From: draht@suse.com Subject: /etc/gcrypt/rngseed symlink logic error in evaluation of routine to open /dev/{u,}random or /etc/gcrypt/rngseed (open_device()) causes abort() in cases where do_randomize(nbytes, level) is called with level == 1 (GCRY_STRONG_RANDOM). References: bnc#724841 https://bugzilla.novell.com/show_bug.cgi?id=724841 --- random/random-csprng.c | 2 - random/random-fips.c | 10 ++++---- random/rndlinux.c | 58 ++++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 54 insertions(+), 16 deletions(-) Index: libgcrypt-1.6.0/random/random-csprng.c =================================================================== --- libgcrypt-1.6.0.orig/random/random-csprng.c +++ libgcrypt-1.6.0/random/random-csprng.c @@ -832,7 +832,7 @@ read_seed_file (void) * entropy drivers, however the rndlinux driver will use * /dev/urandom and return some stuff - Do not read too much as we * want to be friendly to the scare system entropy resource. */ - read_random_source ( RANDOM_ORIGIN_INIT, 16, GCRY_WEAK_RANDOM ); + read_random_source ( RANDOM_ORIGIN_INIT, 16, -1 ); allow_seed_file_update = 1; return 1; Index: libgcrypt-1.6.0/random/random-fips.c =================================================================== --- libgcrypt-1.6.0.orig/random/random-fips.c +++ libgcrypt-1.6.0/random/random-fips.c @@ -27,10 +27,10 @@ There are 3 random context which map to the different levels of random quality: - Generator Seed and Key Kernel entropy (init/reseed) - ------------------------------------------------------------ - GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits - GCRY_STRONG_RANDOM /dev/random 256/128 bits + Generator Seed and Key Kernel entropy (init/reseed) + --------------------------------------------------------------------------------------- + GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits + GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits gcry_create_nonce GCRY_STRONG_RANDOM n/a All random generators return their data in 128 bit blocks. If the @@ -562,7 +562,7 @@ get_entropy (size_t nbytes) #if USE_RNDLINUX rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0, X931_AES_KEYLEN, - GCRY_VERY_STRONG_RANDOM); + -1); #elif USE_RNDW32 do { Index: libgcrypt-1.6.0/random/rndlinux.c =================================================================== --- libgcrypt-1.6.0.orig/random/rndlinux.c +++ libgcrypt-1.6.0/random/rndlinux.c @@ -36,7 +36,8 @@ #include "g10lib.h" #include "rand-internal.h" -static int open_device (const char *name, int retry); +static int open_device (const char *name, int retry, int fatal); +#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed" static int @@ -59,7 +60,7 @@ set_cloexec_flag (int fd) * a fatal error but retries until it is able to reopen the device. */ static int -open_device (const char *name, int retry) +open_device (const char *name, int retry, int fatal) { int fd; @@ -67,8 +68,9 @@ open_device (const char *name, int retry _gcry_random_progress ("open_dev_random", 'X', 1, 0); again: fd = open (name, O_RDONLY); - if (fd == -1 && retry) - { + if (fd == -1) { + if (retry) + { struct timeval tv; tv.tv_sec = 5; @@ -76,9 +78,14 @@ open_device (const char *name, int retry _gcry_random_progress ("wait_dev_random", 'X', 0, (int)tv.tv_sec); select (0, NULL, NULL, NULL, &tv); goto again; - } - if (fd == -1) - log_fatal ("can't open %s: %s\n", name, strerror(errno) ); + } + else + { + if (fatal) + log_fatal ("can't open %s: %s\n", name, strerror(errno) ); + return fd; + } + } if (set_cloexec_flag (fd)) log_error ("error setting FD_CLOEXEC on fd %d: %s\n", @@ -111,11 +118,13 @@ _gcry_rndlinux_gather_random (void (*add { static int fd_urandom = -1; static int fd_random = -1; + static int fd_configured = -1; static unsigned char ever_opened; int fd; int n; byte buffer[768]; size_t n_hw; + size_t orig_length = length; size_t want = length; size_t last_so_far = 0; int any_need_entropy = 0; @@ -153,20 +162,46 @@ _gcry_rndlinux_gather_random (void (*add that we always require the device to be existent but want a more graceful behaviour if the rarely needed close operation has been used and the device needs to be re-opened later. */ + + /* Clarification: path how "level == -1" comes about: + gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) -> + do_randomize(buffer, nbytes, level) -> + _gcry_rngcsprng_randomize(buffer, length, level) -> + read_pool (p, n, level) -> + read_seed_file(), + random_poll() -> + read_random_source(..., ..., GCRY_STRONG_RANDOM), + read_random_source(... , ..., , -1 ) (note: -1) -> + slow_gather_fnc(..., ..., ..., level) + function pointer set by getfnc_gather_random() to + _gcry_rndlinux_gather_random() , which is here. + */ + + + if (level == -1) + { + if (fd_configured == -1) + fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0); + fd = fd_configured; + if (fd == -1) + level = 1; + } + + if (level >= 2) { if (fd_random == -1) { - fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1)); + fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1); ever_opened |= 1; } fd = fd_random; } - else + else if (level != -1) { if (fd_urandom == -1) { - fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2)); + fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1); ever_opened |= 2; } fd = fd_urandom; @@ -242,6 +277,9 @@ _gcry_rndlinux_gather_random (void (*add } memset(buffer, 0, sizeof(buffer) ); + if (level == -1) + _gcry_rndlinux_gather_random(add, origin, orig_length, 1); + if (any_need_entropy) _gcry_random_progress ("need_entropy", 'X', (int)want, (int)want);