Closed Bug 85465 Opened 25 years ago Closed 24 years ago

certutil fails to seed PRNG when stdin is closed or at EOF.

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

Details

When certutil is invoked with a command that needs to use the PRNG to do keygen (among other things), if the -z option is supplied certutil uses the content of the named file to seed the PRNG, otherwise certutil prompts the user for "random" input on stdin and reads stdin for the random input. The code that reads stdin fails to notice that stdin is at EOF, so it behaves as if all the characters entered by the user on stdin were EOF. The code should detect when it is getting EOF on stdin and either exit with an error code or else revert to some other means of getting pseudo random input.
Fixed in rev 1.4 of nss/cmd/certutil/keystuff.c.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.