Google Git
Sign in
chromium / chromium / deps / nss / ccb083050bac653bd6b98c38237fdf93c5d64a7a / . / patches / nss-urandom-abort.patch
blob: 2d1375e125e2439784c84094ad135e73d2e5184d [file] [log] [blame]
diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c
index c9674ea..e0d8f58 100644
--- a/nss/lib/freebl/unix_rand.c
+++ b/nss/lib/freebl/unix_rand.c
@@ -917,8 +917,19 @@ void RNG_SystemInfoForRNG(void)
#if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \
|| defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \
|| defined(HPUX)
- if (bytes)
+ if (bytes == SYSTEM_RNG_SEED_COUNT)
return;
+
+ /*
+ * Modified to abort the process if it failed to read from /dev/urandom.
+ *
+ * See crbug.com/244661 for details.
+ */
+ fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) "
+ "from /dev/urandom. Abort process.\n", __FILE__, __LINE__,
+ bytes, SYSTEM_RNG_SEED_COUNT);
+ fflush(stderr);
+ abort();
#endif
#ifdef SOLARIS
@@ -1135,6 +1146,11 @@ static void rng_systemJitter(void)
}
}
+/*
+ * Modified to abort the process if it failed to read from /dev/urandom.
+ *
+ * See crbug.com/244661 for details.
+ */
size_t RNG_SystemRNG(void *dest, size_t maxLen)
{
FILE *file;
@@ -1145,7 +1161,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
file = fopen("/dev/urandom", "r");
if (file == NULL) {
- return rng_systemFromNoise(dest, maxLen);
+ fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
+ "Abort process.\n", __FILE__, __LINE__);
+ fflush(stderr);
+ abort();
}
/* Read from the underlying file descriptor directly to bypass stdio
* buffering and avoid reading more bytes than we need from /dev/urandom.
@@ -1165,8 +1184,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
}
fclose(file);
if (fileBytes != maxLen) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
- fileBytes = 0;
+ fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
+ "Abort process.\n", __FILE__, __LINE__);
+ fflush(stderr);
+ abort();
}
return fileBytes;
}
diff --git a/patches/nss-urandom-abort.patch b/patches/nss-urandom-abort.patch
index d5f55c8..e69de29 100644
--- a/patches/nss-urandom-abort.patch
+++ b/patches/nss-urandom-abort.patch
@@ -1,62 +0,0 @@
-diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
-index 579040e..2f9b3e5 100644
---- a/lib/freebl/unix_rand.c
-+++ b/lib/freebl/unix_rand.c
-@@ -916,8 +916,19 @@ void RNG_SystemInfoForRNG(void)
- #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \
- || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \
- || defined(HPUX)
-- if (bytes)
-+ if (bytes == SYSTEM_RNG_SEED_COUNT)
- return;
-+
-+ /*
-+ * Modified to abort the process if it failed to read from /dev/urandom.
-+ *
-+ * See crbug.com/244661 for details.
-+ */
-+ fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) "
-+ "from /dev/urandom. Abort process.\n", __FILE__, __LINE__,
-+ bytes, SYSTEM_RNG_SEED_COUNT);
-+ fflush(stderr);
-+ abort();
- #endif
-
- #ifdef SOLARIS
-@@ -1134,6 +1145,11 @@ static void rng_systemJitter(void)
- }
- }
-
-+/*
-+ * Modified to abort the process if it failed to read from /dev/urandom.
-+ *
-+ * See crbug.com/244661 for details.
-+ */
- size_t RNG_SystemRNG(void *dest, size_t maxLen)
- {
- FILE *file;
-@@ -1144,7 +1160,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
-
- file = fopen("/dev/urandom", "r");
- if (file == NULL) {
-- return rng_systemFromNoise(dest, maxLen);
-+ fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
-+ "Abort process.\n", __FILE__, __LINE__);
-+ fflush(stderr);
-+ abort();
- }
- /* Read from the underlying file descriptor directly to bypass stdio
- * buffering and avoid reading more bytes than we need from /dev/urandom.
-@@ -1164,8 +1183,10 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
- }
- fclose(file);
- if (fileBytes != maxLen) {
-- PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
-- fileBytes = 0;
-+ fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
-+ "Abort process.\n", __FILE__, __LINE__);
-+ fflush(stderr);
-+ abort();
- }
- return fileBytes;
- }