Add continuous RNG test to entropy source. Entropy callbacks now need

to specify a "block length".

2 files changed, 3 insertions, 1 deletions

diff --git a/crypto/fips_err.h b/crypto/fips_err.h
index 0c2aa44f38..f4f834124e 100644
--- a/crypto/fips_err.h
+++ b/crypto/fips_err.h
@@ -91,6 +91,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW),	"FIPS_drbg_new"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED),	"FIPS_drbg_reseed"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT),	"FIPS_DRBG_SINGLE_KAT"},
+{ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY),	"FIPS_GET_ENTROPY"},
 {ERR_FUNC(FIPS_F_FIPS_MODE_SET),	"FIPS_mode_set"},
 {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),	"fips_pkey_signature_test"},
 {ERR_FUNC(FIPS_F_FIPS_RAND_ADD),	"FIPS_rand_add"},
@@ -128,6 +129,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_DRBG_STUCK)           ,"drbg stuck"},
 {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},
 {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"},
+{ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK) ,"entropy source stuck"},
 {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),"error retrieving additional input"},
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index c653d38c8a..0e82013163 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -253,7 +253,7 @@ int RAND_init_fips(void)
 	dctx = FIPS_get_default_drbg();
         FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
         FIPS_drbg_set_callbacks(dctx,
-				drbg_get_entropy, drbg_free_entropy,
+				drbg_get_entropy, drbg_free_entropy, 20,
 				drbg_get_entropy, drbg_free_entropy);
 	FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
 					drbg_rand_seed, drbg_rand_add);