Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: patches/nss-urandom-abort.patch

Issue 105893015: Update third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Remove SVN property on new file nss/lib/freebl/rsapkcs.c Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « patches/nss-chacha20-poly1305.patch ('k') | scripts/nss-checkout.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Index: unix_rand.c 1 diff -r c3565a90b8c4 lib/freebl/unix_rand.c
2 =================================================================== 2 --- a/lib/freebl/unix_rand.c» Fri Jan 03 20:59:10 2014 +0100
3 --- unix_rand.c»(revision 203531) 3 +++ b/lib/freebl/unix_rand.c» Tue Jan 07 11:28:59 2014 -0800
4 +++ unix_rand.c»(working copy)
5 @@ -916,8 +916,19 @@ 4 @@ -916,8 +916,19 @@
6 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ 5 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \
7 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ 6 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \
8 || defined(HPUX) 7 || defined(HPUX)
9 - if (bytes) 8 - if (bytes)
10 + if (bytes == SYSTEM_RNG_SEED_COUNT) 9 + if (bytes == SYSTEM_RNG_SEED_COUNT)
11 return; 10 return;
12 + 11 +
13 + /* 12 + /*
14 + * Modified to abort the process if it failed to read from /dev/urandom. 13 + * Modified to abort the process if it failed to read from /dev/urandom.
15 + * 14 + *
16 + * See crbug.com/244661 for details. 15 + * See crbug.com/244661 for details.
17 + */ 16 + */
18 + fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) " 17 + fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) "
19 + "from /dev/urandom. Abort process.\n", __FILE__, __LINE__, 18 + "from /dev/urandom. Abort process.\n", __FILE__, __LINE__,
20 + bytes, SYSTEM_RNG_SEED_COUNT); 19 + bytes, SYSTEM_RNG_SEED_COUNT);
21 + fflush(stderr); 20 + fflush(stderr);
22 + abort(); 21 + abort();
23 #endif 22 #endif
24 23
25 #ifdef SOLARIS 24 #ifdef SOLARIS
26 @@ -1123,6 +1134,11 @@ 25 @@ -1134,6 +1145,11 @@
27 } 26 }
28 } 27 }
29 28
30 +/* 29 +/*
31 + * Modified to abort the process if it failed to read from /dev/urandom. 30 + * Modified to abort the process if it failed to read from /dev/urandom.
32 + * 31 + *
33 + * See crbug.com/244661 for details. 32 + * See crbug.com/244661 for details.
34 + */ 33 + */
35 size_t RNG_SystemRNG(void *dest, size_t maxLen) 34 size_t RNG_SystemRNG(void *dest, size_t maxLen)
36 { 35 {
37 FILE *file; 36 FILE *file;
38 @@ -1132,7 +1148,10 @@ 37 @@ -1144,7 +1160,10 @@
39 38
40 file = fopen("/dev/urandom", "r"); 39 file = fopen("/dev/urandom", "r");
41 if (file == NULL) { 40 if (file == NULL) {
42 - return rng_systemFromNoise(dest, maxLen); 41 - return rng_systemFromNoise(dest, maxLen);
43 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " 42 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
44 + "Abort process.\n", __FILE__, __LINE__); 43 + "Abort process.\n", __FILE__, __LINE__);
45 + fflush(stderr); 44 + fflush(stderr);
46 + abort(); 45 + abort();
47 } 46 }
48 while (maxLen > fileBytes) { 47 /* Read from the underlying file descriptor directly to bypass stdio
49 » bytes = maxLen - fileBytes; 48 * buffering and avoid reading more bytes than we need from /dev/urandom.
50 @@ -1144,8 +1163,10 @@ 49 @@ -1164,8 +1183,10 @@
51 } 50 }
52 fclose(file); 51 fclose(file);
53 if (fileBytes != maxLen) { 52 if (fileBytes != maxLen) {
54 - PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ 53 - PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
55 - fileBytes = 0; 54 - fileBytes = 0;
56 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " 55 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
57 + "Abort process.\n", __FILE__, __LINE__); 56 + "Abort process.\n", __FILE__, __LINE__);
58 + fflush(stderr); 57 + fflush(stderr);
59 + abort(); 58 + abort();
60 } 59 }
61 return fileBytes; 60 return fileBytes;
62 } 61 }
OLDNEW
« no previous file with comments | « patches/nss-chacha20-poly1305.patch ('k') | scripts/nss-checkout.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698