376991d05a
- touch only urandom in the selftest and when /dev/random is unavailable for example by SELinux confinement - fix the RSA selftest key (p q swap) (#1204517)
30 lines
1.4 KiB
Diff
30 lines
1.4 KiB
Diff
diff -up libgcrypt-1.6.3/random/random-csprng.c.urandom-only libgcrypt-1.6.3/random/random-csprng.c
|
|
--- libgcrypt-1.6.3/random/random-csprng.c.urandom-only 2015-02-27 10:54:03.000000000 +0100
|
|
+++ libgcrypt-1.6.3/random/random-csprng.c 2015-03-20 08:29:27.513113519 +0100
|
|
@@ -1125,8 +1125,7 @@ getfnc_gather_random (void))(void (*)(co
|
|
enum random_origins, size_t, int);
|
|
|
|
#if USE_RNDLINUX
|
|
- if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
|
- && !access (NAME_OF_DEV_URANDOM, R_OK))
|
|
+ if (!access (NAME_OF_DEV_URANDOM, R_OK))
|
|
{
|
|
fnc = _gcry_rndlinux_gather_random;
|
|
return fnc;
|
|
diff -up libgcrypt-1.6.3/random/rndlinux.c.urandom-only libgcrypt-1.6.3/random/rndlinux.c
|
|
--- libgcrypt-1.6.3/random/rndlinux.c.urandom-only 2015-03-20 08:36:13.472098269 +0100
|
|
+++ libgcrypt-1.6.3/random/rndlinux.c 2015-03-20 08:36:43.765097131 +0100
|
|
@@ -178,7 +178,11 @@ _gcry_rndlinux_gather_random (void (*add
|
|
{
|
|
if (fd_random == -1)
|
|
{
|
|
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
|
+ /* We try to open /dev/random first but in case the open fails
|
|
+ we gracefully retry with /dev/urandom. */
|
|
+ fd_random = open_device (NAME_OF_DEV_RANDOM, 0, 0);
|
|
+ if (fd_random == -1)
|
|
+ fd_random = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 1), 1);
|
|
ever_opened |= 1;
|
|
}
|
|
fd = fd_random;
|