random: Get maximum 32B of entropy at once in FIPS Mode

* random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): In fips
mode, gather max 32 B of strong entropy for initialization.

--

The limitation of our current kernel patch guarantees that only 32B of
strong random data can be gathered using getrandom().

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

1 files changed, 9 insertions, 3 deletions

diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
index db4b09ed..b2ec8209 100644
--- a/random/rndgetentropy.c
+++ b/random/rndgetentropy.c
@@ -80,12 +80,18 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
        * never blocking once the kernel is seeded.  */
       do
         {
-          nbytes = length < sizeof (buffer)? length : sizeof (buffer);
           _gcry_pre_syscall ();
           if (fips_mode ())
-            ret = getrandom (buffer, nbytes, GRND_RANDOM);
+            {
+              /* The getrandom API returns maximum 32 B of strong entropy */
+              nbytes = length < 32 ? length : 32;
+              ret = getrandom (buffer, nbytes, GRND_RANDOM);
+            }
           else
-            ret = getentropy (buffer, nbytes);
+            {
+              nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
+              ret = getentropy (buffer, nbytes);
+            }
           _gcry_post_syscall ();
         }
       while (ret == -1 && errno == EINTR);