OLD | NEW |
---|---|
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 #include <stdio.h> | 5 #include <stdio.h> |
6 #include <string.h> | 6 #include <string.h> |
7 #include <signal.h> | 7 #include <signal.h> |
8 #include <unistd.h> | 8 #include <unistd.h> |
9 #include <limits.h> | 9 #include <limits.h> |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 900 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
911 * | 911 * |
912 * Bug 174993: On platforms providing /dev/urandom, don't fork netstat | 912 * Bug 174993: On platforms providing /dev/urandom, don't fork netstat |
913 * either, if data has been gathered successfully. | 913 * either, if data has been gathered successfully. |
914 */ | 914 */ |
915 | 915 |
916 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ | 916 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ |
917 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ | 917 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ |
918 || defined(HPUX) | 918 || defined(HPUX) |
919 if (bytes) | 919 if (bytes) |
920 return; | 920 return; |
921 | |
922 /* | |
923 * Modified to abort the process if it failed to read from /dev/urandom. | |
924 * | |
925 * See crbug.com/244661 for details. | |
926 */ | |
927 fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | |
928 "Abort process.\n", __FILE__, __LINE__); | |
929 fflush(stderr); | |
930 abort(); | |
921 #endif | 931 #endif |
922 | 932 |
923 #ifdef SOLARIS | 933 #ifdef SOLARIS |
924 | 934 |
925 /* | 935 /* |
926 * On Solaris, NSS may be initialized automatically from libldap in | 936 * On Solaris, NSS may be initialized automatically from libldap in |
927 * applications that are unaware of the use of NSS. safe_popen forks, and | 937 * applications that are unaware of the use of NSS. safe_popen forks, and |
928 * sometimes creates issues with some applications' pthread_atfork handlers. | 938 * sometimes creates issues with some applications' pthread_atfork handlers. |
929 * We always have /dev/urandom on Solaris 9 and above as an entropy source, | 939 * We always have /dev/urandom on Solaris 9 and above as an entropy source, |
930 * and for Solaris 8 we have the libkstat interface, so we don't need to | 940 * and for Solaris 8 we have the libkstat interface, so we don't need to |
(...skipping 30 matching lines...) Expand all Loading... | |
961 FILE * file; | 971 FILE * file; |
962 size_t bytes; | 972 size_t bytes; |
963 size_t fileBytes = 0; | 973 size_t fileBytes = 0; |
964 struct stat stat_buf; | 974 struct stat stat_buf; |
965 unsigned char buffer[BUFSIZ]; | 975 unsigned char buffer[BUFSIZ]; |
966 static size_t totalFileBytes = 0; | 976 static size_t totalFileBytes = 0; |
967 | 977 |
968 /* suppress valgrind warnings due to holes in struct stat */ | 978 /* suppress valgrind warnings due to holes in struct stat */ |
969 memset(&stat_buf, 0, sizeof(stat_buf)); | 979 memset(&stat_buf, 0, sizeof(stat_buf)); |
970 | 980 |
971 if (stat((char *)fileName, &stat_buf) < 0) | 981 if (stat((char *)fileName, &stat_buf) == 0) |
972 » return fileBytes; | 982 » RNG_RandomUpdate(&stat_buf, sizeof(stat_buf)); |
wtc
2013/06/10 19:39:37
This change is required only if we don't have the
| |
973 RNG_RandomUpdate(&stat_buf, sizeof(stat_buf)); | |
974 | 983 |
975 file = fopen((char *)fileName, "r"); | 984 file = fopen((char *)fileName, "r"); |
976 if (file != NULL) { | 985 if (file != NULL) { |
977 while (limit > fileBytes) { | 986 while (limit > fileBytes) { |
978 bytes = PR_MIN(sizeof buffer, limit - fileBytes); | 987 bytes = PR_MIN(sizeof buffer, limit - fileBytes); |
979 bytes = fread(buffer, 1, bytes, file); | 988 bytes = fread(buffer, 1, bytes, file); |
980 if (bytes == 0) | 989 if (bytes == 0) |
981 break; | 990 break; |
982 RNG_RandomUpdate(buffer, bytes); | 991 RNG_RandomUpdate(buffer, bytes); |
983 fileBytes += bytes; | 992 fileBytes += bytes; |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1125 | 1134 |
1126 size_t RNG_SystemRNG(void *dest, size_t maxLen) | 1135 size_t RNG_SystemRNG(void *dest, size_t maxLen) |
1127 { | 1136 { |
1128 FILE *file; | 1137 FILE *file; |
1129 size_t bytes; | 1138 size_t bytes; |
1130 size_t fileBytes = 0; | 1139 size_t fileBytes = 0; |
1131 unsigned char *buffer = dest; | 1140 unsigned char *buffer = dest; |
1132 | 1141 |
1133 file = fopen("/dev/urandom", "r"); | 1142 file = fopen("/dev/urandom", "r"); |
1134 if (file == NULL) { | 1143 if (file == NULL) { |
1135 » return rng_systemFromNoise(dest, maxLen); | 1144 » /* |
1145 » * Modified to abort the process if it failed to read from /dev/urandom. | |
1146 » * | |
1147 » * See crbug.com/244661 for details. | |
1148 » */ | |
1149 » fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | |
1150 » » » "Abort process.\n", __FILE__, __LINE__); | |
1151 » fflush(stderr); | |
1152 » abort(); | |
1136 } | 1153 } |
1137 while (maxLen > fileBytes) { | 1154 while (maxLen > fileBytes) { |
1138 bytes = maxLen - fileBytes; | 1155 bytes = maxLen - fileBytes; |
1139 bytes = fread(buffer, 1, bytes, file); | 1156 bytes = fread(buffer, 1, bytes, file); |
1140 if (bytes == 0) | 1157 if (bytes == 0) |
1141 break; | 1158 break; |
1142 fileBytes += bytes; | 1159 fileBytes += bytes; |
1143 buffer += bytes; | 1160 buffer += bytes; |
1144 } | 1161 } |
1145 fclose(file); | 1162 fclose(file); |
1146 if (fileBytes != maxLen) { | 1163 if (fileBytes != maxLen) { |
1147 PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ | 1164 PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ |
1148 fileBytes = 0; | 1165 fileBytes = 0; |
1149 } | 1166 } |
1150 return fileBytes; | 1167 return fileBytes; |
1151 } | 1168 } |
OLD | NEW |