From ed535bbc523714d062a3a5949e7924ff3f7cd403 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 5 Dec 2017 11:54:01 +0100 Subject: [PATCH] do not try to access() /dev/urandom either if getrandom() works --- libgcrypt-1.8.1-getrandom.patch | 37 +++++++++++++++++++++++++++++++++ libgcrypt.spec | 5 ++++- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/libgcrypt-1.8.1-getrandom.patch b/libgcrypt-1.8.1-getrandom.patch index c343ae6..470acd3 100644 --- a/libgcrypt-1.8.1-getrandom.patch +++ b/libgcrypt-1.8.1-getrandom.patch @@ -1,3 +1,40 @@ +diff -up libgcrypt-1.8.1/random/random-csprng.c.getrandom libgcrypt-1.8.1/random/random-csprng.c +--- libgcrypt-1.8.1/random/random-csprng.c.getrandom 2017-08-27 09:05:36.000000000 +0200 ++++ libgcrypt-1.8.1/random/random-csprng.c 2017-12-05 11:49:06.609801947 +0100 +@@ -55,6 +55,10 @@ + #ifdef __MINGW32__ + #include + #endif ++#if defined(__linux__) && defined(HAVE_SYSCALL) ++# include ++# include ++#endif + #include "g10lib.h" + #include "random.h" + #include "rand-internal.h" +@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co + enum random_origins, size_t, int); + + #if USE_RNDLINUX ++#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom) ++ long ret; ++ char buffer[1]; ++ ++ _gcry_pre_syscall (); ++ ret = syscall (__NR_getrandom, ++ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK); ++ gcry_post_syscall (); ++ if (ret != -1 || errno != ENOSYS) ++ { ++ fnc = _gcry_rndlinux_gather_random; ++ return fnc; ++ } ++ else ++ /* The syscall is not supported - fallback to /dev/urandom. */ ++#endif + if ( !access (NAME_OF_DEV_RANDOM, R_OK) + && !access (NAME_OF_DEV_URANDOM, R_OK)) + { diff -up libgcrypt-1.8.1/random/rndlinux.c.getrandom libgcrypt-1.8.1/random/rndlinux.c --- libgcrypt-1.8.1/random/rndlinux.c.getrandom 2017-09-05 14:34:28.003872675 +0200 +++ libgcrypt-1.8.1/random/rndlinux.c 2017-12-04 09:48:38.704845838 +0100 diff --git a/libgcrypt.spec b/libgcrypt.spec index d6639df..822aeba 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -1,6 +1,6 @@ Name: libgcrypt Version: 1.8.1 -Release: 2%{?dist} +Release: 3%{?dist} URL: http://www.gnupg.org/ Source0: libgcrypt-%{version}-hobbled.tar.xz # The original libgcrypt sources now contain potentially patented ECC @@ -195,6 +195,9 @@ exit 0 %license COPYING %changelog +* Tue Dec 5 2017 Tomáš Mráz 1.8.1-3 +- do not try to access() /dev/urandom either if getrandom() works + * Mon Dec 4 2017 Tomáš Mráz 1.8.1-2 - do not try to open /dev/urandom if getrandom() works (#1380866)