diff -Naur a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c --- a/crypto/rand/prov_seed.c 2024-06-04 19:00:52.000000000 +0600 +++ b/crypto/rand/prov_seed.c 2024-09-12 19:23:19.499111977 +0600 @@ -23,7 +23,14 @@ size_t entropy_available; RAND_POOL *pool; - pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); + /* + * OpenSSL still implements an internal entropy pool of + * some size that is hashed to get seed data. + * Note that this is a conditioning step for which SP800-90C requires + * 64 additional bits from the entropy source to claim the requested + * amount of entropy. + */ + pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); if (pool == NULL) { ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB); return 0; diff -Naur a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c --- a/providers/implementations/rands/crngt.c 2024-06-04 19:00:52.000000000 +0600 +++ b/providers/implementations/rands/crngt.c 2024-09-12 19:24:11.196772793 +0600 @@ -133,7 +133,11 @@ * to the nearest byte. If the entropy is of less than full quality, * the amount required should be scaled up appropriately here. */ - bytes_needed = (entropy + 7) / 8; + /* + * FIPS 140-3: the yet draft SP800-90C requires requested entropy + * + 128 bits during initial seeding + */ + bytes_needed = (entropy + 128 + 7) / 8; if (bytes_needed < min_len) bytes_needed = min_len; if (bytes_needed > max_len) diff -Naur a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c --- a/providers/implementations/rands/drbg.c 2024-06-04 19:00:52.000000000 +0600 +++ b/providers/implementations/rands/drbg.c 2024-09-12 19:22:24.292474182 +0600 @@ -563,7 +563,9 @@ adinlen = 0; #endif } - +#ifdef FIPS_MODULE + prediction_resistance = 1; +#endif /* Reseed using our sources in addition */ entropylen = get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen,