From 23fdff645a41a84edfbb4a445014cdcee3a3bade Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 21 Oct 2020 18:18:40 -0400 Subject: [PATCH] [core] init NSS lib for basic crypto algorithms basic algorithms fail if NSS library has not been init'd (WTH) lighttpd defers initialization of rand and crypto until first use to attempt to avoid long, blocking init at startup while waiting for sufficient system entropy to become available --- src/sys-crypto-md.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/sys-crypto-md.h b/src/sys-crypto-md.h index 9a2c2418..db1247dd 100644 --- a/src/sys-crypto-md.h +++ b/src/sys-crypto-md.h @@ -571,12 +571,28 @@ SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length) #elif defined(USE_NSS_CRYPTO) +/* basic algorithms fail if NSS library has not been init'd (WTH). + * lighttpd defers initialization of rand and crypto until first use + * to attempt to avoid long, blocking init at startup while waiting + * for sufficient system entropy to become available */ +#include /* NSS_IsInitialized() NSS_NoDB_Init() */ +#include /* abort() */ +__attribute_cold__ +static inline void +nss_requires_explicit_init_for_basic_crypto_wth(void) +{ + if (NSS_NoDB_Init(NULL) < 0) + abort(); +} + #include #define NSS_gen_hashfuncs(name, typ) \ static inline int \ name##_Init(void **ctx) \ { \ + if (!NSS_IsInitialized()) \ + nss_requires_explicit_init_for_basic_crypto_wth(); \ const SECHashObject * const hashObj = HASH_GetHashObject(typ); \ return ((*ctx=hashObj->create()) != NULL) ? (hashObj->begin(*ctx),1) : 0; \ } \