b91ce5d4d5
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=457
53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
# HG changeset patch
|
|
# User Hans Petter Jansson <hpj@cl.no>
|
|
# Date 1574240799 -3600
|
|
# Wed Nov 20 10:06:39 2019 +0100
|
|
# Node ID 4ddd7d49eeed4ea32850daf41a472ccb50dee45e
|
|
# Parent 0efca22bbafd7575b20461f255c46157c9321822
|
|
[PATCH] 31
|
|
From a7cbf64ba8ac07a4a1fdea91f39da56d86af03bf Mon Sep 17 00:00:00 2001
|
|
---
|
|
nss/lib/freebl/unix_rand.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
Index: nss/lib/freebl/unix_rand.c
|
|
===================================================================
|
|
--- nss.orig/lib/freebl/unix_rand.c
|
|
+++ nss/lib/freebl/unix_rand.c
|
|
@@ -24,6 +24,7 @@
|
|
#include "prthread.h"
|
|
#include "prprf.h"
|
|
#include "prenv.h"
|
|
+#include "fips.h"
|
|
|
|
#ifdef NSS_USE_GETRANDOM
|
|
# ifndef __NR_getrandom
|
|
@@ -692,7 +693,7 @@ RNG_SystemInfoForRNG(void)
|
|
}
|
|
|
|
/* grab some data from system's PRNG before any other files. */
|
|
- bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
|
|
+ bytes = RNG_FileUpdate(FIPS_mode() ? "/dev/random" : "/dev/urandom", SYSTEM_RNG_SEED_COUNT);
|
|
if (!bytes) {
|
|
PORT_SetError(SEC_ERROR_NEED_RANDOM);
|
|
}
|
|
@@ -822,7 +823,8 @@ RNG_SystemRNG(void *dest, size_t maxLen)
|
|
int ret;
|
|
|
|
do {
|
|
- ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
|
|
+ ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes,
|
|
+ FIPS_mode () ? GRND_RANDOM : 0);
|
|
|
|
if (0 < ret)
|
|
inBytes += ret;
|
|
@@ -842,7 +844,7 @@ RNG_SystemRNG(void *dest, size_t maxLen)
|
|
size_t fileBytes = 0;
|
|
unsigned char *buffer = dest;
|
|
|
|
- file = fopen("/dev/urandom", "r");
|
|
+ file = fopen(FIPS_mode() ? "/dev/random" : "/dev/urandom", "r");
|
|
if (file == NULL) {
|
|
PORT_SetError(SEC_ERROR_NEED_RANDOM);
|
|
return 0;
|