b91ce5d4d5
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=457
126 lines
3.2 KiB
Diff
126 lines
3.2 KiB
Diff
# HG changeset patch
|
|
# User M. Sirringhaus <msirringhaus@suse.de>
|
|
# Date 1574137588 -3600
|
|
# Tue Nov 19 05:26:28 2019 +0100
|
|
# Node ID 5e191a391c38967e49a1d005800713ccd1010b09
|
|
# Parent 92da25f8ea7d41e938858872e2b6a2fb1aa53bb2
|
|
commit c2a88344b616c75b1873fb163491d7362a4c3e5b
|
|
Author: Hans Petter Jansson <hpj@cl.no>
|
|
11
|
|
|
|
Index: nss/coreconf/Linux.mk
|
|
===================================================================
|
|
--- nss.orig/coreconf/Linux.mk
|
|
+++ nss/coreconf/Linux.mk
|
|
@@ -190,6 +190,18 @@ DSO_LDOPTS+=-Wl,-z,relro
|
|
LDFLAGS += -Wl,-z,relro
|
|
endif
|
|
|
|
+#
|
|
+# On Linux 3.17 or later, use getrandom() to obtain entropy where possible.
|
|
+# Set NSS_USE_GETRANDOM to 0 in the environment to override this.
|
|
+#
|
|
+ifneq ($(OS_TARGET),Android)
|
|
+ifeq (3.17,$(firstword $(sort 3.17 $(OS_RELEASE))))
|
|
+ifneq ($(NSS_USE_GETRANDOM),0)
|
|
+ DEFINES += -DNSS_USE_GETRANDOM
|
|
+endif
|
|
+endif
|
|
+endif
|
|
+
|
|
USE_SYSTEM_ZLIB = 1
|
|
ZLIB_LIBS = -lz
|
|
|
|
Index: nss/lib/freebl/unix_rand.c
|
|
===================================================================
|
|
--- nss.orig/lib/freebl/unix_rand.c
|
|
+++ nss/lib/freebl/unix_rand.c
|
|
@@ -13,6 +13,10 @@
|
|
#include <sys/wait.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
+#ifdef NSS_USE_GETRANDOM
|
|
+# include <sys/syscall.h>
|
|
+# include <linux/random.h>
|
|
+#endif
|
|
#include <dirent.h>
|
|
#include "secrng.h"
|
|
#include "secerr.h"
|
|
@@ -21,6 +25,43 @@
|
|
#include "prprf.h"
|
|
#include "prenv.h"
|
|
|
|
+#ifdef NSS_USE_GETRANDOM
|
|
+# ifndef __NR_getrandom
|
|
+# if defined __x86_64__
|
|
+# define __NR_getrandom 318
|
|
+# elif defined(__i386__)
|
|
+# define __NR_getrandom 355
|
|
+# elif defined(__arm__)
|
|
+# define __NR_getrandom 384
|
|
+# elif defined(__aarch64__)
|
|
+# define __NR_getrandom 278
|
|
+# elif defined(__ia64__)
|
|
+# define __NR_getrandom 1339
|
|
+# elif defined(__m68k__)
|
|
+# define __NR_getrandom 352
|
|
+# elif defined(__s390x__)
|
|
+# define __NR_getrandom 349
|
|
+# elif defined(__powerpc__)
|
|
+# define __NR_getrandom 359
|
|
+# elif defined _MIPS_SIM
|
|
+# if _MIPS_SIM == _MIPS_SIM_ABI32
|
|
+# define __NR_getrandom 4353
|
|
+# endif
|
|
+# if _MIPS_SIM == _MIPS_SIM_NABI32
|
|
+# define __NR_getrandom 6317
|
|
+# endif
|
|
+# if _MIPS_SIM == _MIPS_SIM_ABI64
|
|
+# define __NR_getrandom 5313
|
|
+# endif
|
|
+# else
|
|
+# warning "__NR_getrandom unknown for your architecture"
|
|
+# endif
|
|
+# endif
|
|
+# ifndef GRND_RANDOM
|
|
+# define GRND_RANDOM 0x02
|
|
+# endif
|
|
+#endif
|
|
+
|
|
size_t RNG_FileUpdate(const char *fileName, size_t limit);
|
|
|
|
/*
|
|
@@ -775,6 +816,26 @@ ReadFileOK(char *dir, char *file)
|
|
size_t
|
|
RNG_SystemRNG(void *dest, size_t maxLen)
|
|
{
|
|
+#ifdef NSS_USE_GETRANDOM
|
|
+ unsigned char *buf = dest;
|
|
+ size_t inBytes = 0;
|
|
+ int ret;
|
|
+
|
|
+ do {
|
|
+ ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
|
|
+
|
|
+ if (0 < ret)
|
|
+ inBytes += ret;
|
|
+ } while ((0 < ret || EINTR == errno || ERESTART == errno)
|
|
+ && inBytes < maxLen);
|
|
+
|
|
+ if (inBytes != maxLen) {
|
|
+ PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
|
|
+ inBytes = 0;
|
|
+ }
|
|
+
|
|
+ return inBytes;
|
|
+#else
|
|
FILE *file;
|
|
int fd;
|
|
int bytes;
|
|
@@ -808,4 +869,5 @@ RNG_SystemRNG(void *dest, size_t maxLen)
|
|
fileBytes = 0;
|
|
}
|
|
return fileBytes;
|
|
+#endif
|
|
}
|