[Help-gnutls] Alternate random device for certtool
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Nov 29 09:21:22 CET 2008
Teran McKinney wrote:
> I am using libgcrypt 1.4.3, and I'm quite cetain that all of Gnutls'
> libraries are up to date. Could this possibly a bug with not building
> without Linux capabilities support? I have been testing with Arch
> Linux, and more so, my fork of Arch Linux, Icadyptes. I noticed that
> libgpg-error was out of date (1.6 instead of 1.7), so I updated it and
> rebuilt libgcrypt; this had no effect.
I CC to gcrypt-devel since this might be gcrypt related.
Could it be that newer versions from 1.4.1 ignore the control:
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
I upgraded to gcrypt 1.4.4 and I notice the same delay, and strace shows
that /dev/random is being used even with this flag.
output from gcrypt 1.4.1:
nmav at crystal:~/cvs/gnutls/src$ time strace certtool -p --outfile
/dev/null 2>&1 | grep random
access("/dev/random", R_OK) = 0
access("/dev/urandom", R_OK) = 0
open("/dev/urandom", O_RDONLY) = 4
real 0m1.220s
user 0m1.136s
sys 0m0.028s
output from gcrypt 1.4.4:
access("/dev/random", R_OK) = 0
access("/dev/urandom", R_OK) = 0
open("/dev/urandom", O_RDONLY) = 4
open("/dev/random", O_RDONLY) = 5
real 0m29.867s
user 0m0.016s
sys 0m0.016s
regards,
Nikos
More information about the Gcrypt-devel
mailing list