TD0510: Obtaining random bytes for iOS/macOS
FCS_RBG_EXT.1 lists SecRandomCopyBytes and /dev/random as approved interfaces for obtaining random bytes from the iOS platform and /dev/random as the approved interface for macOS.
Apple is transitioning to faster and more modern methods of generating random bytes. The new interface is CCRandomGenerateBytes in CommonRandom.c. This function calls CCRandomCopyBytes which calls ccDRBGGetRngState, which calls ccrng. ccrng.h defines the ccrng function as a function that returns a NIST SP800-90A CTR_DRBG(AES).
For FCS_RBG_EXT.1, the tests for iOS and macOS are modified as follows, with underlines indicating additions:
For iOS: The evaluator shall verify that the application invokes either SecRandomCopyBytes, CCRandomGenerateBytes or CCRandomCopyBytes, or
For macOS: The evaluator shall verify that the application invokes either CCRandomGenerateBytes or CCRandomCopyBytes, or collects random from /dev/random.
See issue description.