random: Use getrandom (GRND_RANDOM) in FIPS mode.

* random/rndgetentropy.c (_gcry_rndgetentropy_gather_random): Use GRND_RANDOM in FIPS Mode -- The SP800-90C (clarified in IG D.K.) requires the following when different DRBGs are chained: * the parent needs to be reseeded before generate operation * the reseed & generate needs to be atomic In RHEL, this is addressed by change in the kernel, that will do this automatically, when the getentropy () is called with GRND_RANDOM flag. Signed-off-by: Jakub Jelen <jjelen@redhat.com>
author: Jakub Jelen <jjelen@redhat.com> 2022-08-16 15:30:43 +0200
committer: NIIBE Yutaka <gniibe@fsij.org> 2022-08-23 15:44:46 +0900
commit: aab1d63e4def41593312f76de016c885ffafecde (patch)
tree: b037d95caf5791d2efef8f1df01e65d630f86adf /random
parent: a527d252b89958864153da9ad149e97bb96e1692 (diff)
download: libgcrypt-aab1d63e4def41593312f76de016c885ffafecde.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
index 7580873e..db4b09ed 100644
--- a/random/rndgetentropy.c
+++ b/random/rndgetentropy.c
@@ -82,7 +82,10 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
         {
           nbytes = length < sizeof (buffer)? length : sizeof (buffer);
           _gcry_pre_syscall ();
-          ret = getentropy (buffer, nbytes);
+          if (fips_mode ())
+            ret = getrandom (buffer, nbytes, GRND_RANDOM);
+          else
+            ret = getentropy (buffer, nbytes);
           _gcry_post_syscall ();
         }
       while (ret == -1 && errno == EINTR);
author	Jakub Jelen <jjelen@redhat.com>	2022-08-16 15:30:43 +0200
committer	NIIBE Yutaka <gniibe@fsij.org>	2022-08-23 15:44:46 +0900
commit	aab1d63e4def41593312f76de016c885ffafecde (patch)
tree	b037d95caf5791d2efef8f1df01e65d630f86adf /random
parent	a527d252b89958864153da9ad149e97bb96e1692 (diff)
download	libgcrypt-aab1d63e4def41593312f76de016c885ffafecde.tar.gz