OLD | NEW |
1 Index: nss/lib/freebl/unix_rand.c | 1 Index: unix_rand.c |
2 =================================================================== | 2 =================================================================== |
3 --- nss/lib/freebl/unix_rand.c» (revision 204056) | 3 --- unix_rand.c»(revision 203531) |
4 +++ nss/lib/freebl/unix_rand.c» (working copy) | 4 +++ unix_rand.c»(working copy) |
5 @@ -918,6 +918,16 @@ | 5 @@ -916,8 +916,19 @@ |
| 6 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ |
| 7 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ |
6 || defined(HPUX) | 8 || defined(HPUX) |
7 if (bytes) | 9 - if (bytes) |
| 10 + if (bytes == SYSTEM_RNG_SEED_COUNT) |
8 return; | 11 return; |
9 + | 12 + |
10 + /* | 13 + /* |
11 + * Modified to abort the process if it failed to read from /dev/urandom. | 14 + * Modified to abort the process if it failed to read from /dev/urandom. |
12 + * | 15 + * |
13 + * See crbug.com/244661 for details. | 16 + * See crbug.com/244661 for details. |
14 + */ | 17 + */ |
15 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | 18 + fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) " |
16 + "Abort process.\n", __FILE__, __LINE__); | 19 + "from /dev/urandom. Abort process.\n", __FILE__, __LINE__, |
| 20 + bytes, SYSTEM_RNG_SEED_COUNT); |
17 + fflush(stderr); | 21 + fflush(stderr); |
18 + abort(); | 22 + abort(); |
19 #endif | 23 #endif |
20 | 24 |
21 #ifdef SOLARIS | 25 #ifdef SOLARIS |
22 @@ -1132,7 +1142,15 @@ | 26 @@ -1123,6 +1134,11 @@ |
| 27 } |
| 28 } |
| 29 |
| 30 +/* |
| 31 + * Modified to abort the process if it failed to read from /dev/urandom. |
| 32 + * |
| 33 + * See crbug.com/244661 for details. |
| 34 + */ |
| 35 size_t RNG_SystemRNG(void *dest, size_t maxLen) |
| 36 { |
| 37 FILE *file; |
| 38 @@ -1132,7 +1148,10 @@ |
23 | 39 |
24 file = fopen("/dev/urandom", "r"); | 40 file = fopen("/dev/urandom", "r"); |
25 if (file == NULL) { | 41 if (file == NULL) { |
26 - return rng_systemFromNoise(dest, maxLen); | 42 - return rng_systemFromNoise(dest, maxLen); |
27 + /* | |
28 + * Modified to abort the process if it failed to read from /dev/urandom. | |
29 + * | |
30 + * See crbug.com/244661 for details. | |
31 + */ | |
32 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | 43 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " |
33 + "Abort process.\n", __FILE__, __LINE__); | 44 + "Abort process.\n", __FILE__, __LINE__); |
34 + fflush(stderr); | 45 + fflush(stderr); |
35 + abort(); | 46 + abort(); |
36 } | 47 } |
37 while (maxLen > fileBytes) { | 48 while (maxLen > fileBytes) { |
38 bytes = maxLen - fileBytes; | 49 bytes = maxLen - fileBytes; |
| 50 @@ -1144,8 +1163,10 @@ |
| 51 } |
| 52 fclose(file); |
| 53 if (fileBytes != maxLen) { |
| 54 - PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ |
| 55 - fileBytes = 0; |
| 56 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " |
| 57 + "Abort process.\n", __FILE__, __LINE__); |
| 58 + fflush(stderr); |
| 59 + abort(); |
| 60 } |
| 61 return fileBytes; |
| 62 } |
OLD | NEW |