mozilla-nss/nss-fips-use-getrandom.patch

124 lines
3.0 KiB
Diff
Raw Normal View History

# HG changeset patch
# User M. Sirringhaus <msirringhaus@suse.de>
# Date 1574137588 -3600
# Tue Nov 19 05:26:28 2019 +0100
# Node ID 5e191a391c38967e49a1d005800713ccd1010b09
# Parent 92da25f8ea7d41e938858872e2b6a2fb1aa53bb2
commit c2a88344b616c75b1873fb163491d7362a4c3e5b
Author: Hans Petter Jansson <hpj@cl.no>
11
diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk
--- a/coreconf/Linux.mk
+++ b/coreconf/Linux.mk
@@ -184,6 +184,18 @@
LDFLAGS += -Wl,-z,relro
endif
+#
+# On Linux 3.17 or later, use getrandom() to obtain entropy where possible.
+# Set NSS_USE_GETRANDOM to 0 in the environment to override this.
+#
+ifneq ($(OS_TARGET),Android)
+ifeq (3.17,$(firstword $(sort 3.17 $(OS_RELEASE))))
+ifneq ($(NSS_USE_GETRANDOM),0)
+ DEFINES += -DNSS_USE_GETRANDOM
+endif
+endif
+endif
+
USE_SYSTEM_ZLIB = 1
ZLIB_LIBS = -lz
diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
--- a/lib/freebl/unix_rand.c
+++ b/lib/freebl/unix_rand.c
@@ -13,6 +13,10 @@
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/types.h>
+#ifdef NSS_USE_GETRANDOM
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
#include <dirent.h>
#include "secrng.h"
#include "secerr.h"
@@ -21,6 +25,43 @@
#include "prprf.h"
#include "prenv.h"
+#ifdef NSS_USE_GETRANDOM
+# ifndef __NR_getrandom
+# if defined __x86_64__
+# define __NR_getrandom 318
+# elif defined(__i386__)
+# define __NR_getrandom 355
+# elif defined(__arm__)
+# define __NR_getrandom 384
+# elif defined(__aarch64__)
+# define __NR_getrandom 278
+# elif defined(__ia64__)
+# define __NR_getrandom 1339
+# elif defined(__m68k__)
+# define __NR_getrandom 352
+# elif defined(__s390x__)
+# define __NR_getrandom 349
+# elif defined(__powerpc__)
+# define __NR_getrandom 359
+# elif defined _MIPS_SIM
+# if _MIPS_SIM == _MIPS_SIM_ABI32
+# define __NR_getrandom 4353
+# endif
+# if _MIPS_SIM == _MIPS_SIM_NABI32
+# define __NR_getrandom 6317
+# endif
+# if _MIPS_SIM == _MIPS_SIM_ABI64
+# define __NR_getrandom 5313
+# endif
+# else
+# warning "__NR_getrandom unknown for your architecture"
+# endif
+# endif
+# ifndef GRND_RANDOM
+# define GRND_RANDOM 0x02
+# endif
+#endif
+
size_t RNG_FileUpdate(const char *fileName, size_t limit);
/*
@@ -862,6 +903,26 @@
size_t
RNG_SystemRNG(void *dest, size_t maxLen)
{
+#ifdef NSS_USE_GETRANDOM
+ unsigned char *buf = dest;
+ size_t inBytes = 0;
+ int ret;
+
+ do {
+ ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
+
+ if (0 < ret)
+ inBytes += ret;
+ } while ((0 < ret || EINTR == errno || ERESTART == errno)
+ && inBytes < maxLen);
+
+ if (inBytes != maxLen) {
+ PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
+ inBytes = 0;
+ }
+
+ return inBytes;
+#else
FILE *file;
int fd;
int bytes;
@@ -895,4 +956,5 @@
fileBytes = 0;
}
return fileBytes;
+#endif
}