do not try to open /dev/urandom if getrandom() works (#1380866)
This commit is contained in:
parent
f1706aee32
commit
e16cfed1d6
39
libgcrypt-1.8.1-getrandom.patch
Normal file
39
libgcrypt-1.8.1-getrandom.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
diff -up libgcrypt-1.8.1/random/rndlinux.c.getrandom libgcrypt-1.8.1/random/rndlinux.c
|
||||||
|
--- libgcrypt-1.8.1/random/rndlinux.c.getrandom 2017-09-05 14:34:28.003872675 +0200
|
||||||
|
+++ libgcrypt-1.8.1/random/rndlinux.c 2017-12-04 09:48:38.704845838 +0100
|
||||||
|
@@ -35,6 +35,7 @@
|
||||||
|
#include <poll.h>
|
||||||
|
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||||
|
# include <sys/syscall.h>
|
||||||
|
+# include <linux/random.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "types.h"
|
||||||
|
@@ -204,6 +205,16 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
{
|
||||||
|
if (fd_urandom == -1)
|
||||||
|
{
|
||||||
|
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||||
|
+ long ret;
|
||||||
|
+
|
||||||
|
+ _gcry_pre_syscall ();
|
||||||
|
+ ret = syscall (__NR_getrandom,
|
||||||
|
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||||
|
+ _gcry_post_syscall ();
|
||||||
|
+ if (ret == -1 && errno == ENOSYS)
|
||||||
|
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||||
|
+#endif
|
||||||
|
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
||||||
|
ever_opened |= 2;
|
||||||
|
}
|
||||||
|
@@ -246,9 +257,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
_gcry_post_syscall ();
|
||||||
|
}
|
||||||
|
while (ret == -1 && errno == EINTR);
|
||||||
|
- if (ret == -1 && errno == ENOSYS)
|
||||||
|
- ; /* The syscall is not supported - fallback to /dev/urandom. */
|
||||||
|
- else
|
||||||
|
+ if (1)
|
||||||
|
{ /* The syscall is supported. Some sanity checks. */
|
||||||
|
if (ret == -1)
|
||||||
|
log_fatal ("unexpected error from getrandom: %s\n",
|
@ -1,6 +1,6 @@
|
|||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.8.1
|
Version: 1.8.1
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
URL: http://www.gnupg.org/
|
URL: http://www.gnupg.org/
|
||||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||||
# The original libgcrypt sources now contain potentially patented ECC
|
# The original libgcrypt sources now contain potentially patented ECC
|
||||||
@ -35,6 +35,8 @@ Patch18: libgcrypt-1.6.2-fips-ctor.patch
|
|||||||
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
||||||
# Fix the t-secmem on PPC64
|
# Fix the t-secmem on PPC64
|
||||||
Patch23: libgcrypt-1.8.0-build.patch
|
Patch23: libgcrypt-1.8.0-build.patch
|
||||||
|
# Do not try to open /dev/urandom if getrandom() works
|
||||||
|
Patch24: libgcrypt-1.8.1-getrandom.patch
|
||||||
|
|
||||||
%define gcrylibdir %{_libdir}
|
%define gcrylibdir %{_libdir}
|
||||||
|
|
||||||
@ -79,6 +81,7 @@ applications using libgcrypt.
|
|||||||
%patch18 -p1 -b .fips-ctor
|
%patch18 -p1 -b .fips-ctor
|
||||||
%patch22 -p1 -b .fips-reqs
|
%patch22 -p1 -b .fips-reqs
|
||||||
%patch23 -p1 -b .build
|
%patch23 -p1 -b .build
|
||||||
|
%patch24 -p1 -b .getrandom
|
||||||
|
|
||||||
cp %{SOURCE4} cipher/
|
cp %{SOURCE4} cipher/
|
||||||
cp %{SOURCE5} %{SOURCE6} tests/
|
cp %{SOURCE5} %{SOURCE6} tests/
|
||||||
@ -192,6 +195,9 @@ exit 0
|
|||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 4 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-2
|
||||||
|
- do not try to open /dev/urandom if getrandom() works (#1380866)
|
||||||
|
|
||||||
* Tue Sep 5 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-1
|
* Tue Sep 5 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-1
|
||||||
- new upstream version 1.8.1
|
- new upstream version 1.8.1
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user