OLD | NEW |
1 diff -r c3565a90b8c4 lib/freebl/unix_rand.c | 1 diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c |
2 --- a/lib/freebl/unix_rand.c» Fri Jan 03 20:59:10 2014 +0100 | 2 index 579040e..2f9b3e5 100644 |
3 +++ b/lib/freebl/unix_rand.c» Tue Jan 07 11:28:59 2014 -0800 | 3 --- a/lib/freebl/unix_rand.c |
4 @@ -916,8 +916,19 @@ | 4 +++ b/lib/freebl/unix_rand.c |
| 5 @@ -916,8 +916,19 @@ void RNG_SystemInfoForRNG(void) |
5 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ | 6 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ |
6 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ | 7 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ |
7 || defined(HPUX) | 8 || defined(HPUX) |
8 - if (bytes) | 9 - if (bytes) |
9 + if (bytes == SYSTEM_RNG_SEED_COUNT) | 10 + if (bytes == SYSTEM_RNG_SEED_COUNT) |
10 return; | 11 return; |
11 + | 12 + |
12 + /* | 13 + /* |
13 + * Modified to abort the process if it failed to read from /dev/urandom. | 14 + * Modified to abort the process if it failed to read from /dev/urandom. |
14 + * | 15 + * |
15 + * See crbug.com/244661 for details. | 16 + * See crbug.com/244661 for details. |
16 + */ | 17 + */ |
17 + fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) " | 18 + fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) " |
18 + "from /dev/urandom. Abort process.\n", __FILE__, __LINE__, | 19 + "from /dev/urandom. Abort process.\n", __FILE__, __LINE__, |
19 + bytes, SYSTEM_RNG_SEED_COUNT); | 20 + bytes, SYSTEM_RNG_SEED_COUNT); |
20 + fflush(stderr); | 21 + fflush(stderr); |
21 + abort(); | 22 + abort(); |
22 #endif | 23 #endif |
23 | 24 |
24 #ifdef SOLARIS | 25 #ifdef SOLARIS |
25 @@ -1134,6 +1145,11 @@ | 26 @@ -1134,6 +1145,11 @@ static void rng_systemJitter(void) |
26 } | 27 } |
27 } | 28 } |
28 | 29 |
29 +/* | 30 +/* |
30 + * Modified to abort the process if it failed to read from /dev/urandom. | 31 + * Modified to abort the process if it failed to read from /dev/urandom. |
31 + * | 32 + * |
32 + * See crbug.com/244661 for details. | 33 + * See crbug.com/244661 for details. |
33 + */ | 34 + */ |
34 size_t RNG_SystemRNG(void *dest, size_t maxLen) | 35 size_t RNG_SystemRNG(void *dest, size_t maxLen) |
35 { | 36 { |
36 FILE *file; | 37 FILE *file; |
37 @@ -1144,7 +1160,10 @@ | 38 @@ -1144,7 +1160,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) |
38 | 39 |
39 file = fopen("/dev/urandom", "r"); | 40 file = fopen("/dev/urandom", "r"); |
40 if (file == NULL) { | 41 if (file == NULL) { |
41 - return rng_systemFromNoise(dest, maxLen); | 42 - return rng_systemFromNoise(dest, maxLen); |
42 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | 43 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " |
43 + "Abort process.\n", __FILE__, __LINE__); | 44 + "Abort process.\n", __FILE__, __LINE__); |
44 + fflush(stderr); | 45 + fflush(stderr); |
45 + abort(); | 46 + abort(); |
46 } | 47 } |
47 /* Read from the underlying file descriptor directly to bypass stdio | 48 /* Read from the underlying file descriptor directly to bypass stdio |
48 * buffering and avoid reading more bytes than we need from /dev/urandom. | 49 * buffering and avoid reading more bytes than we need from /dev/urandom. |
49 @@ -1164,8 +1183,10 @@ | 50 @@ -1164,8 +1183,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) |
50 } | 51 } |
51 fclose(file); | 52 fclose(file); |
52 if (fileBytes != maxLen) { | 53 if (fileBytes != maxLen) { |
53 - PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ | 54 - PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ |
54 - fileBytes = 0; | 55 - fileBytes = 0; |
55 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | 56 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " |
56 + "Abort process.\n", __FILE__, __LINE__); | 57 + "Abort process.\n", __FILE__, __LINE__); |
57 + fflush(stderr); | 58 + fflush(stderr); |
58 + abort(); | 59 + abort(); |
59 } | 60 } |
60 return fileBytes; | 61 return fileBytes; |
61 } | 62 } |
OLD | NEW |