andre@0: diff -r c3565a90b8c4 lib/freebl/unix_rand.c
andre@0: --- a/lib/freebl/unix_rand.c	Fri Jan 03 20:59:10 2014 +0100
andre@0: +++ b/lib/freebl/unix_rand.c	Tue Jan 07 11:28:59 2014 -0800
andre@0: @@ -916,8 +916,19 @@
andre@0:  #if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \
andre@0:      || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \
andre@0:      || defined(HPUX)
andre@0: -    if (bytes)
andre@0: +    if (bytes == SYSTEM_RNG_SEED_COUNT)
andre@0:          return;
andre@0: +
andre@0: +    /*
andre@0: +     * Modified to abort the process if it failed to read from /dev/urandom.
andre@0: +     *
andre@0: +     * See crbug.com/244661 for details.
andre@0: +     */
andre@0: +    fprintf(stderr, "[ERROR:%s(%d)] NSS read %zu bytes (expected %d bytes) "
andre@0: +            "from /dev/urandom. Abort process.\n", __FILE__, __LINE__,
andre@0: +            bytes, SYSTEM_RNG_SEED_COUNT);
andre@0: +    fflush(stderr);
andre@0: +    abort();
andre@0:  #endif
andre@0:  
andre@0:  #ifdef SOLARIS
andre@0: @@ -1134,6 +1145,11 @@
andre@0:     }
andre@0:  }
andre@0:  
andre@0: +/*
andre@0: + * Modified to abort the process if it failed to read from /dev/urandom.
andre@0: + *
andre@0: + * See crbug.com/244661 for details.
andre@0: + */
andre@0:  size_t RNG_SystemRNG(void *dest, size_t maxLen)
andre@0:  {
andre@0:      FILE *file;
andre@0: @@ -1144,7 +1160,10 @@
andre@0:  
andre@0:      file = fopen("/dev/urandom", "r");
andre@0:      if (file == NULL) {
andre@0: -	return rng_systemFromNoise(dest, maxLen);
andre@0: +	fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
andre@0: +		"Abort process.\n", __FILE__, __LINE__);
andre@0: +	fflush(stderr);
andre@0: +	abort();
andre@0:      }
andre@0:      /* Read from the underlying file descriptor directly to bypass stdio
andre@0:       * buffering and avoid reading more bytes than we need from /dev/urandom.
andre@0: @@ -1164,8 +1183,10 @@
andre@0:      }
andre@0:      fclose(file);
andre@0:      if (fileBytes != maxLen) {
andre@0: -	PORT_SetError(SEC_ERROR_NEED_RANDOM);  /* system RNG failed */
andre@0: -	fileBytes = 0;
andre@0: +	fprintf(stderr, "[ERROR:%s(%d)] NSS failed to read from /dev/urandom. "
andre@0: +		"Abort process.\n", __FILE__, __LINE__);
andre@0: +	fflush(stderr);
andre@0: +	abort();
andre@0:      }
andre@0:      return fileBytes;
andre@0:  }