bug 883718 - remove nsIEntropyCollector and implementation r?bz r?mgoodwin draft
authorDavid Keeler <dkeeler@mozilla.com>
Tue, 10 May 2016 16:24:44 -0700
changeset 365509 36b2b7c045c30da3e1f7dbc47d3f00c0cd094950
parent 365273 1579b9e2e50f3a27ad02d58cc9170c91e0973fec
child 520580 23a3de19fe8d87158a4104332059e67607441314
push id17768
push userdkeeler@mozilla.com
push dateTue, 10 May 2016 23:26:21 +0000
reviewersbz, mgoodwin
bugs883718
milestone49.0a1
bug 883718 - remove nsIEntropyCollector and implementation r?bz r?mgoodwin The rationale behind nsIEntropyCollector was to supplement NSS' source of entropy with randomness from mouse move events. This obviously doesn't work on platforms without a mouse (e.g. mobile platforms). Furthermore, as NSS seeds its random number generator with robust randomness from the operating system, this is unnecessary anyway. The primary concern is that initialization of the random number generator must happen after forking, which is exactly what we do with the child process in e10s mode. MozReview-Commit-ID: GYQDElSCZy0
dom/base/moz.build
dom/base/nsGlobalWindow.cpp
dom/base/nsIEntropyCollector.idl
security/manager/ssl/moz.build
security/manager/ssl/nsEntropyCollector.cpp
security/manager/ssl/nsEntropyCollector.h
security/manager/ssl/nsNSSComponent.cpp
security/manager/ssl/nsNSSComponent.h
security/manager/ssl/nsNSSModule.cpp
--- a/dom/base/moz.build
+++ b/dom/base/moz.build
@@ -16,17 +16,16 @@ XPIDL_SOURCES += [
     'nsIDOMDataChannel.idl',
     'nsIDOMDOMCursor.idl',
     'nsIDOMDOMRequest.idl',
     'nsIDOMFileList.idl',
     'nsIDOMFormData.idl',
     'nsIDOMParser.idl',
     'nsIDOMSerializer.idl',
     'nsIDroppedLinkHandler.idl',
-    'nsIEntropyCollector.idl',
     'nsIFrameLoader.idl',
     'nsIImageLoadingContent.idl',
     'nsIMessageManager.idl',
     'nsIObjectLoadingContent.idl',
     'nsIRemoteWindowContext.idl',
     'nsIScriptChannel.idl',
     'nsIScriptLoaderObserver.idl',
     'nsISelection.idl',
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -111,17 +111,16 @@
 #include "nsIPromptService.h"
 #include "nsIPromptFactory.h"
 #include "nsIWritablePropertyBag2.h"
 #include "nsIWebNavigation.h"
 #include "nsIWebBrowserChrome.h"
 #include "nsIWebBrowserFind.h"  // For window.find()
 #include "nsIWindowMediator.h"  // For window.find()
 #include "nsComputedDOMStyle.h"
-#include "nsIEntropyCollector.h"
 #include "nsDOMCID.h"
 #include "nsDOMWindowUtils.h"
 #include "nsIWindowWatcher.h"
 #include "nsPIWindowWatcher.h"
 #include "nsIContentViewer.h"
 #include "nsIScriptError.h"
 #include "nsIControllers.h"
 #include "nsIControllerContext.h"
@@ -271,17 +270,16 @@ using mozilla::TimeDuration;
 using mozilla::dom::cache::CacheStorage;
 
 static LazyLogModule gDOMLeakPRLog("DOMLeak");
 
 nsGlobalWindow::WindowByIdTable *nsGlobalWindow::sWindowsById = nullptr;
 bool nsGlobalWindow::sWarnedAboutWindowInternal = false;
 bool nsGlobalWindow::sIdleObserversAPIFuzzTimeDisabled = false;
 
-static nsIEntropyCollector *gEntropyCollector          = nullptr;
 static int32_t              gRefCnt                    = 0;
 static int32_t              gOpenPopupSpamCount        = 0;
 static PopupControlState    gPopupControlState         = openAbused;
 static int32_t              gRunningTimeoutDepth       = 0;
 static bool                 gMouseDown                 = false;
 static bool                 gDragServiceDisabled       = false;
 static FILE                *gDumpFile                  = nullptr;
 static uint32_t             gSerialCounter             = 0;
@@ -1332,20 +1330,16 @@ nsGlobalWindow::AssertIsOnMainThread()
 #endif // DEBUG
 
 /* static */
 void
 nsGlobalWindow::Init()
 {
   AssertIsOnMainThread();
 
-  CallGetService(NS_ENTROPYCOLLECTOR_CONTRACTID, &gEntropyCollector);
-  NS_ASSERTION(gEntropyCollector,
-               "gEntropyCollector should have been initialized!");
-
   NS_ASSERTION(gDOMLeakPRLog, "gDOMLeakPRLog should have been initialized!");
 
   sWindowsById = new WindowByIdTable();
 }
 
 nsGlobalWindow::~nsGlobalWindow()
 {
   AssertIsOnMainThread();
@@ -1478,18 +1472,16 @@ nsGlobalWindow::ShutDown()
 {
   AssertIsOnMainThread();
 
   if (gDumpFile && gDumpFile != stdout) {
     fclose(gDumpFile);
   }
   gDumpFile = nullptr;
 
-  NS_IF_RELEASE(gEntropyCollector);
-
   delete sWindowsById;
   sWindowsById = nullptr;
 }
 
 // static
 void
 nsGlobalWindow::CleanupCachedXBLHandlers(nsGlobalWindow* aWindow)
 {
@@ -3311,37 +3303,21 @@ nsGlobalWindow::GetJSContextForEventHand
 {
   return nullptr;
 }
 
 nsresult
 nsGlobalWindow::PreHandleEvent(EventChainPreVisitor& aVisitor)
 {
   NS_PRECONDITION(IsInnerWindow(), "PreHandleEvent is used on outer window!?");
-  static uint32_t count = 0;
   EventMessage msg = aVisitor.mEvent->mMessage;
 
   aVisitor.mCanHandle = true;
   aVisitor.mForceContentDispatch = true; //FIXME! Bug 329119
-  if (msg == eMouseMove && gEntropyCollector) {
-    //Chances are this counter will overflow during the life of the
-    //process, but that's OK for our case. Means we get a little
-    //more entropy.
-    if (count++ % 100 == 0) {
-      //Since the high bits seem to be zero's most of the time,
-      //let's only take the lowest half of the point structure.
-      int16_t myCoord[2];
-
-      myCoord[0] = aVisitor.mEvent->mRefPoint.x;
-      myCoord[1] = aVisitor.mEvent->mRefPoint.y;
-      gEntropyCollector->RandomUpdate((void*)myCoord, sizeof(myCoord));
-      gEntropyCollector->RandomUpdate((void*)&(aVisitor.mEvent->mTime),
-                                      sizeof(uint32_t));
-    }
-  } else if (msg == eResize && aVisitor.mEvent->IsTrusted()) {
+  if (msg == eResize && aVisitor.mEvent->IsTrusted()) {
     // QIing to window so that we can keep the old behavior also in case
     // a child window is handling resize.
     nsCOMPtr<nsPIDOMWindowInner> window =
       do_QueryInterface(aVisitor.mEvent->mOriginalTarget);
     if (window) {
       mIsHandlingResizeEvent = true;
     }
   } else if (msg == eMouseDown && aVisitor.mEvent->IsTrusted()) {
deleted file mode 100644
--- a/dom/base/nsIEntropyCollector.idl
+++ /dev/null
@@ -1,35 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-/**
- * Interface for an object that wants to gather "random"
- * data to be used for entropy purposes.
- */
-%{C++
-
-/*
- * If anyone wants to collect the entropy distributed by the
- * event handler, they'll have to implement this CONTRACTID
- */
-#define NS_ENTROPYCOLLECTOR_CONTRACTID "@mozilla.org/security/entropy;1"
-%}
-/* Buffer type - for passing random data to the entropy
- * collector.
- */
-[ptr] native buffer(void);
-
-[uuid(6f883680-ab9d-11d4-9978-00b0d02354a0)]
-interface nsIEntropyCollector : nsISupports
-{
-
-  /**
-   * Add the following bytes to the pool of data to be used
-   * in gathering entropy.
-   */
-  void randomUpdate(in buffer entropy, in long bufLen); 
-
-};
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@@ -7,17 +7,16 @@
 TEST_DIRS += [ 'tests' ]
 
 XPIDL_SOURCES += [
     'nsIASN1Object.idl',
     'nsIASN1PrintableItem.idl',
     'nsIASN1Sequence.idl',
     'nsIAssociatedContentSecurity.idl',
     'nsIBadCertListener2.idl',
-    'nsIBufEntropyCollector.idl',
     'nsICertBlocklist.idl',
     'nsICertificateDialogs.idl',
     'nsICertOverrideService.idl',
     'nsICertPickDialogs.idl',
     'nsIClientAuthDialogs.idl',
     'nsIContentSignatureVerifier.idl',
     'nsIDataSignatureVerifier.idl',
     'nsIGenKeypairInfoDlg.idl',
@@ -93,17 +92,16 @@ UNIFIED_SOURCES += [
     'LocalCertService.cpp',
     'nsCertOverrideService.cpp',
     'nsCertPicker.cpp',
     'nsCertVerificationThread.cpp',
     'nsClientAuthRemember.cpp',
     'nsCrypto.cpp',
     'nsCryptoHash.cpp',
     'nsDataSignatureVerifier.cpp',
-    'nsEntropyCollector.cpp',
     'nsKeygenHandler.cpp',
     'nsKeygenHandlerContent.cpp',
     'nsKeygenThread.cpp',
     'nsKeyModule.cpp',
     'nsNSSASN1Object.cpp',
     'nsNSSCallbacks.cpp',
     'nsNSSCertHelper.cpp',
     'nsNSSCertificate.cpp',
deleted file mode 100644
--- a/security/manager/ssl/nsEntropyCollector.cpp
+++ /dev/null
@@ -1,103 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "mozilla/Logging.h"
-#include "nsEntropyCollector.h"
-#include "nsAlgorithm.h"
-#include <algorithm>
-
-nsEntropyCollector::nsEntropyCollector()
-:mBytesCollected(0), mWritePointer(mEntropyCache)
-{
-  // We could use the uninitialized memory in mEntropyCache as initial
-  // random data, but that means (if any entropy is collected before NSS
-  // initialization and then forwarded) that we'll get warnings from
-  // tools like valgrind for every later operation that depends on the
-  // entropy.
-  memset(mEntropyCache, 0, sizeof(mEntropyCache));
-}
-
-nsEntropyCollector::~nsEntropyCollector()
-{
-}
-
-NS_IMPL_ISUPPORTS(nsEntropyCollector,
-                  nsIEntropyCollector,
-                  nsIBufEntropyCollector)
-
-NS_IMETHODIMP
-nsEntropyCollector::RandomUpdate(void *new_entropy, int32_t bufLen)
-{
-  if (bufLen > 0) {
-    if (mForwardTarget) {
-      return mForwardTarget->RandomUpdate(new_entropy, bufLen);
-    }
-    else {
-      const unsigned char *InputPointer = (const unsigned char *)new_entropy;
-      const unsigned char *PastEndPointer = mEntropyCache + entropy_buffer_size;
-
-      // if the input is large, we only take as much as we can store
-      int32_t bytes_wanted = std::min(bufLen, int32_t(entropy_buffer_size));
-
-      // remember the number of bytes we will have after storing new_entropy
-      mBytesCollected = std::min(int32_t(entropy_buffer_size),
-                               mBytesCollected + bytes_wanted);
-
-      // as the above statements limit bytes_wanted to the entropy_buffer_size,
-      // this loop will iterate at most twice.
-      while (bytes_wanted > 0) {
-
-        // how many bytes to end of cyclic buffer?
-        const int32_t space_to_end = PastEndPointer - mWritePointer;
-
-        // how many bytes can we copy, not reaching the end of the buffer?
-        const int32_t this_time = std::min(space_to_end, bytes_wanted);
-
-        // copy at most to the end of the cyclic buffer
-        for (int32_t i = 0; i < this_time; ++i) {
-
-          unsigned int old = *mWritePointer;
-
-          // combine new and old value already stored in buffer
-          // this logic comes from PSM 1
-          *mWritePointer++ = ((old << 1) | (old >> 7)) ^ *InputPointer++;
-        }
-
-        PR_ASSERT(mWritePointer <= PastEndPointer);
-        PR_ASSERT(mWritePointer >= mEntropyCache);
-
-        // have we arrived at the end of the buffer?
-        if (PastEndPointer == mWritePointer) {
-          // reset write pointer back to begining of our buffer
-          mWritePointer = mEntropyCache;
-        }
-
-        // subtract the number of bytes we have already copied
-        bytes_wanted -= this_time;
-      }
-    }
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsEntropyCollector::ForwardTo(nsIEntropyCollector *aCollector)
-{
-  NS_PRECONDITION(!mForwardTarget, "|ForwardTo| should only be called once.");
-
-  mForwardTarget = aCollector;
-  mForwardTarget->RandomUpdate(mEntropyCache, mBytesCollected);
-  mBytesCollected = 0;
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsEntropyCollector::DontForward()
-{
-  mForwardTarget = nullptr;
-  return NS_OK;
-}
deleted file mode 100644
--- a/security/manager/ssl/nsEntropyCollector.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#ifndef nsEntropyCollector_h___
-#define nsEntropyCollector_h___
-
-#include "nsIEntropyCollector.h"
-#include "nsIBufEntropyCollector.h"
-#include "nsCOMPtr.h"
-
-#define NS_ENTROPYCOLLECTOR_CID \
- { /* 34587f4a-be18-43c0-9112-b782b08c0add */       \
-  0x34587f4a, 0xbe18, 0x43c0,                       \
- {0x91, 0x12, 0xb7, 0x82, 0xb0, 0x8c, 0x0a, 0xdd} }
-
-class nsEntropyCollector : public nsIBufEntropyCollector
-{
-  public:
-    nsEntropyCollector();
-
-    NS_DECL_THREADSAFE_ISUPPORTS
-    NS_DECL_NSIENTROPYCOLLECTOR
-    NS_DECL_NSIBUFENTROPYCOLLECTOR
-
-    enum { entropy_buffer_size = 1024 };
-
-  protected:
-    virtual ~nsEntropyCollector();
-
-    unsigned char mEntropyCache[entropy_buffer_size];
-    int32_t mBytesCollected;
-    unsigned char *mWritePointer;
-    nsCOMPtr<nsIEntropyCollector> mForwardTarget;
-};
-
-#endif /* !defined nsEntropyCollector_h__ */
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -19,17 +19,16 @@
 #include "mozilla/SyncRunnable.h"
 #include "mozilla/Telemetry.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsCRT.h"
 #include "nsCertVerificationThread.h"
 #include "nsClientAuthRemember.h"
 #include "nsComponentManagerUtils.h"
 #include "nsDirectoryServiceDefs.h"
-#include "nsIBufEntropyCollector.h"
 #include "nsICertOverrideService.h"
 #include "nsIFile.h"
 #include "nsIObserverService.h"
 #include "nsIPrompt.h"
 #include "nsIProperties.h"
 #include "nsISiteSecurityService.h"
 #include "nsITokenPasswordDialogs.h"
 #include "nsIWindowWatcher.h"
@@ -1688,79 +1687,38 @@ nsNSSComponent::Init()
 
   createBackgroundThreads();
   if (!mCertVerificationThread) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
             ("nsNSSComponent::createBackgroundThreads() failed\n"));
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
-  nsCOMPtr<nsIEntropyCollector> ec(
-    do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID));
-  if (!ec) {
-    return NS_ERROR_FAILURE;
-  }
-  nsCOMPtr<nsIBufEntropyCollector> bec(do_QueryInterface(ec));
-  if (!bec) {
-    return NS_ERROR_FAILURE;
-  }
-  bec->ForwardTo(this);
-
   return RegisterObservers();
 }
 
 // nsISupports Implementation for the class
 NS_IMPL_ISUPPORTS(nsNSSComponent,
-                  nsIEntropyCollector,
                   nsINSSComponent,
                   nsIObserver)
 
-NS_IMETHODIMP
-nsNSSComponent::RandomUpdate(void* entropy, int32_t bufLen)
-{
-  nsNSSShutDownPreventionLock locker;
-
-  // Asynchronous event happening often,
-  // must not interfere with initialization or profile switch.
-
-  MutexAutoLock lock(mutex);
-
-  if (!mNSSInitialized)
-      return NS_ERROR_NOT_INITIALIZED;
-
-  PK11_RandomUpdate(entropy, bufLen);
-  return NS_OK;
-}
-
 static const char* const PROFILE_BEFORE_CHANGE_TOPIC = "profile-before-change";
 
 NS_IMETHODIMP
 nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic,
                         const char16_t* someData)
 {
   if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("receiving profile change topic\n"));
     DoProfileBeforeChange();
   } else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
 
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: XPCom shutdown observed\n"));
 
     // Cleanup code that requires services, it's too late in destructor.
-
-    nsCOMPtr<nsIEntropyCollector> ec
-        = do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID);
-
-    if (ec) {
-      nsCOMPtr<nsIBufEntropyCollector> bec
-        = do_QueryInterface(ec);
-      if (bec) {
-        bec->DontForward();
-      }
-    }
-
     deleteBackgroundThreads();
   }
   else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
     nsNSSShutDownPreventionLock locker;
     bool clearSessionCache = true;
     NS_ConvertUTF16toUTF8  prefName(someData);
 
     if (prefName.EqualsLiteral("security.tls.version.min") ||
--- a/security/manager/ssl/nsNSSComponent.h
+++ b/security/manager/ssl/nsNSSComponent.h
@@ -5,17 +5,16 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _nsNSSComponent_h_
 #define _nsNSSComponent_h_
 
 #include "mozilla/Mutex.h"
 #include "mozilla/RefPtr.h"
 #include "nsCOMPtr.h"
-#include "nsIEntropyCollector.h"
 #include "nsIStringBundle.h"
 #include "nsIObserver.h"
 #include "nsNSSCallbacks.h"
 #include "SharedCertVerifier.h"
 #include "prerror.h"
 #include "sslt.h"
 
 class nsIDOMWindow;
@@ -93,27 +92,25 @@ public:
 };
 
 NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
 
 class nsNSSShutDownList;
 class nsCertVerificationThread;
 
 // Implementation of the PSM component interface.
-class nsNSSComponent final : public nsIEntropyCollector
-                           , public nsINSSComponent
+class nsNSSComponent final : public nsINSSComponent
                            , public nsIObserver
 {
 public:
   NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
 
   nsNSSComponent();
 
   NS_DECL_THREADSAFE_ISUPPORTS
-  NS_DECL_NSIENTROPYCOLLECTOR
   NS_DECL_NSIOBSERVER
 
   nsresult Init();
 
   static nsresult GetNewPrompter(nsIPrompt** result);
   static nsresult ShowAlertWithConstructedString(const nsString& message);
   NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) override;
 
--- a/security/manager/ssl/nsNSSModule.cpp
+++ b/security/manager/ssl/nsNSSModule.cpp
@@ -8,17 +8,16 @@
 #include "ContentSignatureVerifier.h"
 #include "nsCertOverrideService.h"
 #include "nsCertPicker.h"
 #include "nsCrypto.h"
 #include "nsCryptoHash.h"
 #include "nsCURILoader.h"
 #include "nsDataSignatureVerifier.h"
 #include "nsDOMCID.h" //For the NS_CRYPTO_CONTRACTID define
-#include "nsEntropyCollector.h"
 #include "nsICategoryManager.h"
 #include "nsKeygenHandler.h"
 #include "nsKeyModule.h"
 #include "mozilla/ModuleUtils.h"
 #include "nsNetCID.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSCertificateDB.h"
 #include "nsNSSCertificateFakeTransport.h"
@@ -214,17 +213,16 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEn
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNSSU2FToken, Init)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo)
 
 typedef mozilla::psm::NSSErrorsService NSSErrorsService;
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSVersion)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCertOverrideService, Init)
-NS_GENERIC_FACTORY_CONSTRUCTOR(nsEntropyCollector)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR(WeakCryptoOverride)
 
 NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID);
 NS_DEFINE_NAMED_CID(NS_SSLSOCKETPROVIDER_CID);
 NS_DEFINE_NAMED_CID(NS_STARTTLSSOCKETPROVIDER_CID);
@@ -250,17 +248,16 @@ NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERI
 NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(NS_NSSU2FTOKEN_CID);
 NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
 NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
 NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
-NS_DEFINE_NAMED_CID(NS_ENTROPYCOLLECTOR_CID);
 NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
 NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
 NS_DEFINE_NAMED_CID(NS_WEAKCRYPTOOVERRIDE_CID);
 
 static const mozilla::Module::CIDEntry kNSSCIDs[] = {
   { &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor },
   { &kNS_SSLSOCKETPROVIDER_CID, false, nullptr, nsSSLSocketProviderConstructor },
@@ -287,17 +284,16 @@ static const mozilla::Module::CIDEntry k
   { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr, ContentSignatureVerifierConstructor },
   { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
   { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
   { &kNS_NSSU2FTOKEN_CID, false, nullptr, nsNSSU2FTokenConstructor },
   { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor },
   { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor },
   { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor },
   { &kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor },
-  { &kNS_ENTROPYCOLLECTOR_CID, false, nullptr, nsEntropyCollectorConstructor },
   { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
   { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
   { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor},
   { &kNS_WEAKCRYPTOOVERRIDE_CID, false, nullptr, WeakCryptoOverrideConstructor },
   { nullptr }
 };
 
 static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
@@ -325,17 +321,16 @@ static const mozilla::Module::ContractID
   { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
   { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },
   { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
   { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
   { NS_NSSU2FTOKEN_CONTRACTID, &kNS_NSSU2FTOKEN_CID },
-  { NS_ENTROPYCOLLECTOR_CONTRACTID, &kNS_ENTROPYCOLLECTOR_CID },
   { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
   { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
   { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
   { NS_WEAKCRYPTOOVERRIDE_CONTRACTID, &kNS_WEAKCRYPTOOVERRIDE_CID },
   { nullptr }
 };
 
 static const mozilla::Module::CategoryEntry kNSSCategories[] = {