Make randomness generation deterministic under BORINGSSL_UNSAFE_FUZZER_MODE

[torben-hansen]

Description of changes:

When BORINGSSL_UNSAFE_DETERMINISTIC_MODE is defined (e.g. via -DFUZZ=1), the entropy source layer now routes seed and extra entropy requests through CRYPTO_sysrand, which is already deterministic in this mode (ChaCha20 with counter-based nonce). This bypasses jitter and hardware entropy sources, ensuring fully deterministic randomness generation end-to-end to support fuzzing.

Testing:

Added small assertion test.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 15.78947% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.93%. Comparing base (a75e930) to head (5d6392a).
⚠️ Report is 38 commits behind head on main.

Files with missing lines	Patch %	Lines
crypto/fipsmodule/rand/entropy/entropy_sources.c	15.78%	16 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3136      +/-   ##
==========================================
- Coverage   77.95%   77.93%   -0.03%     
==========================================
  Files         689      689              
  Lines      122506   122525      +19     
  Branches    17095    17095              
==========================================
- Hits        95505    95495      -10     
- Misses      26102    26131      +29     
  Partials      899      899              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[torben-hansen]

Implementation doesn't quite yet meet requirements I had. Right now, one cannot effectively "reset" generators in a multi-threaded environment. For that, I would need some thread-local controls.