File nss-fips-use-strong-random-pool.patch of Package mozilla-nss.15194
From a7cbf64ba8ac07a4a1fdea91f39da56d86af03bf Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Wed, 20 Nov 2019 10:06:39 +0100
Subject: [PATCH] 31
---
nss/lib/freebl/unix_rand.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c
index 65a44b3..ea88012 100644
--- a/nss/lib/freebl/unix_rand.c
+++ b/nss/lib/freebl/unix_rand.c
@@ -24,6 +24,7 @@
#include "prthread.h"
#include "prprf.h"
#include "prenv.h"
+#include "fips.h"
#ifdef NSS_USE_GETRANDOM
# ifndef __NR_getrandom
@@ -779,7 +780,7 @@ RNG_SystemInfoForRNG(void)
}
/* grab some data from system's PRNG before any other files. */
- bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
+ bytes = RNG_FileUpdate(FIPS_mode() ? "/dev/random" : "/dev/urandom", SYSTEM_RNG_SEED_COUNT);
if (!bytes) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
}
@@ -909,7 +910,8 @@ RNG_SystemRNG(void *dest, size_t maxLen)
int ret;
do {
- ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
+ ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes,
+ FIPS_mode () ? GRND_RANDOM : 0);
if (0 < ret)
inBytes += ret;
@@ -929,7 +931,7 @@ RNG_SystemRNG(void *dest, size_t maxLen)
size_t fileBytes = 0;
unsigned char *buffer = dest;
- file = fopen("/dev/urandom", "r");
+ file = fopen(FIPS_mode() ? "/dev/random" : "/dev/urandom", "r");
if (file == NULL) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
return 0;
--
2.21.0