libgcrypt fails to use /dev/random on NetBSD

Christian Biere christianbiere at gmx.de
Fri Sep 9 01:47:06 CEST 2005


>Submitter-Id:	net
>Originator:	Christian Biere
>Confidential:	no
>Synopsis:	libgcrypt fails to use /dev/random on NetBSD
>Severity:	serious
>Priority:	medium
>Category:	pkg
>Class:		sw-bug
>Release:	NetBSD 3.99.7
>Environment:
System: NetBSD cyclonus 3.99.7 NetBSD 3.99.7 (STARSCREAM) #4: Sat Aug 13 17:11:37 CEST 2005 bin at cyclonus:/usr/obj/objdir/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:
The configure script of libgcrypt has "/dev/srandom" hardcoded for NetBSD
instead of "/dev/random". This means libgcrypt will try to access a
non-existing device at runtime and fall back to a replacement method to
gather entropy which is likely to be (much) weaker.

>How-To-Repeat:

Compile libgcrypt and note that it reports that no random device was
found:
"checking for random device... no"

It doesn't complain excessively though. configure will print a message
suggesting to use EGD. However, it does not make obvious that the reason
for showing this message is that the expected random device was not found.

I've only noticed this incidently by tracing an application linked
against libgcrypt when I my eyes caught an access attempt to
"/dev/srandom" in the log output.

>Fix:

As a workaround, add a symbolic link /dev/srandom pointing to an existing
/dev/random. This doesn't require recompiling libgcrypt. The attached
patch against libgcrypt 1.2.1 should fix the bug in the configure script.

diff -ur configure.orig configure
--- configure.orig	2005-01-05 14:53:24.000000000 +0100
+++ configure	2005-09-09 01:13:26.000000000 +0200
@@ -2259,14 +2259,14 @@
 
 
 case "${target}" in
-    *-openbsd* | *-netbsd*)
+    *-openbsd* )
         # FIXME: Are these the best flags for OpenBSD?
         NAME_OF_DEV_RANDOM="/dev/srandom"
         NAME_OF_DEV_URANDOM="/dev/urandom"
 #       DYNLINK_MOD_CFLAGS="-shared -rdynamic $CFLAGS_PIC -Wl,-Bshareable -Wl,-x"
         ;;
 
-    *-solaris* | *-irix* | *-dec-osf* )
+    *-solaris* | *-irix* | *-dec-osf* | *-netbsd* )
         NAME_OF_DEV_RANDOM="/dev/random"
         NAME_OF_DEV_URANDOM="/dev/random"
 #       DYNLINK_MOD_CFLAGS="-shared $CFLAGS_PIC"
diff -ur configure.ac.orig configure.ac
--- configure.ac.orig	2005-01-05 14:52:33.000000000 +0100
+++ configure.ac	2005-09-09 01:10:30.000000000 +0200
@@ -187,14 +187,14 @@
 
 
 case "${target}" in
-    *-openbsd* | *-netbsd*)
+    *-openbsd* )
         # FIXME: Are these the best flags for OpenBSD?
         NAME_OF_DEV_RANDOM="/dev/srandom"
         NAME_OF_DEV_URANDOM="/dev/urandom"
 #       DYNLINK_MOD_CFLAGS="-shared -rdynamic $CFLAGS_PIC -Wl,-Bshareable -Wl,-x"
         ;;
 
-    *-solaris* | *-irix* | *-dec-osf* )
+    *-solaris* | *-irix* | *-dec-osf* | *-netbsd* )
         NAME_OF_DEV_RANDOM="/dev/random"
         NAME_OF_DEV_URANDOM="/dev/random"
 #       DYNLINK_MOD_CFLAGS="-shared $CFLAGS_PIC"



More information about the Gcrypt-devel mailing list