Accepting request 698242 from home:jsikes:branches:devel:libraries:c_c++

Hopefully this fixes bsc#1131369. Hopefully. OBS-URL: https://build.opensuse.org/request/show/698242 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=125
2019-04-27 08:19:28 +00:00 · 2019-04-27 08:19:28 +00:00 · 61eeda1b5c
commit 61eeda1b5c
parent 44e7a5642f
4 changed files with 112 additions and 14 deletions
--- a/libgcrypt-1.8.4-getrandom.patch
+++ b/libgcrypt-1.8.4-getrandom.patch
@ -0,0 +1,103 @@
+Index: libgcrypt-1.8.4/random/random-csprng.c
+===================================================================
+--- libgcrypt-1.8.4.orig/random/random-csprng.c
+++ libgcrypt-1.8.4/random/random-csprng.c
+@@ -55,6 +55,10 @@
+ #ifdef __MINGW32__
+ #include <process.h>
+ #endif
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
+ #include "g10lib.h"
+ #include "random.h"
+ #include "rand-internal.h"
+@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
+              enum random_origins, size_t, int);
+ 
+ #if USE_RNDLINUX
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+  long ret;
+  char buffer[1];
+
+  _gcry_pre_syscall ();
+  ret = syscall (__NR_getrandom,
+                 (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+  _gcry_post_syscall ();
+  if (ret != -1 || errno != ENOSYS)
+    {
+      fnc = _gcry_rndlinux_gather_random;
+      return fnc;
+    }
+  else
+          /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
+   if ( !access (NAME_OF_DEV_RANDOM, R_OK)
+        && !access (NAME_OF_DEV_URANDOM, R_OK))
+     {
+Index: libgcrypt-1.8.4/random/random.c
+===================================================================
+--- libgcrypt-1.8.4.orig/random/random.c
+++ libgcrypt-1.8.4/random/random.c
+@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
+   unsigned int result = 0;
+ 
+   fp = fopen (fname, "r");
+-  if (!fp)
+-    return result;
+  if (!fp) /* We make only_urandom the default. */
+    return RANDOM_CONF_ONLY_URANDOM;
+ 
+   for (;;)
+     {
+Index: libgcrypt-1.8.4/random/rndlinux.c
+===================================================================
+--- libgcrypt-1.8.4.orig/random/rndlinux.c
+++ libgcrypt-1.8.4/random/rndlinux.c
+@@ -34,6 +34,7 @@
+ #include <fcntl.h>
+ #if defined(__linux__) && defined(HAVE_SYSCALL)
+ # include <sys/syscall.h>
+# include <linux/random.h>
+ #endif
+ 
+ #include "types.h"
+@@ -248,6 +249,18 @@ _gcry_rndlinux_gather_random (void (*add
+     {
+       if (fd_urandom == -1)
+         {
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+          long ret;
+
+          _gcry_pre_syscall ();
+          ret = syscall (__NR_getrandom,
+                         (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+          _gcry_post_syscall ();
+          if (ret > -1 || errno == EAGAIN || errno == EINTR)
+            fd_urandom = -2;
+	  else
+            /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
+           fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
+           ever_opened |= 2;
+         }
+@@ -275,6 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
+        * syscall and not a new device and thus we are not able to use
+        * select(2) to have a timeout. */
+ #if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+      if (fd == -2)
+         {
+           long ret;
+           size_t nbytes;
+@@ -290,9 +304,7 @@ _gcry_rndlinux_gather_random (void (*add
+               _gcry_post_syscall ();
+             }
+           while (ret == -1 && errno == EINTR);
+-          if (ret == -1 && errno == ENOSYS)
+-            ; /* The syscall is not supported - fallback to pulling from fd.  */
+-          else
+          if (1)
+             { /* The syscall is supported.  Some sanity checks.  */
+               if (ret == -1)
+                 log_fatal ("unexpected error from getrandom: %s\n",
--- a/libgcrypt-init-at-elf-load-fips.patch
+++ b/libgcrypt-init-at-elf-load-fips.patch
@ -1,13 +0,0 @@
-Index: libgcrypt-1.6.1/src/global.c
-===================================================================
--- libgcrypt-1.6.1.orig/src/global.c
-+++ libgcrypt-1.6.1/src/global.c
-@@ -76,7 +76,7 @@ static gpg_err_code_t external_lock_test
-    likely to be called at startup.  The suggested way for an
-    application to make sure that this has been called is by using
-    gcry_check_version. */
-static void
-+static void __attribute__((constructor))
- global_init (void)
- {
-   gcry_error_t err = 0;
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Apr 26 06:47:45 UTC 2019 - Jason Sikes <jsikes@suse.de>
+
+- do not try to open /dev/urandom if getrandom() works
+  * Added libgcrypt-1.8.4-getrandom.patch
+- Drop libgcrypt-init-at-elf-load-fips.patch obsoleted
+  by libgcrypt-1.8.3-fips-ctor.patch
+
 -------------------------------------------------------------------
 Tue Apr 23 12:38:40 UTC 2019 - Jason Sikes <jsikes@suse.de>

--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -48,7 +48,6 @@ Patch13:        libgcrypt-1.6.1-fips-cavs.patch
 #PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
 Patch14:        libgcrypt-1.6.1-fips-cfgrandom.patch
 Patch28:        libgcrypt-fix-rng.patch
-Patch29:        libgcrypt-init-at-elf-load-fips.patch
 #PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
 Patch30:        drbg_test.patch
 #PATCH-FIX-SUSE run FIPS self-test from constructor
@ -63,6 +62,7 @@ Patch41:        libgcrypt-binary_integrity_in_non-FIPS.patch
 Patch42:        libgcrypt-fips_rsa_no_enforced_mode.patch
 Patch43:        libgcrypt-1.8.4-use_xfree.patch
 Patch44:        libgcrypt-1.8.4-allow_FSM_same_state.patch
+Patch45:        libgcrypt-1.8.4-getrandom.patch
 BuildRequires:  automake >= 1.14
 BuildRequires:  fipscheck
 BuildRequires:  libgpg-error-devel >= 1.25