From 0a5e608b8b18d4f41e4d7434c6262bf11507f859 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 16 Aug 2022 15:30:43 +0200 Subject: [PATCH] random: Use getrandom (GRND_RANDOM) in FIPS mode The SP800-90C (clarified in IG D.K.) requires the following when different DRBGs are chained: * the parent needs to be reseeded before generate operation * the reseed & generate needs to be atomic In RHEL, this is addressed by change in the kernel, that will do this automatically, when the getentropy () is called with GRND_RANDOM flag. * random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): Use GRND_RANDOM in FIPS Mode --- Signed-off-by: Jakub Jelen --- random/rndgetentropy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c index 7580873e..db4b09ed 100644 --- a/random/rndgetentropy.c +++ b/random/rndgetentropy.c @@ -82,9 +82,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t, * never blocking once the kernel is seeded. */ do { - nbytes = length < sizeof (buffer)? length : sizeof (buffer); _gcry_pre_syscall (); - ret = getentropy (buffer, nbytes); + if (fips_mode ()) + { + /* The getrandom API returns maximum 32 B of strong entropy */ + nbytes = length < 32 ? length : 32; + ret = getrandom (buffer, nbytes, GRND_RANDOM); + } + else + { + nbytes = length < sizeof (buffer) ? length : sizeof (buffer); + ret = getentropy (buffer, nbytes); + } _gcry_post_syscall (); } while (ret == -1 && errno == EINTR); -- 2.37.1