Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
mozilla-nss.6304
nss-fips-use-getrandom.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-use-getrandom.patch of Package mozilla-nss.6304
commit 732bc500073a9e544e1dbaf86068f94df9832fe6 Author: Hans Petter Jansson <hpj@cl.no> Date: Sun Oct 15 19:45:27 2017 +0200 Patch 11: nss-fips-use-getrandom.patch diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk index 478a4ad..2a8025d 100644 --- a/nss/coreconf/Linux.mk +++ b/nss/coreconf/Linux.mk @@ -175,6 +175,18 @@ endif endif endif +# +# On Linux 3.17 or later, use getrandom() to obtain entropy where possible. +# Set NSS_USE_GETRANDOM to 0 in the environment to override this. +# +ifneq ($(OS_TARGET),Android) +ifeq (3.17,$(firstword $(sort 3.17 $(OS_RELEASE)))) +ifneq ($(NSS_USE_GETRANDOM),0) + DEFINES += -DNSS_USE_GETRANDOM +endif +endif +endif + USE_SYSTEM_ZLIB = 1 ZLIB_LIBS = -lz diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c index 775e117..8ae4d66 100644 --- a/nss/lib/freebl/unix_rand.c +++ b/nss/lib/freebl/unix_rand.c @@ -13,6 +13,10 @@ #include <sys/wait.h> #include <sys/stat.h> #include <sys/types.h> +#ifdef NSS_USE_GETRANDOM +# include <sys/syscall.h> +# include <linux/random.h> +#endif #include <dirent.h> #include "secrng.h" #include "secerr.h" @@ -21,6 +25,43 @@ #include "prprf.h" #include "prenv.h" +#ifdef NSS_USE_GETRANDOM +# ifndef __NR_getrandom +# if defined __x86_64__ +# define __NR_getrandom 318 +# elif defined(__i386__) +# define __NR_getrandom 355 +# elif defined(__arm__) +# define __NR_getrandom 384 +# elif defined(__aarch64__) +# define __NR_getrandom 278 +# elif defined(__ia64__) +# define __NR_getrandom 1339 +# elif defined(__m68k__) +# define __NR_getrandom 352 +# elif defined(__s390x__) +# define __NR_getrandom 349 +# elif defined(__powerpc__) +# define __NR_getrandom 359 +# elif defined _MIPS_SIM +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom 4353 +# endif +# if _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom 6317 +# endif +# if _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom 5313 +# endif +# else +# warning "__NR_getrandom unknown for your architecture" +# endif +# endif +# ifndef GRND_RANDOM +# define GRND_RANDOM 0x02 +# endif +#endif + size_t RNG_FileUpdate(const char *fileName, size_t limit); /* @@ -1047,6 +1088,26 @@ ReadFileOK(char *dir, char *file) size_t RNG_SystemRNG(void *dest, size_t maxLen) { +#ifdef NSS_USE_GETRANDOM + unsigned char *buf = dest; + size_t inBytes = 0; + int ret; + + do { + ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0); + + if (0 < ret) + inBytes += ret; + } while ((0 < ret || EINTR == errno || ERESTART == errno) + && inBytes < maxLen); + + if (inBytes != maxLen) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ + inBytes = 0; + } + + return inBytes; +#else FILE *file; int fd; int bytes; @@ -1080,4 +1141,5 @@ RNG_SystemRNG(void *dest, size_t maxLen) fileBytes = 0; } return fileBytes; +#endif }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor