File nss-fips-use-strong-random-pool.patch of Package mozilla-nss
# HG changeset patch
# User Hans Petter Jansson <hpj@cl.no>
# Date 1574240799 -3600
# Wed Nov 20 10:06:39 2019 +0100
# Node ID 4ddd7d49eeed4ea32850daf41a472ccb50dee45e
# Parent 0efca22bbafd7575b20461f255c46157c9321822
[PATCH] 31
From a7cbf64ba8ac07a4a1fdea91f39da56d86af03bf Mon Sep 17 00:00:00 2001
---
nss/lib/freebl/unix_rand.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
Index: nss/lib/freebl/unix_rand.c
===================================================================
--- nss.orig/lib/freebl/unix_rand.c
+++ nss/lib/freebl/unix_rand.c
@@ -24,6 +24,7 @@
#include "prthread.h"
#include "prprf.h"
#include "prenv.h"
+#include "fips.h"
#ifdef NSS_USE_GETRANDOM
# ifndef __NR_getrandom
@@ -692,7 +693,7 @@ RNG_SystemInfoForRNG(void)
}
/* grab some data from system's PRNG before any other files. */
- bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
+ bytes = RNG_FileUpdate(FIPS_mode() ? "/dev/random" : "/dev/urandom", SYSTEM_RNG_SEED_COUNT);
if (!bytes) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
}
@@ -822,7 +823,8 @@ RNG_SystemRNG(void *dest, size_t maxLen)
int ret;
do {
- ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
+ ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes,
+ FIPS_mode () ? GRND_RANDOM : 0);
if (0 < ret)
inBytes += ret;
@@ -842,7 +844,7 @@ RNG_SystemRNG(void *dest, size_t maxLen)
size_t fileBytes = 0;
unsigned char *buffer = dest;
- file = fopen("/dev/urandom", "r");
+ file = fopen(FIPS_mode() ? "/dev/random" : "/dev/urandom", "r");
if (file == NULL) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
return 0;