Closed
Bug 711035
Opened 13 years ago
Closed 9 years ago
nsNSSComponent::RandomUpdate forces PKCS#11 modules to be loaded because it calls PK11_RandomUpdate
Categories
(Core :: Security: PSM, enhancement)
Core
Security: PSM
Tracking
()
RESOLVED
INVALID
People
(Reporter: briansmith, Unassigned)
Details
(Keywords: perf, sec-other, Whiteboard: [ts][sg:nse])
[Just in case, for some reason, this entropy collection is critical for mobile, I have put this in core-security.]
Even if we could otherwise defer the loading of PKCS#11 modules until after startup, then I believe that the call to PK11_RandomUpdate in nsNSSComponent::RandomUpdate that happens early on would force us to load one or all PKCS#11 modules during startup. Note: nsNSSComponent::RandomUpdate is called during the processing of (some) mouse movement events.
I am not sure how useful this type of entropy collection is. If it is really important, than we have a big problem on mobile, since there are no mouse movement events. If it isn't important enough for mobile to need it, then how useful could it possibly be for desktop?
See also bug 520411 and the bugs that are referred to in the comments of that bug, in particular bug 88847, bug 80841, and bug 57985.
Comment 1•13 years ago
|
||
As it stands this doesn't sound like we have a current entropy problem so "sg:nse", but might if this change were made. sounds more like a security review request.
Whiteboard: [ts] → [ts][sg:nse]
Updated•12 years ago
|
Group: crypto-core-security
Updated•11 years ago
|
Group: crypto-core-security
Updated•9 years ago
|
Group: core-security → crypto-core-security
![]() |
||
Comment 2•9 years ago
|
||
bug 883718 removed the call to PK11_RandomUpdate.
Group: crypto-core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•