do not try to open /dev/urandom if getrandom() works (#1380866)

2017-12-04 09:53:29 +01:00 · 2017-12-04 09:53:29 +01:00 · e16cfed1d6
commit e16cfed1d6
parent f1706aee32
2 changed files with 46 additions and 1 deletions
--- a/libgcrypt-1.8.1-getrandom.patch
+++ b/libgcrypt-1.8.1-getrandom.patch
@ -0,0 +1,39 @@
+diff -up libgcrypt-1.8.1/random/rndlinux.c.getrandom libgcrypt-1.8.1/random/rndlinux.c
+--- libgcrypt-1.8.1/random/rndlinux.c.getrandom	2017-09-05 14:34:28.003872675 +0200
+++ libgcrypt-1.8.1/random/rndlinux.c	2017-12-04 09:48:38.704845838 +0100
+@@ -35,6 +35,7 @@
+ #include <poll.h>
+ #if defined(__linux__) && defined(HAVE_SYSCALL)
+ # include <sys/syscall.h>
+# include <linux/random.h>
+ #endif
+ 
+ #include "types.h"
+@@ -204,6 +205,16 @@ _gcry_rndlinux_gather_random (void (*add
+     {
+       if (fd_urandom == -1)
+         {
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+          long ret;
+
+          _gcry_pre_syscall ();
+          ret = syscall (__NR_getrandom,
+                         (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+          _gcry_post_syscall ();
+        if (ret == -1 && errno == ENOSYS)
+          /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
+           fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
+           ever_opened |= 2;
+         }
+@@ -246,9 +257,7 @@ _gcry_rndlinux_gather_random (void (*add
+               _gcry_post_syscall ();
+             }
+           while (ret == -1 && errno == EINTR);
+-          if (ret == -1 && errno == ENOSYS)
+-            ; /* The syscall is not supported - fallback to /dev/urandom.  */
+-          else
+          if (1)
+             { /* The syscall is supported.  Some sanity checks.  */
+               if (ret == -1)
+                 log_fatal ("unexpected error from getrandom: %s\n",
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.8.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL: http://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@ -35,6 +35,8 @@ Patch18: libgcrypt-1.6.2-fips-ctor.patch
 Patch22: libgcrypt-1.7.3-fips-reqs.patch
 # Fix the t-secmem on PPC64
 Patch23: libgcrypt-1.8.0-build.patch
+# Do not try to open /dev/urandom if getrandom() works
+Patch24: libgcrypt-1.8.1-getrandom.patch

 %define gcrylibdir %{_libdir}

@ -79,6 +81,7 @@ applications using libgcrypt.
 %patch18 -p1 -b .fips-ctor
 %patch22 -p1 -b .fips-reqs
 %patch23 -p1 -b .build
+%patch24 -p1 -b .getrandom

 cp %{SOURCE4} cipher/
 cp %{SOURCE5} %{SOURCE6} tests/
@ -192,6 +195,9 @@ exit 0
 %license COPYING

 %changelog
+* Mon Dec  4 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-2
+- do not try to open /dev/urandom if getrandom() works (#1380866)
+
 * Tue Sep  5 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-1
 - new upstream version 1.8.1