# HG changeset patch # User Hans Petter Jansson # Date 1574240799 -3600 # Wed Nov 20 10:06:39 2019 +0100 # Node ID 4ddd7d49eeed4ea32850daf41a472ccb50dee45e # Parent 0efca22bbafd7575b20461f255c46157c9321822 [PATCH] 31 From a7cbf64ba8ac07a4a1fdea91f39da56d86af03bf Mon Sep 17 00:00:00 2001 --- nss/lib/freebl/unix_rand.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c --- a/lib/freebl/unix_rand.c +++ b/lib/freebl/unix_rand.c @@ -24,6 +24,7 @@ #include "prthread.h" #include "prprf.h" #include "prenv.h" +#include "fips.h" #ifdef NSS_USE_GETRANDOM # ifndef __NR_getrandom @@ -779,7 +780,7 @@ } /* grab some data from system's PRNG before any other files. */ - bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT); + bytes = RNG_FileUpdate(FIPS_mode() ? "/dev/random" : "/dev/urandom", SYSTEM_RNG_SEED_COUNT); if (!bytes) { PORT_SetError(SEC_ERROR_NEED_RANDOM); } @@ -909,7 +910,8 @@ int ret; do { - ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0); + ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, + FIPS_mode () ? GRND_RANDOM : 0); if (0 < ret) inBytes += ret; @@ -929,7 +931,7 @@ size_t fileBytes = 0; unsigned char *buffer = dest; - file = fopen("/dev/urandom", "r"); + file = fopen(FIPS_mode() ? "/dev/random" : "/dev/urandom", "r"); if (file == NULL) { PORT_SetError(SEC_ERROR_NEED_RANDOM); return 0;