forked from pool/libgcrypt
31afb2af23
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode. - libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20 and not libgcrypt.so.11 - libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF DSO loading to meet FIPS requirements. OBS-URL: https://build.opensuse.org/request/show/235418 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=57
25 lines
913 B
Diff
25 lines
913 B
Diff
Index: libgcrypt-1.6.1/random/random.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.1.orig/random/random.c
|
|
+++ libgcrypt-1.6.1/random/random.c
|
|
@@ -440,6 +440,9 @@ _gcry_create_nonce (void *buffer, size_t
|
|
size_t n;
|
|
int err;
|
|
|
|
+ /* Make sure we are initialized. */
|
|
+ _gcry_random_initialize (1);
|
|
+
|
|
/* First check whether we shall use the FIPS nonce generator. This
|
|
is only done in FIPS mode, in all other modes, we use our own
|
|
nonce generator which is seeded by the RNG actual in use. */
|
|
@@ -455,9 +458,6 @@ _gcry_create_nonce (void *buffer, size_t
|
|
FIPS mode (not that this means it is also used if the FIPS RNG
|
|
has been selected but we are not in fips mode). */
|
|
|
|
- /* Make sure we are initialized. */
|
|
- _gcry_random_initialize (1);
|
|
-
|
|
/* Acquire the nonce buffer lock. */
|
|
err = ath_mutex_lock (&nonce_buffer_lock);
|
|
if (err)
|