diff -up libgcrypt-1.5.3/random/drbg.c.cfgrandom libgcrypt-1.5.3/random/drbg.c

--- libgcrypt-1.5.3/random/drbg.c.cfgrandom	2014-10-30 16:42:49.000000000 +0100

+++ libgcrypt-1.5.3/random/drbg.c	2014-10-30 16:46:57.291800433 +0100

@@ -485,8 +485,11 @@ gcry_drbg_get_entropy (struct gcry_drbg_

   read_cb_size = len;

   read_cb_len = 0;

 #if USE_RNDLINUX

+  _gcry_rndlinux_gather_random (gcry_drbg_read_cb, 0, len,

+				     -1);

+  read_cb_len = 0;

   rc = _gcry_rndlinux_gather_random (gcry_drbg_read_cb, 0, len,

-				     GCRY_VERY_STRONG_RANDOM);

+				     GCRY_STRONG_RANDOM);

 #elif USE_RNDUNIX

   rc = _gcry_rndunix_gather_random (read_cb, 0, length,

 				    GCRY_VERY_STRONG_RANDOM);

diff -up libgcrypt-1.5.3/random/random-fips.c.cfgrandom libgcrypt-1.5.3/random/random-fips.c

--- libgcrypt-1.5.3/random/random-fips.c.cfgrandom	2014-10-30 16:42:49.942216405 +0100

+++ libgcrypt-1.5.3/random/random-fips.c	2014-10-30 16:42:49.970217037 +0100

@@ -27,10 +27,10 @@

    There are 3 random context which map to the different levels of

    random quality:

-   Generator                Seed and Key        Kernel entropy (init/reseed)

-   ------------------------------------------------------------

-   GCRY_VERY_STRONG_RANDOM  /dev/random         256/128 bits

-   GCRY_STRONG_RANDOM       /dev/random         256/128 bits

+   Generator                Seed and Key                      Kernel entropy (init/reseed)

+   ---------------------------------------------------------------------------------------

+   GCRY_VERY_STRONG_RANDOM  /etc/gcrypt/rngseed+/dev/urandom  256/128 bits

+   GCRY_STRONG_RANDOM       /etc/gcrypt/rngseed+/dev/urandom  256/128 bits

    gcry_create_nonce        GCRY_STRONG_RANDOM  n/a

    All random generators return their data in 128 bit blocks.  If the

@@ -40,8 +40,10 @@

    (SEED_TTL) output blocks; the re-seeding is disabled in test mode.

    The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are

-   keyed and seeded from the /dev/random device.  Thus these

-   generators may block until the kernel has collected enough entropy.

+   keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed

+   if the device or symlink to device exists xored with the data

+   from the /dev/urandom device. This allows the system administrator

+   to always seed the RNGs from /dev/random if it is required.

    The gcry_create_nonce generator is keyed and seeded from the

    GCRY_STRONG_RANDOM generator.  It may also block if the

@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)

   entropy_collect_buffer_len = 0;

 #if USE_RNDLINUX

+  _gcry_rndlinux_gather_random (entropy_collect_cb, 0,

+                                     X931_AES_KEYLEN,

+                                     -1);

+  entropy_collect_buffer_len = 0;

   rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,

                                      X931_AES_KEYLEN,

-                                     GCRY_VERY_STRONG_RANDOM);

+                                     GCRY_STRONG_RANDOM);

 #elif USE_RNDW32

   do

     {

diff -up libgcrypt-1.5.3/random/rndlinux.c.cfgrandom libgcrypt-1.5.3/random/rndlinux.c

--- libgcrypt-1.5.3/random/rndlinux.c.cfgrandom	2014-10-30 16:42:49.949216563 +0100

+++ libgcrypt-1.5.3/random/rndlinux.c	2014-10-30 16:42:49.971217059 +0100

@@ -37,7 +37,9 @@

 #include "g10lib.h"

 #include "rand-internal.h"

-static int open_device ( const char *name );

+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"

+

+static int open_device ( const char *name, int fatal );

 static int

@@ -58,13 +60,17 @@ set_cloexec_flag (int fd)

  * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).

  */

 static int

-open_device ( const char *name )

+open_device ( const char *name, int fatal )

 {

   int fd;

   fd = open ( name, O_RDONLY );

   if ( fd == -1 )

-    log_fatal ("can't open %s: %s\n", name, strerror(errno) );

+    {

+      if (! fatal)

+        return fd;

+      log_fatal ("can't open %s: %s\n", name, strerror(errno) );

+    }

   if (set_cloexec_flag (fd))

     log_error ("error setting FD_CLOEXEC on fd %d: %s\n",

@@ -93,6 +99,7 @@ _gcry_rndlinux_gather_random (void (*add

 {

   static int fd_urandom = -1;

   static int fd_random = -1;

+  static int fd_configured = -1;

   int fd;

   int n;

   byte buffer[768];

@@ -101,6 +108,7 @@ _gcry_rndlinux_gather_random (void (*add

   size_t last_so_far = 0;

   int any_need_entropy = 0;

   int delay;

+  size_t orig_length = length;

   /* First read from a hardware source.  However let it account only

      for up to 50% of the requested bytes.  */

@@ -111,16 +119,26 @@ _gcry_rndlinux_gather_random (void (*add

     length -= n_hw;

   /* Open the requested device.  */

+

+  if (level == -1)

+    {

+      if (fd_configured == -1)

+        fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );

+      fd = fd_configured;

+      if (fd == -1)

+        return -1;

+    }

+

   if (level >= 2)

     {

       if( fd_random == -1 )

-        fd_random = open_device ( NAME_OF_DEV_RANDOM );

+        fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );

       fd = fd_random;

     }

-  else

+  else if (level != -1)

     {

       if( fd_urandom == -1 )

-        fd_urandom = open_device ( NAME_OF_DEV_URANDOM );

+        fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );

       fd = fd_urandom;

     }