mozilla-nss/nss-fips-use-strong-random-pool.patch

# HG changeset patch
# User Hans Petter Jansson <hpj@cl.no>
# Date 1574240799 -3600
#      Wed Nov 20 10:06:39 2019 +0100
# Node ID 4ddd7d49eeed4ea32850daf41a472ccb50dee45e
# Parent  0efca22bbafd7575b20461f255c46157c9321822
[PATCH] 31
From a7cbf64ba8ac07a4a1fdea91f39da56d86af03bf Mon Sep 17 00:00:00 2001
---
 nss/lib/freebl/unix_rand.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
--- a/lib/freebl/unix_rand.c
+++ b/lib/freebl/unix_rand.c
@@ -24,6 +24,7 @@
 #include "prthread.h"
 #include "prprf.h"
 #include "prenv.h"
+#include "fips.h"
 
 #ifdef NSS_USE_GETRANDOM
 #  ifndef __NR_getrandom
@@ -779,7 +780,7 @@
     }
 
     /* grab some data from system's PRNG before any other files. */
-    bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
+    bytes = RNG_FileUpdate(FIPS_mode() ? "/dev/random" : "/dev/urandom", SYSTEM_RNG_SEED_COUNT);
     if (!bytes) {
         PORT_SetError(SEC_ERROR_NEED_RANDOM);
     }
@@ -909,7 +910,8 @@
     int ret;
 
     do {
-        ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes, 0);
+        ret = syscall(__NR_getrandom, buf + inBytes, maxLen - inBytes,
+                      FIPS_mode () ? GRND_RANDOM : 0);
 
         if (0 < ret)
             inBytes += ret;
@@ -929,7 +931,7 @@
     size_t fileBytes = 0;
     unsigned char *buffer = dest;
 
-    file = fopen("/dev/urandom", "r");
+    file = fopen(FIPS_mode() ? "/dev/random" : "/dev/urandom", "r");
     if (file == NULL) {
         PORT_SetError(SEC_ERROR_NEED_RANDOM);
         return 0;