From 6eb72dd621162b57d02615814684e8d18e58e235 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 13 Mar 2023 12:35:42 +0100
Subject: [PATCH] Increase RNG seeding buffer size to 32

Related: rhbz#2168224
---
 0076-FIPS-140-3-DRBG.patch | 12 ++++++++++++
 openssl.spec               |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch
index 8f97a6a..4a276f7 100644
--- a/0076-FIPS-140-3-DRBG.patch
+++ b/0076-FIPS-140-3-DRBG.patch
@@ -143,3 +143,15 @@ diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-
      if (bytes_needed < min_len)
          bytes_needed = min_len;
      if (bytes_needed > max_len)
+diff -up openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg openssl-3.0.7/providers/implementations/rands/drbg_local.h
+--- openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg	2023-03-13 12:17:47.705538612 +0100
++++ openssl-3.0.7/providers/implementations/rands/drbg_local.h	2023-03-13 12:18:03.060702092 +0100
+@@ -38,7 +38,7 @@
+  *
+  * The value is in bytes.
+  */
+-#define CRNGT_BUFSIZ    16
++#define CRNGT_BUFSIZ   32
+ 
+ /*
+  * Maximum input size for the DRBG (entropy, nonce, personalization string)
diff --git a/openssl.spec b/openssl.spec
index d0fa72a..0440475 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -523,6 +523,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2178030
 - DH PCT should abort on failure
   Resolves: rhbz#2178039
+- Increase RNG seeding buffer size to 32
+  Related: rhbz#2168224
 
 * Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6
 - Fixes RNG slowdown in FIPS mode