99b17fbdca
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=471
124 lines
4.6 KiB
Diff
124 lines
4.6 KiB
Diff
Index: nss/lib/freebl/drbg.c
|
|
===================================================================
|
|
--- nss.orig/lib/freebl/drbg.c
|
|
+++ nss/lib/freebl/drbg.c
|
|
@@ -6,6 +6,8 @@
|
|
#include "stubs.h"
|
|
#endif
|
|
|
|
+#include <unistd.h>
|
|
+
|
|
#include "prerror.h"
|
|
#include "secerr.h"
|
|
|
|
@@ -183,11 +185,30 @@ prng_initEntropy(void)
|
|
PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE];
|
|
SHA256Context ctx;
|
|
|
|
+ /* Don't have NSPR, so can't use the real PR_CallOnce. Implement a stripped
|
|
+ * down version. This is similar to freebl_RunLoaderOnce(). */
|
|
+ if (coRNGInitEntropy.initialized) {
|
|
+ return coRNGInitEntropy.status;
|
|
+ }
|
|
+ if (__sync_lock_test_and_set(&coRNGInitEntropy.inProgress, 1) != 0) {
|
|
+ /* Shouldn't have a lot of takers here, which is good
|
|
+ * since we don't have condition variables yet.
|
|
+ * 'initialized' only ever gets set (not cleared) so we don't
|
|
+ * need the traditional locks. */
|
|
+ while (!coRNGInitEntropy.initialized) {
|
|
+ sleep(1); /* don't have condition variables, just give up the CPU */
|
|
+ }
|
|
+ return coRNGInitEntropy.status;
|
|
+ }
|
|
+
|
|
/* For FIPS 140-2 4.9.2 continuous random number generator test,
|
|
* fetch the initial entropy from the system RNG and keep it for
|
|
* later comparison. */
|
|
length = RNG_SystemRNG(block, sizeof(block));
|
|
if (length == 0) {
|
|
+ coRNGInitEntropy.status = PR_FAILURE;
|
|
+ __sync_synchronize ();
|
|
+ coRNGInitEntropy.initialized = 1;
|
|
return PR_FAILURE; /* error is already set */
|
|
}
|
|
PORT_Assert(length == sizeof(block));
|
|
@@ -200,6 +221,9 @@ prng_initEntropy(void)
|
|
sizeof(globalrng->previousEntropyHash));
|
|
PORT_SafeZero(block, sizeof(block));
|
|
SHA256_DestroyContext(&ctx, PR_FALSE);
|
|
+ coRNGInitEntropy.status = PR_SUCCESS;
|
|
+ __sync_synchronize ();
|
|
+ coRNGInitEntropy.initialized = 1;
|
|
return PR_SUCCESS;
|
|
}
|
|
|
|
@@ -212,7 +236,7 @@ prng_getEntropy(PRUint8 *buffer, size_t
|
|
SHA256Context ctx;
|
|
SECStatus rv = SECSuccess;
|
|
|
|
- if (PR_CallOnce(&coRNGInitEntropy, prng_initEntropy) != PR_SUCCESS) {
|
|
+ if (prng_initEntropy () != PR_SUCCESS) {
|
|
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
return SECFailure;
|
|
}
|
|
@@ -566,10 +590,34 @@ prng_freeRNGContext(RNGContext *rng)
|
|
SECStatus
|
|
RNG_RNGInit(void)
|
|
{
|
|
+ /* Don't have NSPR, so can't use the real PR_CallOnce. Implement a stripped
|
|
+ * down version. This is similar to freebl_RunLoaderOnce(). */
|
|
+ if (coRNGInit.initialized) {
|
|
+ return coRNGInit.status;
|
|
+ }
|
|
+ if (__sync_lock_test_and_set(&coRNGInit.inProgress, 1) != 0) {
|
|
+ /* Shouldn't have a lot of takers here, which is good
|
|
+ * since we don't have condition variables yet.
|
|
+ * 'initialized' only ever gets set (not cleared) so we don't
|
|
+ * need the traditional locks. */
|
|
+ while (!coRNGInit.initialized) {
|
|
+ sleep(1); /* don't have condition variables, just give up the CPU */
|
|
+ }
|
|
+ return coRNGInit.status;
|
|
+ }
|
|
+
|
|
/* Allow only one call to initialize the context */
|
|
- PR_CallOnce(&coRNGInit, rng_init);
|
|
+ coRNGInit.status = rng_init ();
|
|
+ __sync_synchronize ();
|
|
+ coRNGInit.initialized = 1;
|
|
+ if (coRNGInit.status != PR_SUCCESS)
|
|
+ return SECFailure;
|
|
+
|
|
/* Make sure there is a context */
|
|
- return (globalrng != NULL) ? SECSuccess : SECFailure;
|
|
+ coRNGInit.status = (globalrng != NULL) ? SECSuccess : SECFailure;
|
|
+ __sync_synchronize ();
|
|
+ coRNGInit.initialized = 1;
|
|
+ return coRNGInit.status;
|
|
}
|
|
|
|
/*
|
|
@@ -844,7 +892,21 @@ PRNGTEST_Generate(PRUint8 *bytes, unsign
|
|
}
|
|
/* replicate reseed test from prng_GenerateGlobalRandomBytes */
|
|
if (testContext.reseed_counter[0] >= RESEED_VALUE) {
|
|
- rv = prng_reseed(&testContext, NULL, 0, NULL, 0);
|
|
+ /* We need to supply the entropy so as to avoid use of global RNG */
|
|
+ static const PRUint8 reseed_entropy[] = {
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ };
|
|
+ static const PRUint8 additional_input[] = {
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
+ };
|
|
+ rv = prng_reseed(&testContext, reseed_entropy, sizeof reseed_entropy,
|
|
+ additional_input, sizeof additional_input);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|