OLD | NEW |
| (Empty) |
1 diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c | |
2 index c9674ea..e0d8f58 100644 | |
3 --- a/nss/lib/freebl/unix_rand.c | |
4 +++ b/nss/lib/freebl/unix_rand.c | |
5 @@ -917,8 +917,19 @@ void RNG_SystemInfoForRNG(void) | |
6 #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ | |
7 || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ | |
8 || defined(HPUX) | |
9 - if (bytes) | |
10 + if (bytes == SYSTEM_RNG_SEED_COUNT) | |
11 return; | |
12 + | |
13 + /* | |
14 + * Modified to abort the process if it failed to read from /dev/urandom. | |
15 + * | |
16 + * See crbug.com/244661 for details. | |
17 + */ | |
18 + fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) " | |
19 + "from /dev/urandom. Abort process.\n", __FILE__, __LINE__, | |
20 + bytes, SYSTEM_RNG_SEED_COUNT); | |
21 + fflush(stderr); | |
22 + abort(); | |
23 #endif | |
24 | |
25 #ifdef SOLARIS | |
26 @@ -1135,6 +1146,11 @@ static void rng_systemJitter(void) | |
27 } | |
28 } | |
29 | |
30 +/* | |
31 + * Modified to abort the process if it failed to read from /dev/urandom. | |
32 + * | |
33 + * See crbug.com/244661 for details. | |
34 + */ | |
35 size_t RNG_SystemRNG(void *dest, size_t maxLen) | |
36 { | |
37 FILE *file; | |
38 @@ -1145,7 +1161,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) | |
39 | |
40 file = fopen("/dev/urandom", "r"); | |
41 if (file == NULL) { | |
42 - return rng_systemFromNoise(dest, maxLen); | |
43 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | |
44 + "Abort process.\n", __FILE__, __LINE__); | |
45 + fflush(stderr); | |
46 + abort(); | |
47 } | |
48 /* Read from the underlying file descriptor directly to bypass stdio | |
49 * buffering and avoid reading more bytes than we need from /dev/urandom. | |
50 @@ -1165,8 +1184,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) | |
51 } | |
52 fclose(file); | |
53 if (fileBytes != maxLen) { | |
54 - PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ | |
55 - fileBytes = 0; | |
56 + fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | |
57 + "Abort process.\n", __FILE__, __LINE__); | |
58 + fflush(stderr); | |
59 + abort(); | |
60 } | |
61 return fileBytes; | |
62 } | |
63 diff --git a/patches/nss-urandom-abort.patch b/patches/nss-urandom-abort.patch | |
64 index d5f55c8..e69de29 100644 | |
65 --- a/patches/nss-urandom-abort.patch | |
66 +++ b/patches/nss-urandom-abort.patch | |
67 @@ -1,62 +0,0 @@ | |
68 -diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c | |
69 -index 579040e..2f9b3e5 100644 | |
70 ---- a/lib/freebl/unix_rand.c | |
71 -+++ b/lib/freebl/unix_rand.c | |
72 -@@ -916,8 +916,19 @@ void RNG_SystemInfoForRNG(void) | |
73 - #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \ | |
74 - || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \ | |
75 - || defined(HPUX) | |
76 -- if (bytes) | |
77 -+ if (bytes == SYSTEM_RNG_SEED_COUNT) | |
78 - return; | |
79 -+ | |
80 -+ /* | |
81 -+ * Modified to abort the process if it failed to read from /dev/urandom. | |
82 -+ * | |
83 -+ * See crbug.com/244661 for details. | |
84 -+ */ | |
85 -+ fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) " | |
86 -+ "from /dev/urandom. Abort process.\n", __FILE__, __LINE__, | |
87 -+ bytes, SYSTEM_RNG_SEED_COUNT); | |
88 -+ fflush(stderr); | |
89 -+ abort(); | |
90 - #endif | |
91 - | |
92 - #ifdef SOLARIS | |
93 -@@ -1134,6 +1145,11 @@ static void rng_systemJitter(void) | |
94 - } | |
95 - } | |
96 - | |
97 -+/* | |
98 -+ * Modified to abort the process if it failed to read from /dev/urandom. | |
99 -+ * | |
100 -+ * See crbug.com/244661 for details. | |
101 -+ */ | |
102 - size_t RNG_SystemRNG(void *dest, size_t maxLen) | |
103 - { | |
104 - FILE *file; | |
105 -@@ -1144,7 +1160,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) | |
106 - | |
107 - file = fopen("/dev/urandom", "r"); | |
108 - if (file == NULL) { | |
109 -- return rng_systemFromNoise(dest, maxLen); | |
110 -+ fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | |
111 -+ "Abort process.\n", __FILE__, __LINE__); | |
112 -+ fflush(stderr); | |
113 -+ abort(); | |
114 - } | |
115 - /* Read from the underlying file descriptor directly to bypass stdio | |
116 - * buffering and avoid reading more bytes than we need from /dev/urandom. | |
117 -@@ -1164,8 +1183,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) | |
118 - } | |
119 - fclose(file); | |
120 - if (fileBytes != maxLen) { | |
121 -- PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ | |
122 -- fileBytes = 0; | |
123 -+ fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. " | |
124 -+ "Abort process.\n", __FILE__, __LINE__); | |
125 -+ fflush(stderr); | |
126 -+ abort(); | |
127 - } | |
128 - return fileBytes; | |
129 - } | |
OLD | NEW |