Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
mozilla-nss.6625
nss-fips-use-strong-random-pool.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-use-strong-random-pool.patch of Package mozilla-nss.6625
commit a0ba31a8b3a899b5c867067b2e831ebb404e5d4d Author: Hans Petter Jansson <hpj@cl.no> Date: Thu Nov 16 23:13:14 2017 +0100 Draw from strong random pool in FIPS mode. diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c index d6d90f7..52bce85 100644 --- a/nss/lib/freebl/unix_rand.c +++ b/nss/lib/freebl/unix_rand.c @@ -24,6 +24,7 @@ #include "prthread.h" #include "prprf.h" #include "prenv.h" +#include "fips.h" #ifdef NSS_USE_GETRANDOM # ifndef __NR_getrandom @@ -931,7 +932,7 @@ RNG_SystemInfoForRNG(void) GiveSystemInfo(); /* grab some data from system's PRNG before any other files. */ - bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT); + bytes = RNG_FileUpdate(FIPS_mode() ? "/dev/random" : "/dev/urandom", SYSTEM_RNG_SEED_COUNT); if (!bytes) { PORT_SetError(SEC_ERROR_NEED_RANDOM); } @@ -1091,7 +1092,8 @@ RNG_SystemRNG(void *dest, size_t maxLen) int ret; do { - ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0); + ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, + FIPS_mode () ? GRND_RANDOM : 0); if (0 < ret) inBytes += ret; @@ -1111,7 +1113,7 @@ RNG_SystemRNG(void *dest, size_t maxLen) size_t fileBytes = 0; unsigned char *buffer = dest; - file = fopen("/dev/urandom", "r"); + file = fopen(FIPS_mode() ? "/dev/random" : "/dev/urandom", "r"); if (file == NULL) { PORT_SetError(SEC_ERROR_NEED_RANDOM); return 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor