Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: patches/nss-urandom-abort.patch

Issue 17058006: RNG_SystemRNG should fail rather than falling back on rng_systemFromNoise (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Use zu to print size_t Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « patches/nss-rtlgenrandom.patch ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Index: nss/lib/freebl/unix_rand.c 1 Index: unix_rand.c
2 =================================================================== 2 ===================================================================
3 --- nss/lib/freebl/unix_rand.c» (revision 204056) 3 --- unix_rand.c»(revision 203531)
4 +++ nss/lib/freebl/unix_rand.c» (working copy) 4 +++ unix_rand.c»(working copy)
5 @@ -918,6 +918,16 @@ 5 @@ -916,8 +916,19 @@
6 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \
7 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \
6 || defined(HPUX) 8 || defined(HPUX)
7 if (bytes) 9 - if (bytes)
10 + if (bytes == SYSTEM_RNG_SEED_COUNT)
8 return; 11 return;
9 + 12 +
10 + /* 13 + /*
11 + * Modified to abort the process if it failed to read from /dev/urandom. 14 + * Modified to abort the process if it failed to read from /dev/urandom.
12 + * 15 + *
13 + * See crbug.com/244661 for details. 16 + * See crbug.com/244661 for details.
14 + */ 17 + */
15 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " 18 + fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) "
16 + "Abort process.\n", __FILE__, __LINE__); 19 + "from /dev/urandom. Abort process.\n", __FILE__, __LINE__,
20 + bytes, SYSTEM_RNG_SEED_COUNT);
17 + fflush(stderr); 21 + fflush(stderr);
18 + abort(); 22 + abort();
19 #endif 23 #endif
20 24
21 #ifdef SOLARIS 25 #ifdef SOLARIS
22 @@ -1132,7 +1142,15 @@ 26 @@ -1123,6 +1134,11 @@
27 }
28 }
29
30 +/*
31 + * Modified to abort the process if it failed to read from /dev/urandom.
32 + *
33 + * See crbug.com/244661 for details.
34 + */
35 size_t RNG_SystemRNG(void *dest, size_t maxLen)
36 {
37 FILE *file;
38 @@ -1132,7 +1148,10 @@
23 39
24 file = fopen("/dev/urandom", "r"); 40 file = fopen("/dev/urandom", "r");
25 if (file == NULL) { 41 if (file == NULL) {
26 - return rng_systemFromNoise(dest, maxLen); 42 - return rng_systemFromNoise(dest, maxLen);
27 + /*
28 + * Modified to abort the process if it failed to read from /dev/urandom.
29 + *
30 + * See crbug.com/244661 for details.
31 + */
32 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " 43 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
33 + "Abort process.\n", __FILE__, __LINE__); 44 + "Abort process.\n", __FILE__, __LINE__);
34 + fflush(stderr); 45 + fflush(stderr);
35 + abort(); 46 + abort();
36 } 47 }
37 while (maxLen > fileBytes) { 48 while (maxLen > fileBytes) {
38 bytes = maxLen - fileBytes; 49 bytes = maxLen - fileBytes;
50 @@ -1144,8 +1163,10 @@
51 }
52 fclose(file);
53 if (fileBytes != maxLen) {
54 - PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
55 - fileBytes = 0;
56 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
57 + "Abort process.\n", __FILE__, __LINE__);
58 + fflush(stderr);
59 + abort();
60 }
61 return fileBytes;
62 }
OLDNEW
« no previous file with comments | « patches/nss-rtlgenrandom.patch ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698