ OPENSSL_EXPORT void armv8_enable_dit(void);
// which case it returns one.
OPENSSL_EXPORT int FIPS_mode(void);

// FIPS_is_entropy_cpu_jitter returns 1 if CPU jitter is used as the entropy source
// for AWS-LC. Otherwise, returns 0;
OPENSSL_EXPORT int FIPS_is_entropy_cpu_jitter(void);

// fips_counter_t denotes specific APIs/algorithms. A counter is maintained for
// each in FIPS mode so that tests can be written to assert that the expected,
// FIPS functions are being called by a certain peice of code.
Expand Down
Loading