pkgsrc-bugs: pkg/31254: libgcrypt fails to use /dev/random on NetBSD

Subject: pkg/31254: libgcrypt fails to use /dev/random on NetBSD
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Christian Biere <christianbiere@gmx.de>
List: pkgsrc-bugs
Date: 09/09/2005 07:57:52
>Number:         31254
>Category:       pkg
>Synopsis:       libgcrypt fails to use /dev/random on NetBSD
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 09 07:57:52 +0000 2005
>Originator:     Christian Biere
>Release:        NetBSD 3.99.7
>Environment:
System: NetBSD cyclonus 3.99.7 NetBSD 3.99.7 (STARSCREAM) #4: Sat Aug 13 17:11:37 CEST 2005 bin@cyclonus:/usr/obj/objdir/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:
The configure script of libgcrypt has "/dev/srandom" hardcoded for NetBSD
instead of "/dev/random". This means libgcrypt will try to access a
non-existing device at runtime and fall back to a replacement method to
gather entropy which is likely to be (much) weaker.

>How-To-Repeat:

Compile libgcrypt and note that it reports that no random device was
found:
"checking for random device... no"

It doesn't complain excessively though. configure will print a message
suggesting to use EGD. However, it does not make obvious that the reason
for showing this message is that the expected random device was not found.

I've only noticed this incidently by tracing an application linked
against libgcrypt when I my eyes caught an access attempt to
"/dev/srandom" in the log output.

>Fix:

As a workaround, add a symbolic link /dev/srandom pointing to an existing
/dev/random. This doesn't require recompiling libgcrypt. The attached
patch against libgcrypt 1.2.1 should fix the bug in the configure script.

diff -ur configure.orig configure
--- configure.orig	2005-01-05 14:53:24.000000000 +0100
+++ configure	2005-09-09 01:13:26.000000000 +0200
@@ -2259,14 +2259,14 @@
 
 
 case "${target}" in
-    *-openbsd* | *-netbsd*)
+    *-openbsd* )
         # FIXME: Are these the best flags for OpenBSD?
         NAME_OF_DEV_RANDOM="/dev/srandom"
         NAME_OF_DEV_URANDOM="/dev/urandom"
 #       DYNLINK_MOD_CFLAGS="-shared -rdynamic $CFLAGS_PIC -Wl,-Bshareable -Wl,-x"
         ;;
 
-    *-solaris* | *-irix* | *-dec-osf* )
+    *-solaris* | *-irix* | *-dec-osf* | *-netbsd* )
         NAME_OF_DEV_RANDOM="/dev/random"
         NAME_OF_DEV_URANDOM="/dev/random"
 #       DYNLINK_MOD_CFLAGS="-shared $CFLAGS_PIC"
diff -ur configure.ac.orig configure.ac
--- configure.ac.orig	2005-01-05 14:52:33.000000000 +0100
+++ configure.ac	2005-09-09 01:10:30.000000000 +0200
@@ -187,14 +187,14 @@
 
 
 case "${target}" in
-    *-openbsd* | *-netbsd*)
+    *-openbsd* )
         # FIXME: Are these the best flags for OpenBSD?
         NAME_OF_DEV_RANDOM="/dev/srandom"
         NAME_OF_DEV_URANDOM="/dev/urandom"
 #       DYNLINK_MOD_CFLAGS="-shared -rdynamic $CFLAGS_PIC -Wl,-Bshareable -Wl,-x"
         ;;
 
-    *-solaris* | *-irix* | *-dec-osf* )
+    *-solaris* | *-irix* | *-dec-osf* | *-netbsd* )
         NAME_OF_DEV_RANDOM="/dev/random"
         NAME_OF_DEV_URANDOM="/dev/random"
 #       DYNLINK_MOD_CFLAGS="-shared $CFLAGS_PIC"