Index: openssl-3.2.3/crypto/rand/prov_seed.c =================================================================== --- openssl-3.2.3.orig/crypto/rand/prov_seed.c +++ openssl-3.2.3/crypto/rand/prov_seed.c @@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused size_t entropy_available; RAND_POOL *pool; - pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); + /* + * OpenSSL still implements an internal entropy pool of + * some size that is hashed to get seed data. + * Note that this is a conditioning step for which SP800-90C requires + * 64 additional bits from the entropy source to claim the requested + * amount of entropy. + */ + pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); if (pool == NULL) { ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB); return 0; Index: openssl-3.2.3/crypto/rand/rand_lib.c =================================================================== --- openssl-3.2.3.orig/crypto/rand/rand_lib.c +++ openssl-3.2.3/crypto/rand/rand_lib.c @@ -723,15 +723,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB return ret; } -#ifndef FIPS_MODULE - if (dgbl->seed == NULL) { - ERR_set_mark(); - dgbl->seed = rand_new_seed(ctx); - ERR_pop_to_mark(); - } -#endif - - ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed, + ret = dgbl->primary = rand_new_drbg(ctx, NULL, PRIMARY_RESEED_INTERVAL, PRIMARY_RESEED_TIME_INTERVAL, 1); /* Index: openssl-3.2.3/providers/implementations/rands/crngt.c =================================================================== --- openssl-3.2.3.orig/providers/implementations/rands/crngt.c +++ openssl-3.2.3/providers/implementations/rands/crngt.c @@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG * to the nearest byte. If the entropy is of less than full quality, * the amount required should be scaled up appropriately here. */ - bytes_needed = (entropy + 7) / 8; + /* + * FIPS 140-3: the yet draft SP800-90C requires requested entropy + * + 128 bits during initial seeding + */ + bytes_needed = (entropy + 128 + 7) / 8; if (bytes_needed < min_len) bytes_needed = min_len; if (bytes_needed > max_len) Index: openssl-3.2.3/providers/implementations/rands/drbg.c =================================================================== --- openssl-3.2.3.orig/providers/implementations/rands/drbg.c +++ openssl-3.2.3/providers/implementations/rands/drbg.c @@ -569,6 +569,9 @@ static int ossl_prov_drbg_reseed_unlocke #endif } +#ifdef FIPS_MODULE + prediction_resistance = 1; +#endif /* Reseed using our sources in addition */ entropylen = get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, @@ -690,8 +693,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d reseed_required = 1; } if (drbg->parent != NULL - && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) + && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) { +#ifdef FIPS_MODULE + /* SUSE patches provide chain reseeding when necessary so just sync counters*/ + drbg->parent_reseed_counter = get_parent_reseed_count(drbg); +#else reseed_required = 1; +#endif + } if (reseed_required || prediction_resistance) { if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL, Index: openssl-3.2.3/providers/implementations/rands/drbg_local.h =================================================================== --- openssl-3.2.3.orig/providers/implementations/rands/drbg_local.h +++ openssl-3.2.3/providers/implementations/rands/drbg_local.h @@ -38,7 +38,7 @@ * * The value is in bytes. */ -#define CRNGT_BUFSIZ 16 +#define CRNGT_BUFSIZ 32 /* * Maximum input size for the DRBG (entropy, nonce, personalization string) Index: openssl-3.2.3/providers/implementations/rands/seed_src.c =================================================================== --- openssl-3.2.3.orig/providers/implementations/rands/seed_src.c +++ openssl-3.2.3/providers/implementations/rands/seed_src.c @@ -102,7 +102,14 @@ static int seed_src_generate(void *vseed return 0; } - pool = ossl_rand_pool_new(strength, 1, outlen, outlen); + /* + * OpenSSL still implements an internal entropy pool of + * some size that is hashed to get seed data. + * Note that this is a conditioning step for which SP800-90C requires + * 64 additional bits from the entropy source to claim the requested + * amount of entropy. + */ + pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen); if (pool == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB); return 0; @@ -182,7 +189,14 @@ static size_t seed_get_seed(void *vseed, size_t i; RAND_POOL *pool; - pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); + /* + * OpenSSL still implements an internal entropy pool of + * some size that is hashed to get seed data. + * Note that this is a conditioning step for which SP800-90C requires + * 64 additional bits from the entropy source to claim the requested + * amount of entropy. + */ + pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); if (pool == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB); return 0;