From a4616eb06002904768c224601e7ab299410568b7 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 26 Sep 2022 18:59:26 +0200
Subject: [PATCH] Get max 32B from getrandom in FIPS mode

Resolves: rhbz#2130275
---
 libgcrypt-1.10.0-fips-getrandom.patch | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/libgcrypt-1.10.0-fips-getrandom.patch b/libgcrypt-1.10.0-fips-getrandom.patch
index 39ac59c..b0d5bf2 100644
--- a/libgcrypt-1.10.0-fips-getrandom.patch
+++ b/libgcrypt-1.10.0-fips-getrandom.patch
@@ -24,15 +24,24 @@ diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
 index 7580873e..db4b09ed 100644
 --- a/random/rndgetentropy.c
 +++ b/random/rndgetentropy.c
-@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
+@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
+        * never blocking once the kernel is seeded.  */
+       do
          {
-           nbytes = length < sizeof (buffer)? length : sizeof (buffer);
+-          nbytes = length < sizeof (buffer)? length : sizeof (buffer);
            _gcry_pre_syscall ();
 -          ret = getentropy (buffer, nbytes);
 +          if (fips_mode ())
-+            ret = getrandom (buffer, nbytes, GRND_RANDOM);
++            {
++              /* The getrandom API returns maximum 32 B of strong entropy */
++              nbytes = length < 32 ? length : 32;
++              ret = getrandom (buffer, nbytes, GRND_RANDOM);
++            }
 +          else
-+            ret = getentropy (buffer, nbytes);
++            {
++              nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
++              ret = getentropy (buffer, nbytes);
++            }
            _gcry_post_syscall ();
          }
        while (ret == -1 && errno == EINTR);