diff -up libgcrypt-1.6.1/random/random-fips.c.cfgrandom libgcrypt-1.6.1/random/random-fips.c

--- libgcrypt-1.6.1/random/random-fips.c.cfgrandom	2014-02-28 16:06:20.026572478 +0100

+++ libgcrypt-1.6.1/random/random-fips.c	2014-02-28 16:06:34.851915121 +0100

@@ -27,10 +27,10 @@

    There are 3 random context which map to the different levels of

    random quality:

-   Generator                Seed and Key        Kernel entropy (init/reseed)

-   ------------------------------------------------------------

-   GCRY_VERY_STRONG_RANDOM  /dev/random         256/128 bits

-   GCRY_STRONG_RANDOM       /dev/random         256/128 bits

+   Generator                Seed and Key                      Kernel entropy (init/reseed)

+   ---------------------------------------------------------------------------------------

+   GCRY_VERY_STRONG_RANDOM  /etc/gcrypt/rngseed+/dev/urandom  256/128 bits

+   GCRY_STRONG_RANDOM       /etc/gcrypt/rngseed+/dev/urandom  256/128 bits

    gcry_create_nonce        GCRY_STRONG_RANDOM  n/a

    All random generators return their data in 128 bit blocks.  If the

@@ -40,8 +40,10 @@

    (SEED_TTL) output blocks; the re-seeding is disabled in test mode.

    The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are

-   keyed and seeded from the /dev/random device.  Thus these

-   generators may block until the kernel has collected enough entropy.

+   keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed

+   if the device or symlink to device exists xored with the data

+   from the /dev/urandom device. This allows the system administrator

+   to always seed the RNGs from /dev/random if it is required.

    The gcry_create_nonce generator is keyed and seeded from the

    GCRY_STRONG_RANDOM generator.  It may also block if the

@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)

   entropy_collect_buffer_len = 0;

 #if USE_RNDLINUX

+  _gcry_rndlinux_gather_random (entropy_collect_cb, 0,

+                                     X931_AES_KEYLEN,

+                                     -1);

+  entropy_collect_buffer_len = 0;

   rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,

                                      X931_AES_KEYLEN,

-                                     GCRY_VERY_STRONG_RANDOM);

+                                     GCRY_STRONG_RANDOM);

 #elif USE_RNDW32

   do

     {

@@ -713,7 +719,7 @@ get_random (void *buffer, size_t length,

       || rng_ctx->seed_init_pid != getpid ())

     {

       /* Just reinitialize the key & seed. */

-      gcry_cipher_close(rng_ctx->cipher_hd);

+      _gcry_cipher_close(rng_ctx->cipher_hd);

       rng_ctx->cipher_hd = NULL;

       rng_ctx->is_seeded = 0;

       goto reinitialize;

diff -up libgcrypt-1.6.1/random/rndlinux.c.cfgrandom libgcrypt-1.6.1/random/rndlinux.c

--- libgcrypt-1.6.1/random/rndlinux.c.cfgrandom	2013-12-16 18:44:32.000000000 +0100

+++ libgcrypt-1.6.1/random/rndlinux.c	2014-02-28 16:06:20.027572501 +0100

@@ -36,7 +36,9 @@

 #include "g10lib.h"

 #include "rand-internal.h"

-static int open_device (const char *name, int retry);

+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"

+

+static int open_device (const char *name, int retry, int fatal);

 static int

@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)

  * a fatal error but retries until it is able to reopen the device.

  */

 static int

-open_device (const char *name, int retry)

+open_device (const char *name, int retry, int fatal)

 {

   int fd;

@@ -67,6 +69,8 @@ open_device (const char *name, int retry

     _gcry_random_progress ("open_dev_random", 'X', 1, 0);

  again:

   fd = open (name, O_RDONLY);

+  if (fd == -1 && !fatal)

+      return fd;

   if (fd == -1 && retry)

     {

       struct timeval tv;

@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add

 {

   static int fd_urandom = -1;

   static int fd_random = -1;

+  static int fd_configured = -1;

   static unsigned char ever_opened;

   int fd;

   int n;

@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add

           close (fd_urandom);

           fd_urandom = -1;

         }

+      if (fd_configured != -1)

+        {

+          close (fd_configured);

+          fd_configured = -1;

+        }

       return 0;

     }

@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add

      that we always require the device to be existent but want a more

      graceful behaviour if the rarely needed close operation has been

      used and the device needs to be re-opened later. */

+

+  if (level == -1)

+    {

+      if (fd_configured == -1)

+        fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );

+      fd = fd_configured;

+      if (fd == -1)

+        return -1;

+    }

+

   if (level >= 2)

     {

       if (fd_random == -1)

         {

-          fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));

+          fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);

           ever_opened |= 1;

         }

       fd = fd_random;

     }

-  else

+  else if (level != -1)

     {

       if (fd_urandom == -1)

         {

-          fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));

+          fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);

           ever_opened |= 2;

         }

       fd = fd_urandom;