external/nss/nss.getrandom.patch

   1 --- a/nss/nspr/pr/src/md/unix/uxrng.c
   2 +++ b/nss/nspr/pr/src/md/unix/uxrng.c
   3 @@ -68,13 +68,18 @@
   4  #include <sys/types.h>
   5  #include <sys/stat.h>
   6  #include <fcntl.h>
   7 +#include <dlfcn.h>
   8
   9  static int      fdDevURandom;
  10  static PRCallOnceType coOpenDevURandom;
  11
  12  static PRStatus OpenDevURandom( void )
  13  {
  14 -    fdDevURandom = open( "/dev/urandom", O_RDONLY );
  15 +    static int (*lok_open_urandom)();
  16 +    if (!lok_open_urandom)
  17 +      lok_open_urandom = dlsym(RTLD_DEFAULT, "lok_open_urandom");
  18 +    if (!lok_open_urandom || (fdDevURandom = lok_open_urandom()) < 0)
  19 +      fdDevURandom = open( "/dev/urandom", O_RDONLY );
  20      return((-1 == fdDevURandom)? PR_FAILURE : PR_SUCCESS );
  21  } /* end OpenDevURandom() */
  22
  23 --- a/nss/nss/lib/freebl/unix_rand.c
  24 +++ b/nss/nss/lib/freebl/unix_rand.c
  25 @@ -13,6 +13,7 @@
  26  #include <sys/wait.h>
  27  #include <sys/stat.h>
  28  #include <sys/types.h>
  29 +#include <dlfcn.h>
  30  #include <dirent.h>
  31  #include "secrng.h"
  32  #include "secerr.h"
  33 @@ -650,11 +651,21 @@
  34          RNG_RandomUpdate(buf, strlen(buf));
  35      }
  36
  37 +    {
  38 +        unsigned char buffer[SYSTEM_RNG_SEED_COUNT];
  39 +        bytes = RNG_SystemRNG(buffer, sizeof (buffer));
  40 +        if (bytes == SYSTEM_RNG_SEED_COUNT) /* success */
  41 +              RNG_RandomUpdate(buffer, bytes);
  42 +    }
  43 +
  44 +    if (bytes != SYSTEM_RNG_SEED_COUNT) /* fail */
  45 +    {
  46      /* grab some data from system's PRNG before any other files. */
  47      bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
  48      if (!bytes) {
  49          PORT_SetError(SEC_ERROR_NEED_RANDOM);
  50      }
  51 +    }
  52
  53      /* If the user points us to a random file, pass it through the rng */
  54      randfile = PR_GetEnvSecure("NSRANDFILE");
  55 @@ -781,11 +794,19 @@
  56      size_t fileBytes = 0;
  57      unsigned char *buffer = dest;
  58
  59 +    static int (*lok_open_urandom)();
  60 +    if (!lok_open_urandom)
  61 +      lok_open_urandom = dlsym(NULL, "lok_open_urandom");
  62 +    if (!lok_open_urandom || (fd = lok_open_urandom()) < 0)
  63 +    {
  64      file = fopen("/dev/urandom", "r");
  65      if (file == NULL) {
  66          PORT_SetError(SEC_ERROR_NEED_RANDOM);
  67          return 0;
  68      }
  69 +    }
  70 +    else
  71 +      file = fdopen(fd, "r");
  72      /* Read from the underlying file descriptor directly to bypass stdio
  73       * buffering and avoid reading more bytes than we need from /dev/urandom.
  74       * NOTE: we can't use fread with unbuffered I/O because fread may return
  75 --- a/nss/nss/lib/freebl/unix_urandom.c
  76 +++ b/nss/nss/lib/freebl/unix_urandom.c
  77 @@ -5,6 +5,7 @@
  78  #include <fcntl.h>
  79  #include <unistd.h>
  80  #include <errno.h>
  81 +#include <dlfcn.h>
  82  #include "secerr.h"
  83  #include "secrng.h"
  84  #include "prprf.h"
  85 @@ -62,7 +63,11 @@
  86       * Reset the number of bytes to get and fall back to /dev/urandom. */
  87      fileBytes = 0;
  88  #endif
  89 -    fd = open("/dev/urandom", O_RDONLY);
  90 +    static int (*lok_open_urandom)();
  91 +    if (!lok_open_urandom)
  92 +      lok_open_urandom = dlsym(NULL, "lok_open_urandom");
  93 +    if (!lok_open_urandom || (fd = lok_open_urandom()) < 0)
  94 +        fd = open("/dev/urandom", O_RDONLY);
  95      if (fd < 0) {
  96          PORT_SetError(SEC_ERROR_NEED_RANDOM);
  97          return 0;