Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(150)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/freebl/unix_rand.c

Issue 15990009: Call abort() if NSS cannot read from /dev/urandom. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Remove the stat change Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « README.chromium ('k') | patches/nss-urandom-abort.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 #include <stdio.h> 5 #include <stdio.h>
6 #include <string.h> 6 #include <string.h>
7 #include <signal.h> 7 #include <signal.h>
8 #include <unistd.h> 8 #include <unistd.h>
9 #include <limits.h> 9 #include <limits.h>
10 #include <errno.h> 10 #include <errno.h>
(...skipping 900 matching lines...) Expand 10 before | Expand all | Expand 10 after
911 * 911 *
912 * Bug 174993: On platforms providing /dev/urandom, don't fork netstat 912 * Bug 174993: On platforms providing /dev/urandom, don't fork netstat
913 * either, if data has been gathered successfully. 913 * either, if data has been gathered successfully.
914 */ 914 */
915 915
916 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ 916 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \
917 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ 917 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \
918 || defined(HPUX) 918 || defined(HPUX)
919 if (bytes) 919 if (bytes)
920 return; 920 return;
921
922 /*
923 * Modified to abort the process if it failed to read from /dev/urandom.
924 *
925 * See crbug.com/244661 for details.
926 */
927 fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
928 "Abort process.\n", __FILE__, __LINE__);
929 fflush(stderr);
930 abort();
921 #endif 931 #endif
922 932
923 #ifdef SOLARIS 933 #ifdef SOLARIS
924 934
925 /* 935 /*
926 * On Solaris, NSS may be initialized automatically from libldap in 936 * On Solaris, NSS may be initialized automatically from libldap in
927 * applications that are unaware of the use of NSS. safe_popen forks, and 937 * applications that are unaware of the use of NSS. safe_popen forks, and
928 * sometimes creates issues with some applications' pthread_atfork handlers. 938 * sometimes creates issues with some applications' pthread_atfork handlers.
929 * We always have /dev/urandom on Solaris 9 and above as an entropy source, 939 * We always have /dev/urandom on Solaris 9 and above as an entropy source,
930 * and for Solaris 8 we have the libkstat interface, so we don't need to 940 * and for Solaris 8 we have the libkstat interface, so we don't need to
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after
1125 1135
1126 size_t RNG_SystemRNG(void *dest, size_t maxLen) 1136 size_t RNG_SystemRNG(void *dest, size_t maxLen)
1127 { 1137 {
1128 FILE *file; 1138 FILE *file;
1129 size_t bytes; 1139 size_t bytes;
1130 size_t fileBytes = 0; 1140 size_t fileBytes = 0;
1131 unsigned char *buffer = dest; 1141 unsigned char *buffer = dest;
1132 1142
1133 file = fopen("/dev/urandom", "r"); 1143 file = fopen("/dev/urandom", "r");
1134 if (file == NULL) { 1144 if (file == NULL) {
1135 » return rng_systemFromNoise(dest, maxLen); 1145 » /*
1146 » * Modified to abort the process if it failed to read from /dev/urandom.
1147 » *
1148 » * See crbug.com/244661 for details.
1149 » */
1150 » fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
1151 » » "Abort process.\n", __FILE__, __LINE__);
1152 » fflush(stderr);
1153 » abort();
1136 } 1154 }
1137 while (maxLen > fileBytes) { 1155 while (maxLen > fileBytes) {
1138 bytes = maxLen - fileBytes; 1156 bytes = maxLen - fileBytes;
1139 bytes = fread(buffer, 1, bytes, file); 1157 bytes = fread(buffer, 1, bytes, file);
1140 if (bytes == 0) 1158 if (bytes == 0)
1141 break; 1159 break;
1142 fileBytes += bytes; 1160 fileBytes += bytes;
1143 buffer += bytes; 1161 buffer += bytes;
1144 } 1162 }
1145 fclose(file); 1163 fclose(file);
1146 if (fileBytes != maxLen) { 1164 if (fileBytes != maxLen) {
1147 PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ 1165 PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
1148 fileBytes = 0; 1166 fileBytes = 0;
1149 } 1167 }
1150 return fileBytes; 1168 return fileBytes;
1151 } 1169 }
OLDNEW
« no previous file with comments | « README.chromium ('k') | patches/nss-urandom-abort.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698