File nss-fips-use-strong-random-pool.patch of Package mozilla-nss.15194

From a7cbf64ba8ac07a4a1fdea91f39da56d86af03bf Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Wed, 20 Nov 2019 10:06:39 +0100
Subject: [PATCH] 31

---
 nss/lib/freebl/unix_rand.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c
index 65a44b3..ea88012 100644
--- a/nss/lib/freebl/unix_rand.c
+++ b/nss/lib/freebl/unix_rand.c
@@ -24,6 +24,7 @@
 #include "prthread.h"
 #include "prprf.h"
 #include "prenv.h"
+#include "fips.h"
 
 #ifdef NSS_USE_GETRANDOM
 #  ifndef __NR_getrandom
@@ -779,7 +780,7 @@ RNG_SystemInfoForRNG(void)
     }
 
     /* grab some data from system's PRNG before any other files. */
-    bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
+    bytes = RNG_FileUpdate(FIPS_mode() ? "/dev/random" : "/dev/urandom", SYSTEM_RNG_SEED_COUNT);
     if (!bytes) {
         PORT_SetError(SEC_ERROR_NEED_RANDOM);
     }
@@ -909,7 +910,8 @@ RNG_SystemRNG(void *dest, size_t maxLen)
     int ret;
 
     do {
-        ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
+        ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes,
+                      FIPS_mode () ? GRND_RANDOM : 0);
 
         if (0 < ret)
             inBytes += ret;
@@ -929,7 +931,7 @@ RNG_SystemRNG(void *dest, size_t maxLen)
     size_t fileBytes = 0;
     unsigned char *buffer = dest;
 
-    file = fopen("/dev/urandom", "r");
+    file = fopen(FIPS_mode() ? "/dev/random" : "/dev/urandom", "r");
     if (file == NULL) {
         PORT_SetError(SEC_ERROR_NEED_RANDOM);
         return 0;
-- 
2.21.0

openSUSE Build Service is sponsored by