[Help-gnutls] Alternate random device for certtool

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 29 09:21:22 CET 2008


Teran McKinney wrote:
> I am using libgcrypt 1.4.3, and I'm quite cetain that all of Gnutls'
> libraries are up to date. Could this possibly a bug with not building
> without Linux capabilities support? I have been testing with Arch
> Linux, and more so, my fork of Arch Linux, Icadyptes. I noticed that
> libgpg-error was out of date (1.6 instead of 1.7), so I updated it and
> rebuilt libgcrypt; this had no effect.

I CC to gcrypt-devel since this might be gcrypt related.
Could it be that newer versions from 1.4.1 ignore the control:
    gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);

I upgraded to gcrypt 1.4.4 and I notice the same delay, and strace shows
that /dev/random is being used even with this flag.

output from gcrypt 1.4.1:
nmav at crystal:~/cvs/gnutls/src$ time strace certtool -p --outfile
/dev/null 2>&1 | grep random
access("/dev/random", R_OK)             = 0
access("/dev/urandom", R_OK)            = 0
open("/dev/urandom", O_RDONLY)          = 4

real	0m1.220s
user	0m1.136s
sys	0m0.028s

output from gcrypt 1.4.4:
access("/dev/random", R_OK)             = 0
access("/dev/urandom", R_OK)            = 0
open("/dev/urandom", O_RDONLY)          = 4
open("/dev/random", O_RDONLY)           = 5


real	0m29.867s
user	0m0.016s
sys	0m0.016s


regards,
Nikos



More information about the Gcrypt-devel mailing list