Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
mozilla-nss.15110
nss-fips-use-getrandom.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-use-getrandom.patch of Package mozilla-nss.15110
commit c2a88344b616c75b1873fb163491d7362a4c3e5b Author: Hans Petter Jansson <hpj@cl.no> Date: Tue Nov 19 05:26:28 2019 +0100 11 diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk index f15ec95..ea53a58 100644 --- a/nss/coreconf/Linux.mk +++ b/nss/coreconf/Linux.mk @@ -183,6 +183,18 @@ DSO_LDOPTS+=-Wl,-z,relro LDFLAGS += -Wl,-z,relro endif +# +# On Linux 3.17 or later, use getrandom() to obtain entropy where possible. +# Set NSS_USE_GETRANDOM to 0 in the environment to override this. +# +ifneq ($(OS_TARGET),Android) +ifeq (3.17,$(firstword $(sort 3.17 $(OS_RELEASE)))) +ifneq ($(NSS_USE_GETRANDOM),0) + DEFINES += -DNSS_USE_GETRANDOM +endif +endif +endif + USE_SYSTEM_ZLIB = 1 ZLIB_LIBS = -lz diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c index 24381cb..65a44b3 100644 --- a/nss/lib/freebl/unix_rand.c +++ b/nss/lib/freebl/unix_rand.c @@ -13,6 +13,10 @@ #include <sys/wait.h> #include <sys/stat.h> #include <sys/types.h> +#ifdef NSS_USE_GETRANDOM +# include <sys/syscall.h> +# include <linux/random.h> +#endif #include <dirent.h> #include "secrng.h" #include "secerr.h" @@ -21,6 +25,43 @@ #include "prprf.h" #include "prenv.h" +#ifdef NSS_USE_GETRANDOM +# ifndef __NR_getrandom +# if defined __x86_64__ +# define __NR_getrandom 318 +# elif defined(__i386__) +# define __NR_getrandom 355 +# elif defined(__arm__) +# define __NR_getrandom 384 +# elif defined(__aarch64__) +# define __NR_getrandom 278 +# elif defined(__ia64__) +# define __NR_getrandom 1339 +# elif defined(__m68k__) +# define __NR_getrandom 352 +# elif defined(__s390x__) +# define __NR_getrandom 349 +# elif defined(__powerpc__) +# define __NR_getrandom 359 +# elif defined _MIPS_SIM +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom 4353 +# endif +# if _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom 6317 +# endif +# if _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom 5313 +# endif +# else +# warning "__NR_getrandom unknown for your architecture" +# endif +# endif +# ifndef GRND_RANDOM +# define GRND_RANDOM 0x02 +# endif +#endif + size_t RNG_FileUpdate(const char *fileName, size_t limit); /* @@ -862,6 +903,26 @@ ReadFileOK(char *dir, char *file) size_t RNG_SystemRNG(void *dest, size_t maxLen) { +#ifdef NSS_USE_GETRANDOM + unsigned char *buf = dest; + size_t inBytes = 0; + int ret; + + do { + ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0); + + if (0 < ret) + inBytes += ret; + } while ((0 < ret || EINTR == errno || ERESTART == errno) + && inBytes < maxLen); + + if (inBytes != maxLen) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ + inBytes = 0; + } + + return inBytes; +#else FILE *file; int fd; int bytes; @@ -895,4 +956,5 @@ RNG_SystemRNG(void *dest, size_t maxLen) fileBytes = 0; } return fileBytes; +#endif }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor