|
|
2c8c022 |
diff -up libgcrypt-1.7.3/random/random-drbg.c.cfgrandom libgcrypt-1.7.3/random/random-drbg.c
|
|
|
2c8c022 |
--- libgcrypt-1.7.3/random/random-drbg.c.cfgrandom 2016-04-07 17:30:08.000000000 +0200
|
|
|
2c8c022 |
+++ libgcrypt-1.7.3/random/random-drbg.c 2016-11-22 15:54:02.227319203 +0100
|
|
|
2c8c022 |
@@ -627,8 +627,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
|
|
2c8c022 |
read_cb_size = len;
|
|
|
2c8c022 |
read_cb_len = 0;
|
|
|
b0d0a7f |
#if USE_RNDLINUX
|
|
|
2c8c022 |
+ /* First read from /etc/gcrypt/rngseed if available */
|
|
|
2c8c022 |
+ _gcry_rndlinux_gather_random (drbg_read_cb, 0, len,
|
|
|
2c8c022 |
+ -1);
|
|
|
2c8c022 |
+ read_cb_len = 0;
|
|
|
2c8c022 |
+ /* then use /dev/urandom. */
|
|
|
2c8c022 |
rc = _gcry_rndlinux_gather_random (drbg_read_cb, 0, len,
|
|
|
2c8c022 |
- GCRY_VERY_STRONG_RANDOM);
|
|
|
2c8c022 |
+ GCRY_STRONG_RANDOM);
|
|
|
2c8c022 |
#elif USE_RNDUNIX
|
|
|
2c8c022 |
rc = _gcry_rndunix_gather_random (drbg_read_cb, 0, len,
|
|
|
2c8c022 |
GCRY_VERY_STRONG_RANDOM);
|
|
|
2c8c022 |
diff -up libgcrypt-1.7.3/random/rndlinux.c.cfgrandom libgcrypt-1.7.3/random/rndlinux.c
|
|
|
2c8c022 |
--- libgcrypt-1.7.3/random/rndlinux.c.cfgrandom 2016-07-14 11:19:17.000000000 +0200
|
|
|
2c8c022 |
+++ libgcrypt-1.7.3/random/rndlinux.c 2016-11-22 15:45:19.921141761 +0100
|
|
|
2c8c022 |
@@ -40,7 +40,9 @@
|
|
|
b0d0a7f |
#include "g10lib.h"
|
|
|
b0d0a7f |
#include "rand-internal.h"
|
|
|
b0d0a7f |
|
|
|
247b211 |
-static int open_device (const char *name, int retry);
|
|
|
b0d0a7f |
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
|
|
b0d0a7f |
+
|
|
|
247b211 |
+static int open_device (const char *name, int retry, int fatal);
|
|
|
b0d0a7f |
|
|
|
b0d0a7f |
|
|
|
b0d0a7f |
static int
|
|
|
2c8c022 |
@@ -63,7 +65,7 @@ set_cloexec_flag (int fd)
|
|
|
247b211 |
* a fatal error but retries until it is able to reopen the device.
|
|
|
b0d0a7f |
*/
|
|
|
b0d0a7f |
static int
|
|
|
247b211 |
-open_device (const char *name, int retry)
|
|
|
247b211 |
+open_device (const char *name, int retry, int fatal)
|
|
|
b0d0a7f |
{
|
|
|
b0d0a7f |
int fd;
|
|
|
b0d0a7f |
|
|
|
2c8c022 |
@@ -71,6 +73,8 @@ open_device (const char *name, int retry
|
|
|
247b211 |
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
|
|
|
247b211 |
again:
|
|
|
247b211 |
fd = open (name, O_RDONLY);
|
|
|
247b211 |
+ if (fd == -1 && !fatal)
|
|
|
247b211 |
+ return fd;
|
|
|
247b211 |
if (fd == -1 && retry)
|
|
|
247b211 |
{
|
|
|
247b211 |
struct timeval tv;
|
|
|
2c8c022 |
@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
|
b0d0a7f |
{
|
|
|
b0d0a7f |
static int fd_urandom = -1;
|
|
|
b0d0a7f |
static int fd_random = -1;
|
|
|
b0d0a7f |
+ static int fd_configured = -1;
|
|
|
247b211 |
static unsigned char ever_opened;
|
|
|
b0d0a7f |
int fd;
|
|
|
b0d0a7f |
int n;
|
|
|
2c8c022 |
@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add
|
|
|
247b211 |
close (fd_urandom);
|
|
|
247b211 |
fd_urandom = -1;
|
|
|
247b211 |
}
|
|
|
247b211 |
+ if (fd_configured != -1)
|
|
|
247b211 |
+ {
|
|
|
247b211 |
+ close (fd_configured);
|
|
|
247b211 |
+ fd_configured = -1;
|
|
|
247b211 |
+ }
|
|
|
247b211 |
return 0;
|
|
|
247b211 |
}
|
|
|
b0d0a7f |
|
|
|
2c8c022 |
@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add
|
|
|
247b211 |
that we always require the device to be existent but want a more
|
|
|
247b211 |
graceful behaviour if the rarely needed close operation has been
|
|
|
247b211 |
used and the device needs to be re-opened later. */
|
|
|
b0d0a7f |
+
|
|
|
b0d0a7f |
+ if (level == -1)
|
|
|
b0d0a7f |
+ {
|
|
|
b0d0a7f |
+ if (fd_configured == -1)
|
|
|
247b211 |
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
|
|
|
b0d0a7f |
+ fd = fd_configured;
|
|
|
b0d0a7f |
+ if (fd == -1)
|
|
|
9371d8c |
+ return -1;
|
|
|
b0d0a7f |
+ }
|
|
|
b0d0a7f |
+
|
|
|
b0d0a7f |
if (level >= 2)
|
|
|
b0d0a7f |
{
|
|
|
247b211 |
if (fd_random == -1)
|
|
|
247b211 |
{
|
|
|
247b211 |
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
|
|
247b211 |
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
|
|
247b211 |
ever_opened |= 1;
|
|
|
247b211 |
}
|
|
|
b0d0a7f |
fd = fd_random;
|
|
|
b0d0a7f |
}
|
|
|
b0d0a7f |
- else
|
|
|
b0d0a7f |
+ else if (level != -1)
|
|
|
b0d0a7f |
{
|
|
|
247b211 |
if (fd_urandom == -1)
|
|
|
247b211 |
{
|
|
|
247b211 |
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
|
|
247b211 |
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
|
|
247b211 |
ever_opened |= 2;
|
|
|
247b211 |
}
|
|
|
b0d0a7f |
fd = fd_urandom;
|