From f0919ce4c6ca831e5a623ce2de9b9dd9f497cff1 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Thu, 28 Dec 2017 16:48:48 +0100 Subject: [PATCH] gcrypt: Seed PRNG in init_random_seed_or_die(). The function is supposed to call srandom(3) to set the seed for a new sequence of pseudo-random integers to be returned by random(3). The openssl crypto backend does this, but the gcrypt one does not. This is not a fatal flaw as we don't use random(3) for any cryptographic purpose. Let's fix it anyway. --- gcrypt.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/gcrypt.c b/gcrypt.c index 7c19aeb0..f30e8166 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -59,16 +59,15 @@ void get_random_bytes_or_die(unsigned char *buf, int num) } /* - * This is called at the beginning of every program that uses libgcrypt. We - * don't have to initialize any random seed here, but we must initialize the - * gcrypt library. This task is performed by gcry_check_version() which can - * also check that the gcrypt library version is at least the minimal required - * version. This function also tells us whether we have to use our own OAEP - * padding code. + * This is called at the beginning of every program that uses libgcrypt. The + * call to gcry_check_version() initializes the gcrypt library and checks that + * we have at least the minimal required version. This function also tells us + * whether we have to use our own OAEP padding code. */ void init_random_seed_or_die(void) { const char *ver, *req_ver; + int seed; ver = gcry_check_version(NULL); req_ver = "1.4.0"; @@ -85,6 +84,8 @@ void init_random_seed_or_die(void) libgcrypt_has_oaep = false; rsa_decrypt_sexp = "(enc-val(rsa(a %m)))"; } + get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed)); + srandom(seed); } /** S-expression for the public part of an RSA key. */ -- 2.39.5