Get max 32B from getrandom in FIPS mode
Resolves: rhbz#2130275
This commit is contained in:
Jakub Jelen
parent
d9dbf8b325
commit
a4616eb060
@ -24,15 +24,24 @@ diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
|
|||||||
index 7580873e..db4b09ed 100644
|
index 7580873e..db4b09ed 100644
|
||||||
--- a/random/rndgetentropy.c
|
--- a/random/rndgetentropy.c
|
||||||
+++ b/random/rndgetentropy.c
|
+++ b/random/rndgetentropy.c
|
||||||
@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
|
@@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
|
||||||
|
* never blocking once the kernel is seeded. */
|
||||||
|
do
|
||||||
{
|
{
|
||||||
nbytes = length < sizeof (buffer)? length : sizeof (buffer);
|
- nbytes = length < sizeof (buffer)? length : sizeof (buffer);
|
||||||
_gcry_pre_syscall ();
|
_gcry_pre_syscall ();
|
||||||
- ret = getentropy (buffer, nbytes);
|
- ret = getentropy (buffer, nbytes);
|
||||||
+ if (fips_mode ())
|
+ if (fips_mode ())
|
||||||
+ ret = getrandom (buffer, nbytes, GRND_RANDOM);
|
+ {
|
||||||
|
+ /* The getrandom API returns maximum 32 B of strong entropy */
|
||||||
|
+ nbytes = length < 32 ? length : 32;
|
||||||
|
+ ret = getrandom (buffer, nbytes, GRND_RANDOM);
|
||||||
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ ret = getentropy (buffer, nbytes);
|
+ {
|
||||||
|
+ nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
|
||||||
|
+ ret = getentropy (buffer, nbytes);
|
||||||
|
+ }
|
||||||
_gcry_post_syscall ();
|
_gcry_post_syscall ();
|
||||||
}
|
}
|
||||||
while (ret == -1 && errno == EINTR);
|
while (ret == -1 && errno == EINTR);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user