Considering SP800-131A, the ANSI X9.31 DRNG present in the current libgcrypt
code base is not allowed in FIPS mode any more starting from next year on. Even
this year, a FIPS 140-2 validation with an X9.31 DRNG is not allowed any more.
The following set of patches against the current GIT development tree of
libgcrypt implements the SP800-90A DRBG and integrates it with libgcrypt.
This submission collects all individual patches submitted over the last
This DRBG is now also part of the Linux kernel 3.17 RC1. During the
time in the staging tree several patches were added. All applicable
patches are ported to the libgcrypt DRBG implementation. One of the
fixes covers a buffer overrun when using AES192.
The DRBG has been tested with the CAVS tool. The CAVS test driver is available