From: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 9 Feb 2018 23:30:29 +0000 (+0100)
Subject: Use both getrandom() and /dev/urandom by default on Linux.
X-Git-Tag: OpenSSL_1_1_1-pre2~159
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=72960279562e9af53264155a46b4a0b6a40f9590;p=oweals%2Fopenssl.git

Use both getrandom() and /dev/urandom by default on Linux.

getrandom() is now used on Linux by default when using Linux >= 3.17
and glibc >= 2.25

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #5314
---

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index f5a59cb28a..bfd7ef0455 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -14,10 +14,6 @@
 #include "rand_lcl.h"
 #include <stdio.h>
 
-#ifdef OPENSSL_RAND_SEED_GETRANDOM
-# include <linux/random.h>
-#endif
-
 #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
         !defined(OPENSSL_RAND_SEED_NONE)
 # error "UEFI and VXWorks only support seeding NONE"
@@ -123,11 +119,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 #  endif
 
 #  if defined(OPENSSL_RAND_SEED_OS)
-#   if defined(DEVRANDOM)
-#    define OPENSSL_RAND_SEED_DEVRANDOM
-#   else
+#   if !defined(DEVRANDOM)
 #    error "OS seeding requires DEVRANDOM to be configured"
 #   endif
+#   define OPENSSL_RAND_SEED_DEVRANDOM
+#   if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#    if __GLIBC_PREREQ(2, 25)
+#     define OPENSSL_RAND_SEED_GETRANDOM
+#    endif
+#   endif
+#  endif
+
+#  ifdef OPENSSL_RAND_SEED_GETRANDOM
+#   include <sys/random.h>
 #  endif
 
 #  if defined(OPENSSL_RAND_SEED_LIBRANDOM)