File nss-fips-use-getrandom.patch of Package mozilla-nss.6304

Overview Repositories Revisions Requests Users Attributes Meta

File nss-fips-use-getrandom.patch of Package mozilla-nss.6304

commit 732bc500073a9e544e1dbaf86068f94df9832fe6
Author: Hans Petter Jansson <hpj@cl.no>
Date:   Sun Oct 15 19:45:27 2017 +0200

Patch 11: nss-fips-use-getrandom.patch

diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
index 478a4ad..2a8025d 100644
--- a/nss/coreconf/Linux.mk
+++ b/nss/coreconf/Linux.mk
@@ -175,6 +175,18 @@ endif
 endif
 endif
 
+#
+# On Linux 3.17 or later, use getrandom() to obtain entropy where possible.
+# Set NSS_USE_GETRANDOM to 0 in the environment to override this.
+#
+ifneq ($(OS_TARGET),Android)
+ifeq (3.17,$(firstword $(sort 3.17 $(OS_RELEASE))))
+ifneq ($(NSS_USE_GETRANDOM),0)
+	DEFINES		+= -DNSS_USE_GETRANDOM
+endif
+endif
+endif
+
 USE_SYSTEM_ZLIB = 1
 ZLIB_LIBS = -lz
 
diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c
index 775e117..8ae4d66 100644
--- a/nss/lib/freebl/unix_rand.c
+++ b/nss/lib/freebl/unix_rand.c
@@ -13,6 +13,10 @@
 #include <sys/wait.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef NSS_USE_GETRANDOM
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
 #include <dirent.h>
 #include "secrng.h"
 #include "secerr.h"
@@ -21,6 +25,43 @@
 #include "prprf.h"
 #include "prenv.h"
 
+#ifdef NSS_USE_GETRANDOM
+#  ifndef __NR_getrandom
+#    if defined __x86_64__
+#      define __NR_getrandom 318
+#    elif defined(__i386__)
+#      define __NR_getrandom 355
+#    elif defined(__arm__)
+#      define __NR_getrandom 384
+#    elif defined(__aarch64__)
+#      define __NR_getrandom 278
+#    elif defined(__ia64__)
+#      define __NR_getrandom 1339
+#    elif defined(__m68k__)
+#      define __NR_getrandom 352
+#    elif defined(__s390x__)
+#      define __NR_getrandom 349
+#    elif defined(__powerpc__)
+#      define __NR_getrandom 359
+#    elif defined _MIPS_SIM
+#      if _MIPS_SIM == _MIPS_SIM_ABI32
+#        define __NR_getrandom 4353
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_NABI32
+#        define __NR_getrandom 6317
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_ABI64
+#        define __NR_getrandom 5313
+#      endif
+#    else
+#      warning "__NR_getrandom unknown for your architecture"
+#    endif
+#  endif
+#  ifndef GRND_RANDOM
+#    define GRND_RANDOM 0x02
+#  endif
+#endif
+
 size_t RNG_FileUpdate(const char *fileName, size_t limit);
 
 /*
@@ -1047,6 +1088,26 @@ ReadFileOK(char *dir, char *file)
 size_t
 RNG_SystemRNG(void *dest, size_t maxLen)
 {
+#ifdef NSS_USE_GETRANDOM
+    unsigned char *buf = dest;
+    size_t inBytes = 0;
+    int ret;
+
+    do {
+        ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
+
+        if (0 < ret)
+            inBytes += ret;
+    } while ((0 < ret || EINTR == errno || ERESTART == errno)
+             && inBytes < maxLen);
+
+    if (inBytes != maxLen) {
+         PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
+         inBytes = 0;
+    }
+
+    return inBytes;
+#else
     FILE *file;
     int fd;
     int bytes;
@@ -1080,4 +1141,5 @@ RNG_SystemRNG(void *dest, size_t maxLen)
         fileBytes = 0;
     }
     return fileBytes;
+#endif
 }

Places

File nss-fips-use-getrandom.patch of Package mozilla-nss.6304

Places