Get max 32B from getrandom in FIPS mode

Resolves: rhbz#2130275
2022-09-26 18:59:26 +02:00 · 2022-09-26 18:59:26 +02:00 · a4616eb060
commit a4616eb060
parent d9dbf8b325
1 changed files with 13 additions and 4 deletions
--- a/libgcrypt-1.10.0-fips-getrandom.patch
+++ b/libgcrypt-1.10.0-fips-getrandom.patch
@ -24,15 +24,24 @@ diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
 index 7580873e..db4b09ed 100644
 --- a/random/rndgetentropy.c
 +++ b/random/rndgetentropy.c
-@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
+@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
+        * never blocking once the kernel is seeded.  */
+       do
         {
-           nbytes = length < sizeof (buffer)? length : sizeof (buffer);
+-          nbytes = length < sizeof (buffer)? length : sizeof (buffer);
           _gcry_pre_syscall ();
 -          ret = getentropy (buffer, nbytes);
 +          if (fips_mode ())
-+            ret = getrandom (buffer, nbytes, GRND_RANDOM);
+            {
+              /* The getrandom API returns maximum 32 B of strong entropy */
+              nbytes = length < 32 ? length : 32;
+              ret = getrandom (buffer, nbytes, GRND_RANDOM);
+            }
 +          else
-+            ret = getentropy (buffer, nbytes);
+            {
+              nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
+              ret = getentropy (buffer, nbytes);
+            }
           _gcry_post_syscall ();
         }
       while (ret == -1 && errno == EINTR);