Please see attached patches to add support for arc4random_buf() as an
alternate to /dev/{u}random. I tried to be as unobtrusive as possible
and maintain style. It should also allow the user to still define
RANDOM_CONF_ONLY_URANDOM if they would prefer to use /dev/urandom. This
will allow gpg to be used on filesystems mounted nodev while providing
quick, quality randomness.
Thanks,
Edgar Pettijohn
--- configure.ac Wed Dec 13 07:51:33 2017
+++ /home/edgar/libgcrypt-1.8.2/configure.ac Mon Feb 5 19:59:17 2018
@@ -1721,7 +1721,7 @@
# Other checks
AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4)
AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog)
-AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile)
+AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile arc4random_buf)
GNUPG_CHECK_MLOCK
--- rndlinux.c Thu Nov 23 12:16:58 2017
+++ /home/edgar/libgcrypt-1.8.2/random/rndlinux.c Mon Feb 5 23:18:20 2018
@@ -154,6 +154,30 @@
}
+/* This is the least obtrusive way I could find */
+#if defined(HAVE_ARC4RANDOM_BUF)
+ if (!only_urandom)
+ {
+ do
+ {
+ size_t nbytes;
+
+ nbytes = length < sizeof(buffer) ? length : sizeof(buffer);
+ /* always successful */
+ arc4random_buf (buffer, nbytes);
+
+ (*add)(buffer, nbytes, origin);
+ want = want - nbytes;
+ } while (want);
+
+ wipememory (buffer, sizeof buffer);
+
+ return 0; /* success */
+ }
+
+#endif /* HAVE_ARC4RANDOM_BUF */
+
+
/* First read from a hardware source. However let it account only
for up to 50% (or 25% for RDRAND) of the requested bytes. */
n_hw = _gcry_rndhw_poll_slow (add, origin);
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users