mozilla-nss/nss-fips-use-getrandom.patch

# HG changeset patch
# User M. Sirringhaus <msirringhaus@suse.de>
# Date 1574137588 -3600
#      Tue Nov 19 05:26:28 2019 +0100
# Node ID 5e191a391c38967e49a1d005800713ccd1010b09
# Parent  92da25f8ea7d41e938858872e2b6a2fb1aa53bb2
commit c2a88344b616c75b1873fb163491d7362a4c3e5b
Author: Hans Petter Jansson <hpj@cl.no>
    11

diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk
--- a/coreconf/Linux.mk
+++ b/coreconf/Linux.mk
@@ -184,6 +184,18 @@
 LDFLAGS	+= -Wl,-z,relro
 endif
 
+#
+# On Linux 3.17 or later, use getrandom() to obtain entropy where possible.
+# Set NSS_USE_GETRANDOM to 0 in the environment to override this.
+#
+ifneq ($(OS_TARGET),Android)
+ifeq (3.17,$(firstword $(sort 3.17 $(OS_RELEASE))))
+ifneq ($(NSS_USE_GETRANDOM),0)
+	DEFINES		+= -DNSS_USE_GETRANDOM
+endif
+endif
+endif
+
 USE_SYSTEM_ZLIB = 1
 ZLIB_LIBS = -lz
 
diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
--- a/lib/freebl/unix_rand.c
+++ b/lib/freebl/unix_rand.c
@@ -13,6 +13,10 @@
 #include <sys/wait.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef NSS_USE_GETRANDOM
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
 #include <dirent.h>
 #include "secrng.h"
 #include "secerr.h"
@@ -21,6 +25,43 @@
 #include "prprf.h"
 #include "prenv.h"
 
+#ifdef NSS_USE_GETRANDOM
+#  ifndef __NR_getrandom
+#    if defined __x86_64__
+#      define __NR_getrandom 318
+#    elif defined(__i386__)
+#      define __NR_getrandom 355
+#    elif defined(__arm__)
+#      define __NR_getrandom 384
+#    elif defined(__aarch64__)
+#      define __NR_getrandom 278
+#    elif defined(__ia64__)
+#      define __NR_getrandom 1339
+#    elif defined(__m68k__)
+#      define __NR_getrandom 352
+#    elif defined(__s390x__)
+#      define __NR_getrandom 349
+#    elif defined(__powerpc__)
+#      define __NR_getrandom 359
+#    elif defined _MIPS_SIM
+#      if _MIPS_SIM == _MIPS_SIM_ABI32
+#        define __NR_getrandom 4353
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_NABI32
+#        define __NR_getrandom 6317
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_ABI64
+#        define __NR_getrandom 5313
+#      endif
+#    else
+#      warning "__NR_getrandom unknown for your architecture"
+#    endif
+#  endif
+#  ifndef GRND_RANDOM
+#    define GRND_RANDOM 0x02
+#  endif
+#endif
+
 size_t RNG_FileUpdate(const char *fileName, size_t limit);
 
 /*
@@ -862,6 +903,26 @@
 size_t
 RNG_SystemRNG(void *dest, size_t maxLen)
 {
+#ifdef NSS_USE_GETRANDOM
+    unsigned char *buf = dest;
+    size_t inBytes = 0;
+    int ret;
+
+    do {
+        ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
+
+        if (0 < ret)
+            inBytes += ret;
+    } while ((0 < ret || EINTR == errno || ERESTART == errno)
+             && inBytes < maxLen);
+
+    if (inBytes != maxLen) {
+         PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
+         inBytes = 0;
+    }
+
+    return inBytes;
+#else
     FILE *file;
     int fd;
     int bytes;
@@ -895,4 +956,5 @@
         fileBytes = 0;
     }
     return fileBytes;
+#endif
 }