Increase RNG seeding buffer size to 32

Related: rhbz#2168224
2 years ago · 6eb72dd621
parent fb4b72ff2f
commit 6eb72dd621
2 changed files with 14 additions and 0 deletions
--- a/0076-FIPS-140-3-DRBG.patch
+++ b/0076-FIPS-140-3-DRBG.patch
@ -143,3 +143,15 @@ diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-
     if (bytes_needed < min_len)
         bytes_needed = min_len;
     if (bytes_needed > max_len)
+diff -up openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg openssl-3.0.7/providers/implementations/rands/drbg_local.h
+--- openssl-3.0.7/providers/implementations/rands/drbg_local.h.drbg	2023-03-13 12:17:47.705538612 +0100
+++ openssl-3.0.7/providers/implementations/rands/drbg_local.h	2023-03-13 12:18:03.060702092 +0100
+@@ -38,7 +38,7 @@
+  *
+  * The value is in bytes.
+  */
+-#define CRNGT_BUFSIZ    16
+#define CRNGT_BUFSIZ   32
+ 
+ /*
+  * Maximum input size for the DRBG (entropy, nonce, personalization string)
--- a/openssl.spec
+++ b/openssl.spec
@ -523,6 +523,8 @@ install -m644 %{SOURCE9} \
  Resolves: rhbz#2178030
 - DH PCT should abort on failure
  Resolves: rhbz#2178039
+- Increase RNG seeding buffer size to 32
+  Related: rhbz#2168224

 * Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6
 - Fixes RNG slowdown in FIPS mode