Use both getrandom() and /dev/urandom by default on Linux.

getrandom() is now used on Linux by default when using Linux >= 3.17
and glibc >= 2.25

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #5314

1 files changed, 11 insertions, 7 deletions

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index f5a59cb28a..bfd7ef0455 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -14,10 +14,6 @@
 #include "rand_lcl.h"
 #include <stdio.h>
 
-#ifdef OPENSSL_RAND_SEED_GETRANDOM
-# include <linux/random.h>
-#endif
-
 #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
         !defined(OPENSSL_RAND_SEED_NONE)
 # error "UEFI and VXWorks only support seeding NONE"
@@ -123,11 +119,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
 #  endif
 
 #  if defined(OPENSSL_RAND_SEED_OS)
-#   if defined(DEVRANDOM)
-#    define OPENSSL_RAND_SEED_DEVRANDOM
-#   else
+#   if !defined(DEVRANDOM)
 #    error "OS seeding requires DEVRANDOM to be configured"
 #   endif
+#   define OPENSSL_RAND_SEED_DEVRANDOM
+#   if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#    if __GLIBC_PREREQ(2, 25)
+#     define OPENSSL_RAND_SEED_GETRANDOM
+#    endif
+#   endif
+#  endif
+
+#  ifdef OPENSSL_RAND_SEED_GETRANDOM
+#   include <sys/random.h>
 #  endif
 
 #  if defined(OPENSSL_RAND_SEED_LIBRANDOM)