3
0
forked from pool/libgcrypt

Accepting request 698242 from home:jsikes:branches:devel:libraries:c_c++

Hopefully this fixes bsc#1131369. Hopefully.

OBS-URL: https://build.opensuse.org/request/show/698242
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=125
This commit is contained in:
Tomáš Chvátal 2019-04-27 08:19:28 +00:00 committed by Git OBS Bridge
parent 44e7a5642f
commit 61eeda1b5c
4 changed files with 112 additions and 14 deletions

View File

@ -0,0 +1,103 @@
Index: libgcrypt-1.8.4/random/random-csprng.c
===================================================================
--- libgcrypt-1.8.4.orig/random/random-csprng.c
+++ libgcrypt-1.8.4/random/random-csprng.c
@@ -55,6 +55,10 @@
#ifdef __MINGW32__
#include <process.h>
#endif
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+ char buffer[1];
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret != -1 || errno != ENOSYS)
+ {
+ fnc = _gcry_rndlinux_gather_random;
+ return fnc;
+ }
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
&& !access (NAME_OF_DEV_URANDOM, R_OK))
{
Index: libgcrypt-1.8.4/random/random.c
===================================================================
--- libgcrypt-1.8.4.orig/random/random.c
+++ libgcrypt-1.8.4/random/random.c
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
unsigned int result = 0;
fp = fopen (fname, "r");
- if (!fp)
- return result;
+ if (!fp) /* We make only_urandom the default. */
+ return RANDOM_CONF_ONLY_URANDOM;
for (;;)
{
Index: libgcrypt-1.8.4/random/rndlinux.c
===================================================================
--- libgcrypt-1.8.4.orig/random/rndlinux.c
+++ libgcrypt-1.8.4/random/rndlinux.c
@@ -34,6 +34,7 @@
#include <fcntl.h>
#if defined(__linux__) && defined(HAVE_SYSCALL)
# include <sys/syscall.h>
+# include <linux/random.h>
#endif
#include "types.h"
@@ -248,6 +249,18 @@ _gcry_rndlinux_gather_random (void (*add
{
if (fd_urandom == -1)
{
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
+ fd_urandom = -2;
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
ever_opened |= 2;
}
@@ -275,6 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
* syscall and not a new device and thus we are not able to use
* select(2) to have a timeout. */
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ if (fd == -2)
{
long ret;
size_t nbytes;
@@ -290,9 +304,7 @@ _gcry_rndlinux_gather_random (void (*add
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
- if (ret == -1 && errno == ENOSYS)
- ; /* The syscall is not supported - fallback to pulling from fd. */
- else
+ if (1)
{ /* The syscall is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getrandom: %s\n",

View File

@ -1,13 +0,0 @@
Index: libgcrypt-1.6.1/src/global.c
===================================================================
--- libgcrypt-1.6.1.orig/src/global.c
+++ libgcrypt-1.6.1/src/global.c
@@ -76,7 +76,7 @@ static gpg_err_code_t external_lock_test
likely to be called at startup. The suggested way for an
application to make sure that this has been called is by using
gcry_check_version. */
-static void
+static void __attribute__((constructor))
global_init (void)
{
gcry_error_t err = 0;

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Apr 26 06:47:45 UTC 2019 - Jason Sikes <jsikes@suse.de>
- do not try to open /dev/urandom if getrandom() works
* Added libgcrypt-1.8.4-getrandom.patch
- Drop libgcrypt-init-at-elf-load-fips.patch obsoleted
by libgcrypt-1.8.3-fips-ctor.patch
-------------------------------------------------------------------
Tue Apr 23 12:38:40 UTC 2019 - Jason Sikes <jsikes@suse.de>

View File

@ -48,7 +48,6 @@ Patch13: libgcrypt-1.6.1-fips-cavs.patch
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
Patch28: libgcrypt-fix-rng.patch
Patch29: libgcrypt-init-at-elf-load-fips.patch
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
Patch30: drbg_test.patch
#PATCH-FIX-SUSE run FIPS self-test from constructor
@ -63,6 +62,7 @@ Patch41: libgcrypt-binary_integrity_in_non-FIPS.patch
Patch42: libgcrypt-fips_rsa_no_enforced_mode.patch
Patch43: libgcrypt-1.8.4-use_xfree.patch
Patch44: libgcrypt-1.8.4-allow_FSM_same_state.patch
Patch45: libgcrypt-1.8.4-getrandom.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.25