random: Use getrandom (GRND_RANDOM) in FIPS mode.

* random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): Use
  GRND_RANDOM in FIPS Mode
--

Cherry-picked master commit:
	aab1d63e4def41593312f76de016c885ffafecde

The SP800-90C (clarified in IG D.K.) requires the following when
different DRBGs are chained:
 * the parent needs to be reseeded before generate operation
 * the reseed & generate needs to be atomic

In RHEL, this is addressed by change in the kernel, that will do this
automatically, when the getentropy () is called with GRND_RANDOM flag.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
index 7580873e..db4b09ed 100644
--- a/random/rndgetentropy.c
+++ b/random/rndgetentropy.c
@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
         {
           nbytes = length < sizeof (buffer)? length : sizeof (buffer);
           _gcry_pre_syscall ();
-          ret = getentropy (buffer, nbytes);
+          if (fips_mode ())
+            ret = getrandom (buffer, nbytes, GRND_RANDOM);
+          else
+            ret = getentropy (buffer, nbytes);
           _gcry_post_syscall ();
         }
       while (ret == -1 && errno == EINTR);