nsNSSComponent::RandomUpdate forces PKCS#11 modules to be loaded because it calls PK11_RandomUpdate

RESOLVED INVALID

Status

()

--
enhancement
RESOLVED INVALID
7 years ago
3 years ago

People

(Reporter: briansmith, Unassigned)

Tracking

({perf, sec-other})

Trunk
perf, sec-other
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ts][sg:nse])

[Just in case, for some reason, this entropy collection is critical for mobile, I have put this in core-security.]

Even if we could otherwise defer the loading of PKCS#11 modules until after startup, then I believe that the call to PK11_RandomUpdate in nsNSSComponent::RandomUpdate that happens early on would force us to load one or all PKCS#11 modules during startup. Note: nsNSSComponent::RandomUpdate is called during the processing of (some) mouse movement events.

I am not sure how useful this type of entropy collection is. If it is really important, than we have a big problem on mobile, since there are no mouse movement events. If it isn't important enough for mobile to need it, then how useful could it possibly be for desktop? 

See also bug 520411 and the bugs that are referred to in the comments of that bug, in particular bug 88847, bug 80841, and bug 57985.
As it stands this doesn't sound like we have a current entropy problem so "sg:nse", but might if this change were made. sounds more like a security review request.
Whiteboard: [ts] → [ts][sg:nse]
Group: crypto-core-security
Group: crypto-core-security

Updated

3 years ago
Group: core-security → crypto-core-security
bug 883718 removed the call to PK11_RandomUpdate.
Group: crypto-core-security
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.