# HG changeset patch # User M. Sirringhaus # Date 1574137588 -3600 # Tue Nov 19 05:26:28 2019 +0100 # Node ID 5e191a391c38967e49a1d005800713ccd1010b09 # Parent 92da25f8ea7d41e938858872e2b6a2fb1aa53bb2 commit c2a88344b616c75b1873fb163491d7362a4c3e5b Author: Hans Petter Jansson 11 diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk --- a/coreconf/Linux.mk +++ b/coreconf/Linux.mk @@ -184,6 +184,18 @@ LDFLAGS += -Wl,-z,relro endif +# +# On Linux 3.17 or later, use getrandom() to obtain entropy where possible. +# Set NSS_USE_GETRANDOM to 0 in the environment to override this. +# +ifneq ($(OS_TARGET),Android) +ifeq (3.17,$(firstword $(sort 3.17 $(OS_RELEASE)))) +ifneq ($(NSS_USE_GETRANDOM),0) + DEFINES += -DNSS_USE_GETRANDOM +endif +endif +endif + USE_SYSTEM_ZLIB = 1 ZLIB_LIBS = -lz diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c --- a/lib/freebl/unix_rand.c +++ b/lib/freebl/unix_rand.c @@ -13,6 +13,10 @@ #include #include #include +#ifdef NSS_USE_GETRANDOM +# include +# include +#endif #include #include "secrng.h" #include "secerr.h" @@ -21,6 +25,43 @@ #include "prprf.h" #include "prenv.h" +#ifdef NSS_USE_GETRANDOM +# ifndef __NR_getrandom +# if defined __x86_64__ +# define __NR_getrandom 318 +# elif defined(__i386__) +# define __NR_getrandom 355 +# elif defined(__arm__) +# define __NR_getrandom 384 +# elif defined(__aarch64__) +# define __NR_getrandom 278 +# elif defined(__ia64__) +# define __NR_getrandom 1339 +# elif defined(__m68k__) +# define __NR_getrandom 352 +# elif defined(__s390x__) +# define __NR_getrandom 349 +# elif defined(__powerpc__) +# define __NR_getrandom 359 +# elif defined _MIPS_SIM +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom 4353 +# endif +# if _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom 6317 +# endif +# if _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom 5313 +# endif +# else +# warning "__NR_getrandom unknown for your architecture" +# endif +# endif +# ifndef GRND_RANDOM +# define GRND_RANDOM 0x02 +# endif +#endif + size_t RNG_FileUpdate(const char *fileName, size_t limit); /* @@ -862,6 +903,26 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) { +#ifdef NSS_USE_GETRANDOM + unsigned char *buf = dest; + size_t inBytes = 0; + int ret; + + do { + ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0); + + if (0 < ret) + inBytes += ret; + } while ((0 < ret || EINTR == errno || ERESTART == errno) + && inBytes < maxLen); + + if (inBytes != maxLen) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */ + inBytes = 0; + } + + return inBytes; +#else FILE *file; int fd; int bytes; @@ -895,4 +956,5 @@ fileBytes = 0; } return fileBytes; +#endif }