By default gcrypt uses an userspace RNG, that simply cannot have all the information it needs to be correct on suspend/resume and other special cases, the kernel does not expose this information to userspace.
Switch to GCRY_RNG_TYPE_SYSTEM, that simple wraps getrandom() on linux.
call to gcry_control must be issued before gcry_check_version.
By default gcrypt uses an userspace RNG, that simply cannot have all the information it needs to be correct on suspend/resume and other special cases, the kernel does not expose this information to userspace. Switch to GCRY_RNG_TYPE_SYSTEM, that simple wraps getrandom() on linux.
call to gcry_control must be issued before gcry_check_version.