gcrypt: Seed PRNG in init_random_seed_or_die().

The function is supposed to call srandom(3) to set the seed for a new
sequence of pseudo-random integers to be returned by random(3). The
openssl crypto backend does this, but the gcrypt one does not.

This is not a fatal flaw as we don't use random(3) for any
cryptographic purpose. Let's fix it anyway.

diff --git a/gcrypt.c b/gcrypt.c
index 7c19aeb0c3edc022c5b0f0425a202e37fd38d906..f30e8166b01badc08de69487dcb99645d4d15990 100644 (file)
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -59,16 +59,15 @@ void get_random_bytes_or_die(unsigned char *buf, int num)
 }
 
 /*
- * This is called at the beginning of every program that uses libgcrypt. We
- * don't have to initialize any random seed here, but we must initialize the
- * gcrypt library. This task is performed by gcry_check_version() which can
- * also check that the gcrypt library version is at least the minimal required
- * version. This function also tells us whether we have to use our own OAEP
- * padding code.
+ * This is called at the beginning of every program that uses libgcrypt. The
+ * call to gcry_check_version() initializes the gcrypt library and checks that
+ * we have at least the minimal required version. This function also tells us
+ * whether we have to use our own OAEP padding code.
  */
 void init_random_seed_or_die(void)
 {
        const char *ver, *req_ver;
+       int seed;
 
        ver = gcry_check_version(NULL);
        req_ver = "1.4.0";
@@ -85,6 +84,8 @@ void init_random_seed_or_die(void)
                libgcrypt_has_oaep = false;
                rsa_decrypt_sexp = "(enc-val(rsa(a %m)))";
        }
+       get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
+       srandom(seed);
 }
 
 /** S-expression for the public part of an RSA key. */