OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 #include <stdio.h> | 5 #include <stdio.h> |
6 #include <string.h> | 6 #include <string.h> |
7 #include <signal.h> | 7 #include <signal.h> |
8 #include <unistd.h> | 8 #include <unistd.h> |
9 #include <limits.h> | 9 #include <limits.h> |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 900 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
911 * | 911 * |
912 * Bug 174993: On platforms providing /dev/urandom, don't fork netstat | 912 * Bug 174993: On platforms providing /dev/urandom, don't fork netstat |
913 * either, if data has been gathered successfully. | 913 * either, if data has been gathered successfully. |
914 */ | 914 */ |
915 | 915 |
916 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ | 916 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ |
917 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ | 917 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ |
918 || defined(HPUX) | 918 || defined(HPUX) |
919 if (bytes) | 919 if (bytes) |
920 return; | 920 return; |
| 921 |
| 922 /* |
| 923 * Modified to abort the process if it failed to read from /dev/urandom. |
| 924 * |
| 925 * See crbug.com/244661 for details. |
| 926 */ |
| 927 fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " |
| 928 "Abort process.\n", __FILE__, __LINE__); |
| 929 fflush(stderr); |
| 930 abort(); |
921 #endif | 931 #endif |
922 | 932 |
923 #ifdef SOLARIS | 933 #ifdef SOLARIS |
924 | 934 |
925 /* | 935 /* |
926 * On Solaris, NSS may be initialized automatically from libldap in | 936 * On Solaris, NSS may be initialized automatically from libldap in |
927 * applications that are unaware of the use of NSS. safe_popen forks, and | 937 * applications that are unaware of the use of NSS. safe_popen forks, and |
928 * sometimes creates issues with some applications' pthread_atfork handlers. | 938 * sometimes creates issues with some applications' pthread_atfork handlers. |
929 * We always have /dev/urandom on Solaris 9 and above as an entropy source, | 939 * We always have /dev/urandom on Solaris 9 and above as an entropy source, |
930 * and for Solaris 8 we have the libkstat interface, so we don't need to | 940 * and for Solaris 8 we have the libkstat interface, so we don't need to |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1125 | 1135 |
1126 size_t RNG_SystemRNG(void *dest, size_t maxLen) | 1136 size_t RNG_SystemRNG(void *dest, size_t maxLen) |
1127 { | 1137 { |
1128 FILE *file; | 1138 FILE *file; |
1129 size_t bytes; | 1139 size_t bytes; |
1130 size_t fileBytes = 0; | 1140 size_t fileBytes = 0; |
1131 unsigned char *buffer = dest; | 1141 unsigned char *buffer = dest; |
1132 | 1142 |
1133 file = fopen("/dev/urandom", "r"); | 1143 file = fopen("/dev/urandom", "r"); |
1134 if (file == NULL) { | 1144 if (file == NULL) { |
1135 » return rng_systemFromNoise(dest, maxLen); | 1145 » /* |
| 1146 » * Modified to abort the process if it failed to read from /dev/urandom. |
| 1147 » * |
| 1148 » * See crbug.com/244661 for details. |
| 1149 » */ |
| 1150 » fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " |
| 1151 » » "Abort process.\n", __FILE__, __LINE__); |
| 1152 » fflush(stderr); |
| 1153 » abort(); |
1136 } | 1154 } |
1137 while (maxLen > fileBytes) { | 1155 while (maxLen > fileBytes) { |
1138 bytes = maxLen - fileBytes; | 1156 bytes = maxLen - fileBytes; |
1139 bytes = fread(buffer, 1, bytes, file); | 1157 bytes = fread(buffer, 1, bytes, file); |
1140 if (bytes == 0) | 1158 if (bytes == 0) |
1141 break; | 1159 break; |
1142 fileBytes += bytes; | 1160 fileBytes += bytes; |
1143 buffer += bytes; | 1161 buffer += bytes; |
1144 } | 1162 } |
1145 fclose(file); | 1163 fclose(file); |
1146 if (fileBytes != maxLen) { | 1164 if (fileBytes != maxLen) { |
1147 PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ | 1165 PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ |
1148 fileBytes = 0; | 1166 fileBytes = 0; |
1149 } | 1167 } |
1150 return fileBytes; | 1168 return fileBytes; |
1151 } | 1169 } |
OLD | NEW |