diff -up libgcrypt-1.8.3/random/random-drbg.c.fips-enttest libgcrypt-1.8.3/random/random-drbg.c

--- libgcrypt-1.8.3/random/random-drbg.c.fips-enttest	2017-11-23 19:16:58.000000000 +0100

+++ libgcrypt-1.8.3/random/random-drbg.c	2019-06-03 13:19:44.035516400 +0200

@@ -610,6 +610,8 @@ drbg_get_entropy (drbg_state_t drbg, uns

 		       size_t len)

 {

   int rc = 0;

+  static unsigned char oldhash[64] = { 0 };

+  unsigned char newhash[64];

   /* Perform testing as defined in 11.3.2 */

   if (drbg->test_data && drbg->test_data->fail_seed_source)

@@ -634,6 +636,17 @@ drbg_get_entropy (drbg_state_t drbg, uns

 #else

   rc = -1;

 #endif

+

+  /* to avoid storing the actual entropy obtained for indefinite

+     time, we just store the SHA-512 hash of the entropy gathered

+   */

+  _gcry_md_hash_buffer (GCRY_MD_SHA512, newhash, buffer, len);

+

+  if (memcmp (newhash, oldhash, sizeof (oldhash)) == 0)

+    return -1;  /* continous entropy test failed */

+

+  memcpy (oldhash, newhash, sizeof (oldhash));

+

   return rc;

 }