mozilla-nss/nss-fips-fix-missing-nspr.patch

124 lines
4.6 KiB
Diff
Raw Normal View History

- update to NSS 3.104 * bmo#1910071 - Copy original corpus to heap-allocated buffer * bmo#1910079 - Fix min ssl version for DTLS client fuzzer * bmo#1908990 - Remove OS2 support just like we did on NSPR * bmo#1910605 - clang-format NSS improvements * bmo#1902078 - Adding basicutil.h to use HexString2SECItem function * bmo#1908990 - removing dirent.c from build * bmo#1902078 - Allow handing in keymaterial to shlibsign to make the output reproducible * bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references * bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * bmo#1908990 - remove mentions of WIN95 * bmo#1908990 - remove mentions of WIN16 * bmo#1913750 - More explicit directory naming * bmo#1913755 - Add more options to TLS server fuzz target * bmo#1913675 - Add more options to TLS client fuzz target * bmo#1835240 - Use OSS-Fuzz corpus in NSS CI * bmo#1908012 - set nssckbi version number to 2.70. * bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert. * bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA. * bmo#1908006 - Add Cybertrust Japan Roots to NSS. * bmo#1908004 - Add Taiwan CA Roots to NSS. * bmo#1911354 - remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * bmo#1913132 - Fix tstclnt CI build failure * bmo#1913047 - vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * bmo#1912427 - Enable all supported protocol versions for UDP * bmo#1910361 - Actually use random PSK hash type OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=457
2024-09-28 13:15:50 +02:00
diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c
index 3ed1751..56a1a58 100644
--- a/lib/freebl/drbg.c
+++ b/lib/freebl/drbg.c
@@ -6,6 +6,8 @@
#include "stubs.h"
#endif
+#include <unistd.h>
+
#include "prerror.h"
#include "secerr.h"
@@ -182,11 +184,30 @@ prng_initEntropy(void)
PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE];
SHA256Context ctx;
+ /* Don't have NSPR, so can't use the real PR_CallOnce. Implement a stripped
+ * down version. This is similar to freebl_RunLoaderOnce(). */
+ if (coRNGInitEntropy.initialized) {
+ return coRNGInitEntropy.status;
+ }
+ if (__sync_lock_test_and_set(&coRNGInitEntropy.inProgress, 1) != 0) {
+ /* Shouldn't have a lot of takers here, which is good
+ * since we don't have condition variables yet.
+ * 'initialized' only ever gets set (not cleared) so we don't
+ * need the traditional locks. */
+ while (!coRNGInitEntropy.initialized) {
+ sleep(1); /* don't have condition variables, just give up the CPU */
+ }
+ return coRNGInitEntropy.status;
+ }
+
/* For FIPS 140-2 4.9.2 continuous random number generator test,
* fetch the initial entropy from the system RNG and keep it for
* later comparison. */
length = RNG_SystemRNG(block, sizeof(block));
if (length == 0) {
+ coRNGInitEntropy.status = PR_FAILURE;
+ __sync_synchronize ();
+ coRNGInitEntropy.initialized = 1;
return PR_FAILURE; /* error is already set */
}
PORT_Assert(length == sizeof(block));
@@ -199,6 +220,9 @@ prng_initEntropy(void)
sizeof(globalrng->previousEntropyHash));
PORT_Memset(block, 0, sizeof(block));
SHA256_DestroyContext(&ctx, PR_FALSE);
+ coRNGInitEntropy.status = PR_SUCCESS;
+ __sync_synchronize ();
+ coRNGInitEntropy.initialized = 1;
return PR_SUCCESS;
}
@@ -211,7 +235,7 @@ prng_getEntropy(PRUint8 *buffer, size_t requestLength)
SHA256Context ctx;
SECStatus rv = SECSuccess;
- if (PR_CallOnce(&coRNGInitEntropy, prng_initEntropy) != PR_SUCCESS) {
+ if (prng_initEntropy () != PR_SUCCESS) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -564,10 +588,34 @@ prng_freeRNGContext(RNGContext *rng)
SECStatus
RNG_RNGInit(void)
{
+ /* Don't have NSPR, so can't use the real PR_CallOnce. Implement a stripped
+ * down version. This is similar to freebl_RunLoaderOnce(). */
+ if (coRNGInit.initialized) {
+ return coRNGInit.status;
+ }
+ if (__sync_lock_test_and_set(&coRNGInit.inProgress, 1) != 0) {
+ /* Shouldn't have a lot of takers here, which is good
+ * since we don't have condition variables yet.
+ * 'initialized' only ever gets set (not cleared) so we don't
+ * need the traditional locks. */
+ while (!coRNGInit.initialized) {
+ sleep(1); /* don't have condition variables, just give up the CPU */
+ }
+ return coRNGInit.status;
+ }
+
/* Allow only one call to initialize the context */
- PR_CallOnce(&coRNGInit, rng_init);
+ coRNGInit.status = rng_init ();
+ __sync_synchronize ();
+ coRNGInit.initialized = 1;
+ if (coRNGInit.status != PR_SUCCESS)
+ return SECFailure;
+
/* Make sure there is a context */
- return (globalrng != NULL) ? SECSuccess : SECFailure;
+ coRNGInit.status = (globalrng != NULL) ? SECSuccess : SECFailure;
+ __sync_synchronize ();
+ coRNGInit.initialized = 1;
+ return coRNGInit.status;
}
/*
@@ -842,7 +890,21 @@ PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
}
/* replicate reseed test from prng_GenerateGlobalRandomBytes */
if (testContext.reseed_counter[0] >= RESEED_VALUE) {
- rv = prng_reseed(&testContext, NULL, 0, NULL, 0);
+ /* We need to supply the entropy so as to avoid use of global RNG */
+ static const PRUint8 reseed_entropy[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ };
+ static const PRUint8 additional_input[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ };
+ rv = prng_reseed(&testContext, reseed_entropy, sizeof reseed_entropy,
+ additional_input, sizeof additional_input);
if (rv != SECSuccess) {
return rv;
}