[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Nov 19 22:24:32 UTC 2020


The branch master has been updated
       via  15f54941bd4c0324f1c8d7773db56004183a9cb7 (commit)
       via  1f50630af8fd7a260a88f0473c9de1b2f01d4945 (commit)
       via  08edd447c97854d6548c15149de90d6bd3ddd47b (commit)
       via  0d4460d27ea2fef46f02fa94a60717e9d168ed96 (commit)
       via  03bede0cc8418e056d4ac551fbdc2283e0e9491f (commit)
       via  71febb399225ec5b0f85292fe9487d507fbafb7e (commit)
      from  c34063d7a1e8e3e0f760fd998366165862730bae (commit)


- Log -----------------------------------------------------------------
commit 15f54941bd4c0324f1c8d7773db56004183a9cb7
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Nov 4 13:05:46 2020 +1000

    test RNG: set state to uninitialised as part of uninstantiate call.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/13226)

commit 1f50630af8fd7a260a88f0473c9de1b2f01d4945
Author: Pauli <paul.dale at oracle.com>
Date:   Mon Nov 2 12:03:31 2020 +1000

    disassociate test RNG from the DRBGs
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/13226)

commit 08edd447c97854d6548c15149de90d6bd3ddd47b
Author: Pauli <paul.dale at oracle.com>
Date:   Fri Oct 30 15:54:03 2020 +1000

    prov: move the entropy source out of the FIPS provider
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/13226)

commit 0d4460d27ea2fef46f02fa94a60717e9d168ed96
Author: Pauli <paul.dale at oracle.com>
Date:   Fri Oct 30 15:53:47 2020 +1000

    test: changes resulting from moving the entropy source out of the FIPS provider
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/13226)

commit 03bede0cc8418e056d4ac551fbdc2283e0e9491f
Author: Pauli <paul.dale at oracle.com>
Date:   Fri Oct 30 15:53:22 2020 +1000

    rand: move the entropy source out of the FIPS provider
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/13226)

commit 71febb399225ec5b0f85292fe9487d507fbafb7e
Author: Pauli <paul.dale at oracle.com>
Date:   Fri Oct 30 15:39:10 2020 +1000

    doc: Documentation changes for moving the entropy source out of the fips provider
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/13226)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt                             |   6 +-
 crypto/evp/evp_rand.c                              |   2 +-
 crypto/provider_core.c                             |   8 +-
 crypto/rand/build.info                             |   2 +-
 crypto/rand/prov_seed.c                            |  76 ++++++
 crypto/rand/rand_err.c                             |   2 -
 crypto/rand/rand_lib.c                             |   2 +-
 .../rands => crypto/rand}/rand_pool.c              |   2 +-
 doc/internal/man3/ossl_rand_get_entropy.pod        |  66 +++++
 doc/man7/EVP_RAND-CTR-DRBG.pod                     |   4 +-
 doc/man7/EVP_RAND-HASH-DRBG.pod                    |   4 +-
 doc/man7/EVP_RAND-HMAC-DRBG.pod                    |   4 +-
 doc/man7/provider-base.pod                         |  36 +++
 include/crypto/rand.h                              |  21 ++
 .../include/prov => include/crypto}/rand_pool.h    |   0
 include/openssl/core_dispatch.h                    |  17 ++
 include/openssl/core_names.h                       |   2 +-
 include/openssl/randerr.h                          |   1 -
 providers/common/build.info                        |   2 +-
 providers/common/include/prov/providercommonerr.h  |   3 +-
 providers/common/provider_err.c                    |   6 +-
 providers/common/provider_seeding.c                |  73 ++++++
 providers/defltprov.c                              |   4 +-
 providers/fips/fipsprov.c                          |   6 +-
 providers/implementations/include/prov/seeding.h   |  20 +-
 providers/implementations/rands/build.info         |   2 +-
 providers/implementations/rands/crngt.c            | 120 +++++----
 providers/implementations/rands/drbg.c             | 235 +++++++----------
 providers/implementations/rands/drbg_local.h       |  24 +-
 providers/implementations/rands/seeding/build.info |   1 -
 .../implementations/rands/seeding/rand_cpu_x86.c   |   2 +-
 providers/implementations/rands/seeding/rand_tsc.c |   2 +-
 .../implementations/rands/seeding/rand_unix.c      |   2 +-
 providers/implementations/rands/seeding/rand_vms.c |   2 +-
 .../implementations/rands/seeding/rand_vxworks.c   |   2 +-
 providers/implementations/rands/seeding/rand_win.c |   2 +-
 providers/implementations/rands/test_rng.c         | 284 +++++++++------------
 test/build.info                                    |   2 +-
 test/evp_extra_test.c                              |   2 +-
 39 files changed, 633 insertions(+), 418 deletions(-)
 create mode 100644 crypto/rand/prov_seed.c
 rename {providers/implementations/rands => crypto/rand}/rand_pool.c (99%)
 create mode 100644 doc/internal/man3/ossl_rand_get_entropy.pod
 rename {providers/implementations/include/prov => include/crypto}/rand_pool.h (100%)
 create mode 100644 providers/common/provider_seeding.c

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7bb83593a6..d8ea2a333f 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2944,6 +2944,8 @@ PROV_R_NO_PARAMETERS_SET:177:no parameters set
 PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\
 	operation not supported for this keytype
 PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
+PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS:228:\
+        parent cannot generate random numbers
 PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled
 PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak
 PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute
@@ -2962,10 +2964,7 @@ PROV_R_TAG_NOT_NEEDED:120:tag not needed
 PROV_R_UNABLE_TO_FIND_CIPHERS:207:unable to find ciphers
 PROV_R_UNABLE_TO_GET_ENTROPY:202:unable to get entropy
 PROV_R_UNABLE_TO_GET_NONCE:203:unable to get nonce
-PROV_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER:198:\
-	unable to get parent reseed prop counter
 PROV_R_UNABLE_TO_GET_PARENT_STRENGTH:199:unable to get parent strength
-PROV_R_UNABLE_TO_GET_RESEED_PROP_CTR:200:unable to get reseed prop ctr
 PROV_R_UNABLE_TO_INITIALISE_CIPHERS:208:unable to initialise ciphers
 PROV_R_UNABLE_TO_LOAD_SHA1:143:unable to load sha1
 PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256
@@ -3027,7 +3026,6 @@ RAND_R_UNABLE_TO_FETCH_DRBG:144:unable to fetch drbg
 RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER:141:\
 	unable to get parent reseed prop counter
 RAND_R_UNABLE_TO_GET_PARENT_STRENGTH:138:unable to get parent strength
-RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR:142:unable to get reseed prop ctr
 RAND_R_UNABLE_TO_LOCK_PARENT:140:unable to lock parent
 RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags
 RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type
diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index 07d1ad9db2..6a4f57414c 100644
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -511,7 +511,7 @@ static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
     size_t chunk, max_request = 0;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST,
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST,
                                             &max_request);
     if (!evp_rand_get_ctx_params_locked(ctx, params)
             || max_request == 0) {
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index d919a95b40..954befd4a2 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -15,6 +15,7 @@
 #include <openssl/opensslv.h>
 #include "crypto/cryptlib.h"
 #include "crypto/evp.h" /* evp_method_store_flush */
+#include "crypto/rand.h"
 #include "internal/nelem.h"
 #include "internal/thread_once.h"
 #include "internal/provider.h"
@@ -1074,8 +1075,7 @@ static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle)
 #endif /* FIPS_MODULE */
 
 /*
- * Functions provided by the core.  Blank line separates "families" of related
- * functions.
+ * Functions provided by the core.
  */
 static const OSSL_DISPATCH core_dispatch_[] = {
     { OSSL_FUNC_CORE_GETTABLE_PARAMS, (void (*)(void))core_gettable_params },
@@ -1101,6 +1101,10 @@ static const OSSL_DISPATCH core_dispatch_[] = {
     { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf },
     { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf },
     { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))OSSL_SELF_TEST_get_callback },
+    { OSSL_FUNC_GET_ENTROPY, (void (*)(void))ossl_rand_get_entropy },
+    { OSSL_FUNC_CLEANUP_ENTROPY, (void (*)(void))ossl_rand_cleanup_entropy },
+    { OSSL_FUNC_GET_NONCE, (void (*)(void))ossl_rand_get_nonce },
+    { OSSL_FUNC_CLEANUP_NONCE, (void (*)(void))ossl_rand_cleanup_nonce },
 #endif
     { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc },
     { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc },
diff --git a/crypto/rand/build.info b/crypto/rand/build.info
index f58a026f3b..b9dc16a6c7 100644
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
@@ -1,7 +1,7 @@
 LIBS=../../libcrypto
 
 $COMMON=rand_lib.c rand_meth.c
-$CRYPTO=randfile.c rand_err.c rand_deprecated.c
+$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c
 
 IF[{- !$disabled{'egd'} -}]
   $CRYPTO=$CRYPTO rand_egd.c
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
new file mode 100644
index 0000000000..f79955180a
--- /dev/null
+++ b/crypto/rand/prov_seed.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/rand.h"
+#include "crypto/rand_pool.h"
+#include <openssl/core_dispatch.h>
+#include <openssl/err.h>
+
+size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char **pout, int entropy,
+                             size_t min_len, size_t max_len)
+{
+    size_t ret = 0;
+    size_t entropy_available;
+    RAND_POOL *pool;
+
+    pool = rand_pool_new(entropy, 1, min_len, max_len);
+    if (pool == NULL) {
+        ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Get entropy by polling system entropy sources. */
+    entropy_available = ossl_pool_acquire_entropy(pool);
+
+    if (entropy_available > 0) {
+        ret   = rand_pool_length(pool);
+        *pout = rand_pool_detach(pool);
+    }
+
+    rand_pool_free(pool);
+    return ret;
+}
+
+void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                               unsigned char *buf, size_t len)
+{
+    OPENSSL_secure_clear_free(buf, len);
+}
+
+size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                           unsigned char **pout, size_t min_len, size_t max_len,
+                           const void *salt, size_t salt_len)
+{
+    size_t ret = 0;
+    RAND_POOL *pool;
+
+    pool = rand_pool_new(0, 0, min_len, max_len);
+    if (pool == NULL) {
+        ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!ossl_pool_add_nonce_data(pool))
+        goto err;
+
+    if (salt != NULL && !rand_pool_add(pool, salt, salt_len, 0))
+        goto err;
+    ret   = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+ err:
+    rand_pool_free(pool);
+    return ret;
+}
+
+void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char *buf, size_t len)
+{
+    OPENSSL_clear_free(buf, len);
+}
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index b70cc4cb9f..be8726192b 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -87,8 +87,6 @@ static const ERR_STRING_DATA RAND_str_reasons[] = {
     "unable to get parent reseed prop counter"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_STRENGTH),
     "unable to get parent strength"},
-    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR),
-    "unable to get reseed prop ctr"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_LOCK_PARENT),
     "unable to lock parent"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 9790b21646..73d509a8dc 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -27,7 +27,7 @@
 #include "e_os.h"
 
 #ifndef FIPS_MODULE
-# include "prov/rand_pool.h"
+# include "crypto/rand_pool.h"
 # include "prov/seeding.h"
 
 # ifndef OPENSSL_NO_ENGINE
diff --git a/providers/implementations/rands/rand_pool.c b/crypto/rand/rand_pool.c
similarity index 99%
rename from providers/implementations/rands/rand_pool.c
rename to crypto/rand/rand_pool.c
index c66c0e3fa8..ebb9078ce6 100644
--- a/providers/implementations/rands/rand_pool.c
+++ b/crypto/rand/rand_pool.c
@@ -14,7 +14,7 @@
 #include "crypto/rand.h"
 #include <openssl/engine.h>
 #include "internal/thread_once.h"
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 
 /*
  * Allocate memory and initialize a new random pool
diff --git a/doc/internal/man3/ossl_rand_get_entropy.pod b/doc/internal/man3/ossl_rand_get_entropy.pod
new file mode 100644
index 0000000000..4da3f1f4d9
--- /dev/null
+++ b/doc/internal/man3/ossl_rand_get_entropy.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+ossl_rand_get_entropy, ossl_rand_cleanup_entropy,
+ossl_rand_get_nonce, ossl_rand_cleanup_nonce
+- get seed material from the operating system
+
+=head1 SYNOPSIS
+
+ #include "crypto/rand.h"
+
+ size_t ossl_rand_get_entropy(OSSL_CORE_HANDLE *handle,
+                              unsigned char **pout, int entropy,
+                              size_t min_len, size_t max_len);
+ void ossl_rand_cleanup_entropy(OSSL_CORE_HANDLE *handle,
+                                unsigned char *buf, size_t len);
+ size_t ossl_rand_get_nonce(OSSL_CORE_HANDLE *handle,
+                            unsigned char **pout, size_t min_len,
+                            size_t max_len, const void *salt, size_t salt_len);
+ void ossl_rand_cleanup_nonce(OSSL_CORE_HANDLE *handle,
+                              unsigned char *buf, size_t len);
+
+=head1 DESCRIPTION
+
+ossl_rand_get_entropy() retrieves seeding material from the operating system.
+The seeding material will have at least I<entropy> bytes of randomness and is
+stored in a buffer which contains at least I<min_len> and at most I<max_len>
+bytes.  The buffer address is stored in I<*pout> and the buffer length is
+returned to the caller.
+
+ossl_rand_cleanup_entropy() cleanses and frees any storage allocated by
+ossl_rand_get_entropy().  The seeding buffer is pointed to by I<buf> and is
+of length I<len> bytes.
+
+ossl_rand_get_nonce() retrieves a nonce using the passed I<salt> parameter
+of length I<salt_len> and operating system specific information.
+The I<salt> should contain uniquely identifying information and this is
+included, in an unspecified manner, as part of the output.
+The output is stored in a buffer which contains at least I<min_len> and at
+most I<max_len> bytes.  The buffer address is stored in I<*pout> and the
+buffer length returned to the caller.
+
+ossl_rand_cleanup_nonce() cleanses and frees any storage allocated by
+ossl_rand_get_nonce().  The nonce buffer is pointed to by I<buf> and is
+of length I<len> bytes.
+
+=head1 RETURN VALUES
+
+ossl_rand_get_entropy() and ossl_rand_get_nonce() return the number of bytes
+in I<*pout> or 0 on error.
+
+=head1 HISTORY
+
+The functions described here were all added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_RAND-CTR-DRBG.pod b/doc/man7/EVP_RAND-CTR-DRBG.pod
index d8e2d4f2aa..a31b22390a 100644
--- a/doc/man7/EVP_RAND-CTR-DRBG.pod
+++ b/doc/man7/EVP_RAND-CTR-DRBG.pod
@@ -24,12 +24,12 @@ The supported parameters are:
 
 =item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer>
 
+=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>
+
 =item "reseed_requests" (B<OSSL_DRBG_PARAM_RESEED_REQUESTS>) <unsigned integer>
 
 =item "reseed_time_interval" (B<OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL>) <integer>
 
-=item "max_request" (B<OSSL_DRBG_PARAM_MAX_REQUEST>) <unsigned integer>
-
 =item "min_entropylen" (B<OSSL_DRBG_PARAM_MIN_ENTROPYLEN>) <unsigned integer>
 
 =item "max_entropylen" (B<OSSL_DRBG_PARAM_MAX_ENTROPYLEN>) <unsigned integer>
diff --git a/doc/man7/EVP_RAND-HASH-DRBG.pod b/doc/man7/EVP_RAND-HASH-DRBG.pod
index b85010dd41..631383c74a 100644
--- a/doc/man7/EVP_RAND-HASH-DRBG.pod
+++ b/doc/man7/EVP_RAND-HASH-DRBG.pod
@@ -24,12 +24,12 @@ The supported parameters are:
 
 =item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer>
 
+=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>
+
 =item "reseed_requests" (B<OSSL_DRBG_PARAM_RESEED_REQUESTS>) <unsigned integer>
 
 =item "reseed_time_interval" (B<OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL>) <integer>
 
-=item "max_request" (B<OSSL_DRBG_PARAM_MAX_REQUEST>) <unsigned integer>
-
 =item "min_entropylen" (B<OSSL_DRBG_PARAM_MIN_ENTROPYLEN>) <unsigned integer>
 
 =item "max_entropylen" (B<OSSL_DRBG_PARAM_MAX_ENTROPYLEN>) <unsigned integer>
diff --git a/doc/man7/EVP_RAND-HMAC-DRBG.pod b/doc/man7/EVP_RAND-HMAC-DRBG.pod
index e9620783b0..f04ae336fc 100644
--- a/doc/man7/EVP_RAND-HMAC-DRBG.pod
+++ b/doc/man7/EVP_RAND-HMAC-DRBG.pod
@@ -24,12 +24,12 @@ The supported parameters are:
 
 =item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer>
 
+=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>
+
 =item "reseed_requests" (B<OSSL_DRBG_PARAM_RESEED_REQUESTS>) <unsigned integer>
 
 =item "reseed_time_interval" (B<OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL>) <integer>
 
-=item "max_request" (B<OSSL_DRBG_PARAM_MAX_REQUEST>) <unsigned integer>
-
 =item "min_entropylen" (B<OSSL_DRBG_PARAM_MIN_ENTROPYLEN>) <unsigned integer>
 
 =item "max_entropylen" (B<OSSL_DRBG_PARAM_MAX_ENTROPYLEN>) <unsigned integer>
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 536c5ed430..7e8f5188a5 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -65,6 +65,16 @@ provider-base
 
  void self_test_cb(OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)
 
+ size_t get_entropy(const OSSL_CORE_HANDLE *handle,
+                    unsigned char **pout, int entropy,
+                    size_t min_len, size_t max_len)
+ void cleanup_entropy(const OSSL_CORE_HANDLE *handle,
+                      unsigned char *buf, size_t len)
+ size_t get_nonce(const OSSL_CORE_HANDLE *handle,
+                  unsigned char **pout, size_t min_len, size_t max_len,
+                  const void *salt, size_t salt_len)
+ void cleanup_nonce(const OSSL_CORE_HANDLE *handle,
+                    unsigned char *buf, size_t len)
 
  /* Functions offered by the provider to libcrypto */
  void provider_teardown(void *provctx);
@@ -129,6 +139,10 @@ provider):
  BIO_vprintf                    OSSL_FUNC_BIO_VPRINTF
  OPENSSL_cleanse                OSSL_FUNC_OPENSSL_CLEANSE
  OSSL_SELF_TEST_set_callback    OSSL_FUNC_SELF_TEST_CB
+ ossl_rand_get_entropy          OSSL_FUNC_GET_ENTROPY
+ ossl_rand_cleanup_entropy      OSSL_FUNC_CLEANUP_ENTROPY
+ ossl_rand_get_nonce            OSSL_FUNC_GET_NONCE
+ ossl_rand_cleanup_nonce        OSSL_FUNC_CLEANUP_NONCE
 
 For I<*out> (the B<OSSL_DISPATCH> array passed from the provider to
 F<libcrypto>):
@@ -210,6 +224,28 @@ side (the two are not compatible).
 OSSL_SELF_TEST_set_callback() is used to set an optional callback that can be
 passed into a provider. This may be ignored by a provider.
 
+get_entropy() retrieves seeding material from the operating system.
+The seeding material will have at least I<entropy> bytes of randomness and the
+output will have at least I<min_len> and at most I<max_len> bytes.
+The buffer address is stored in I<*pout> and the buffer length is
+returned to the caller.  On error, zero is returned.
+
+cleanup_entropy() is used to clean up and free the buffer returned by
+get_entropy().  The entropy pointer returned by get_entropy() is passed in
+B<buf> and its length in B<len>.
+
+get_nonce() retrieves a nonce using the passed I<salt> parameter
+of length I<salt_len> and operating system specific information.
+The I<salt> should contain uniquely identifying information and this is
+included, in an unspecified manner, as part of the output.
+The output is stored in a buffer which contrains at least I<min_len> and at
+most I<max_len> bytes.  The buffer address is stored in I<*pout> and the
+buffer length returned to the caller.  On error, zero is returned.
+
+cleanup_nonce() is used to clean up and free the buffer returned by
+get_nonce().  The nonce pointer returned by get_nonce() is passed in
+B<buf> and its length in B<len>.
+
 =head2 Provider functions
 
 provider_teardown() is called when a provider is shut down and removed
diff --git a/include/crypto/rand.h b/include/crypto/rand.h
index a437565fe8..c870245521 100644
--- a/include/crypto/rand.h
+++ b/include/crypto/rand.h
@@ -19,6 +19,7 @@
 # define OSSL_CRYPTO_RAND_H
 
 # include <openssl/rand.h>
+# include "crypto/rand_pool.h"
 
 /*
  * Defines related to seed sources
@@ -93,4 +94,24 @@ void rand_pool_keep_random_devices_open(int keep);
  */
 void ossl_random_add_conf_module(void);
 
+/*
+ * Get and cleanup random seed material.
+ */
+size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char **pout, int entropy,
+                             size_t min_len, size_t max_len);
+void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                               unsigned char *buf, size_t len);
+size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                           unsigned char **pout, size_t min_len, size_t max_len,
+                           const void *salt, size_t salt_len);
+void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char *buf, size_t len);
+
+/*
+ * Get seeding material from the operating system sources.
+ */
+size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
+int ossl_pool_add_nonce_data(RAND_POOL *pool);
+
 #endif
diff --git a/providers/implementations/include/prov/rand_pool.h b/include/crypto/rand_pool.h
similarity index 100%
rename from providers/implementations/include/prov/rand_pool.h
rename to include/crypto/rand_pool.h
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index d4d581df57..bbd0429718 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -161,6 +161,23 @@ OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio,
 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
                                          void **cbarg))
 
+/* Functions to get seed material from the operating system */
+#define OSSL_FUNC_GET_ENTROPY                101
+#define OSSL_FUNC_CLEANUP_ENTROPY            102
+#define OSSL_FUNC_GET_NONCE                  103
+#define OSSL_FUNC_CLEANUP_NONCE              104
+OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle,
+                                          unsigned char **pout, int entropy,
+                                          size_t min_len, size_t max_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle,
+                                            unsigned char *buf, size_t len))
+OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle,
+                                        unsigned char **pout, size_t min_len,
+                                        size_t max_len, const void *salt,
+                                        size_t salt_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle,
+                                          unsigned char *buf, size_t len))
+
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN           1024
 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index f0b0cd0163..d41feeb144 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -219,13 +219,13 @@ extern "C" {
 /* Known RAND names */
 #define OSSL_RAND_PARAM_STATE                   "state"
 #define OSSL_RAND_PARAM_STRENGTH                "strength"
+#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
 #define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
 #define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
 
 /* RAND/DRBG names */
 #define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
 #define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MAX_REQUEST             "max_request"
 #define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
 #define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
 #define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h
index 3eef9afdd2..ccce5b60ce 100644
--- a/include/openssl/randerr.h
+++ b/include/openssl/randerr.h
@@ -102,7 +102,6 @@ int ERR_load_RAND_strings(void);
 # define RAND_R_UNABLE_TO_FETCH_DRBG                      144
 # define RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER  141
 # define RAND_R_UNABLE_TO_GET_PARENT_STRENGTH             138
-# define RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR             142
 # define RAND_R_UNABLE_TO_LOCK_PARENT                     140
 # define RAND_R_UNSUPPORTED_DRBG_FLAGS                    132
 # define RAND_R_UNSUPPORTED_DRBG_TYPE                     120
diff --git a/providers/common/build.info b/providers/common/build.info
index b6d56682a9..8de65f3fa8 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -2,6 +2,6 @@ SUBDIRS=der
 
 SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
 $FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\
-            securitycheck.c
+            securitycheck.c provider_seeding.c
 SOURCE[../libnonfips.a]=$FIPSCOMMON securitycheck_default.c
 SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h
index d972a819e2..86a3667641 100644
--- a/providers/common/include/prov/providercommonerr.h
+++ b/providers/common/include/prov/providercommonerr.h
@@ -141,6 +141,7 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_NO_PARAMETERS_SET                         177
 # define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE  178
 # define PROV_R_OUTPUT_BUFFER_TOO_SMALL                   106
+# define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS     228
 # define PROV_R_PARENT_LOCKING_NOT_ENABLED                182
 # define PROV_R_PARENT_STRENGTH_TOO_WEAK                  194
 # define PROV_R_PATH_MUST_BE_ABSOLUTE                     219
@@ -158,9 +159,7 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_UNABLE_TO_FIND_CIPHERS                    207
 # define PROV_R_UNABLE_TO_GET_ENTROPY                     202
 # define PROV_R_UNABLE_TO_GET_NONCE                       203
-# define PROV_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER  198
 # define PROV_R_UNABLE_TO_GET_PARENT_STRENGTH             199
-# define PROV_R_UNABLE_TO_GET_RESEED_PROP_CTR             200
 # define PROV_R_UNABLE_TO_INITIALISE_CIPHERS              208
 # define PROV_R_UNABLE_TO_LOAD_SHA1                       143
 # define PROV_R_UNABLE_TO_LOAD_SHA256                     147
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 606d78cc57..2915330b86 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -152,6 +152,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL),
     "output buffer too small"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS),
+    "parent cannot generate random numbers"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_LOCKING_NOT_ENABLED),
     "parent locking not enabled"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_STRENGTH_TOO_WEAK),
@@ -182,12 +184,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "unable to get entropy"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_NONCE),
     "unable to get nonce"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER),
-    "unable to get parent reseed prop counter"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH),
     "unable to get parent strength"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_RESEED_PROP_CTR),
-    "unable to get reseed prop ctr"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_INITIALISE_CIPHERS),
     "unable to initialise ciphers"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA1),
diff --git a/providers/common/provider_seeding.c b/providers/common/provider_seeding.c
new file mode 100644
index 0000000000..98704a2cdf
--- /dev/null
+++ b/providers/common/provider_seeding.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_dispatch.h>
+#include "prov/seeding.h"
+
+static OSSL_FUNC_get_entropy_fn *c_get_entropy = NULL;
+static OSSL_FUNC_cleanup_entropy_fn *c_cleanup_entropy = NULL;
+static OSSL_FUNC_get_nonce_fn *c_get_nonce = NULL;
+static OSSL_FUNC_cleanup_nonce_fn *c_cleanup_nonce = NULL;
+
+int ossl_prov_seeding_from_dispatch(const OSSL_DISPATCH *fns)
+{
+    for (; fns->function_id != 0; fns++) {
+        switch (fns->function_id) {
+        case OSSL_FUNC_GET_ENTROPY:
+            if (c_get_entropy == NULL)
+                c_get_entropy = OSSL_FUNC_get_entropy(fns);
+            break;
+        case OSSL_FUNC_CLEANUP_ENTROPY:
+            if (c_cleanup_entropy == NULL)
+                c_cleanup_entropy = OSSL_FUNC_cleanup_entropy(fns);
+            break;
+        case OSSL_FUNC_GET_NONCE:
+            if (c_get_nonce == NULL)
+                c_get_nonce = OSSL_FUNC_get_nonce(fns);
+            break;
+        case OSSL_FUNC_CLEANUP_NONCE:
+            if (c_cleanup_nonce == NULL)
+                c_cleanup_nonce = OSSL_FUNC_cleanup_nonce(fns);
+            break;
+        }
+    }
+    return 1;
+}
+
+size_t ossl_prov_get_entropy(PROV_CTX *prov_ctx, unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len)
+{
+    if (c_get_entropy == NULL)
+        return 0;
+    return c_get_entropy(ossl_prov_ctx_get0_handle(prov_ctx),
+                         pout, entropy, min_len, max_len);
+}
+
+void ossl_prov_cleanup_entropy(PROV_CTX *prov_ctx, unsigned char *buf,
+                               size_t len)
+{
+    if (c_cleanup_entropy != NULL)
+        c_cleanup_entropy(ossl_prov_ctx_get0_handle(prov_ctx), buf, len);
+}
+
+size_t ossl_prov_get_nonce(PROV_CTX *prov_ctx, unsigned char **pout,
+                           size_t min_len, size_t max_len,
+                           const void *salt,size_t salt_len)
+{
+    if (c_get_nonce == NULL)
+        return 0;
+    return c_get_nonce(ossl_prov_ctx_get0_handle(prov_ctx), pout,
+                       min_len, max_len, salt, salt_len);
+}
+
+void ossl_prov_cleanup_nonce(PROV_CTX *prov_ctx, unsigned char *buf, size_t len)
+{
+    if (c_cleanup_nonce != NULL)
+        c_cleanup_nonce(ossl_prov_ctx_get0_handle(prov_ctx), buf, len);
+}
diff --git a/providers/defltprov.c b/providers/defltprov.c
index b309ba798c..e5d7fe4877 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -19,6 +19,7 @@
 #include "prov/providercommon.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
+#include "prov/seeding.h"
 #include "internal/nelem.h"
 
 /*
@@ -527,7 +528,8 @@ int ossl_default_provider_init(const OSSL_CORE_HANDLE *handle,
     OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
     BIO_METHOD *corebiometh;
 
-    if (!ossl_prov_bio_from_dispatch(in))
+    if (!ossl_prov_bio_from_dispatch(in)
+            || !ossl_prov_seeding_from_dispatch(in))
         return 0;
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 33b2f0213e..ffb7510054 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -18,6 +18,7 @@
 #include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 #include "prov/provider_util.h"
+#include "prov/seeding.h"
 #include "self_test.h"
 
 static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
@@ -495,6 +496,8 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
     FIPS_GLOBAL *fgbl;
     OSSL_LIB_CTX *libctx = NULL;
 
+    if (!ossl_prov_seeding_from_dispatch(in))
+        return 0;
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
         case OSSL_FUNC_CORE_GET_LIBCTX:
@@ -575,10 +578,9 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         case OSSL_FUNC_BIO_VSNPRINTF:
             c_BIO_vsnprintf = OSSL_FUNC_BIO_vsnprintf(in);
             break;
-        case OSSL_FUNC_SELF_TEST_CB: {
+        case OSSL_FUNC_SELF_TEST_CB:
             c_stcbfn = OSSL_FUNC_self_test_cb(in);
             break;
-        }
         default:
             /* Just ignore anything we don't understand */
             break;
diff --git a/providers/implementations/include/prov/seeding.h b/providers/implementations/include/prov/seeding.h
index ec69040606..448ff0366b 100644
--- a/providers/implementations/include/prov/seeding.h
+++ b/providers/implementations/include/prov/seeding.h
@@ -7,7 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "prov/rand_pool.h"
+#include "prov/provider_ctx.h"
+#include "crypto/rand_pool.h"
 
 /* Hardware-based seeding functions. */
 size_t prov_acquire_entropy_from_tsc(RAND_POOL *pool);
@@ -18,9 +19,6 @@ size_t prov_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
 
 void prov_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
 
-size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
-int ossl_pool_add_nonce_data(RAND_POOL *pool);
-
 /*
  * Add some platform specific additional data
  *
@@ -32,3 +30,17 @@ int ossl_pool_add_nonce_data(RAND_POOL *pool);
  */
 int rand_pool_add_additional_data(RAND_POOL *pool);
 
+/*
+ * External seeding functions from the core dispatch table.
+ */
+int ossl_prov_seeding_from_dispatch(const OSSL_DISPATCH *fns);
+
+size_t ossl_prov_get_entropy(PROV_CTX *prov_ctx, unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len);
+void ossl_prov_cleanup_entropy(PROV_CTX *prov_ctx, unsigned char *buf,
+                               size_t len);
+size_t ossl_prov_get_nonce(PROV_CTX *prov_ctx, unsigned char **pout,
+                           size_t min_len, size_t max_len,
+                           const void *salt, size_t salt_len);
+void ossl_prov_cleanup_nonce(PROV_CTX *prov_ctx, unsigned char *buf,
+                             size_t len);
diff --git a/providers/implementations/rands/build.info b/providers/implementations/rands/build.info
index 1e710bb510..2ca0cdadc7 100644
--- a/providers/implementations/rands/build.info
+++ b/providers/implementations/rands/build.info
@@ -1,6 +1,6 @@
 SUBDIRS=seeding
 
-$COMMON=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c rand_pool.c
+$COMMON=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c
 
 SOURCE[../../libfips.a]=$COMMON
 SOURCE[../../libnonfips.a]=$COMMON
diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c
index 72907b5a88..f1b31df101 100644
--- a/providers/implementations/rands/crngt.c
+++ b/providers/implementations/rands/crngt.c
@@ -20,40 +20,35 @@
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
 #include "internal/cryptlib.h"
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "drbg_local.h"
 #include "prov/seeding.h"
 
 typedef struct crng_test_global_st {
     unsigned char crngt_prev[EVP_MAX_MD_SIZE];
-    RAND_POOL *crngt_pool;
+    EVP_MD *md;
+    int preloaded;
+    CRYPTO_RWLOCK *lock;
 } CRNG_TEST_GLOBAL;
 
-static int crngt_get_entropy(OSSL_LIB_CTX *ctx, RAND_POOL *pool,
+static int crngt_get_entropy(PROV_CTX *provctx, const EVP_MD *digest,
                              unsigned char *buf, unsigned char *md,
                              unsigned int *md_size)
 {
     int r;
     size_t n;
     unsigned char *p;
-    EVP_MD *fmd;
 
-    if (pool == NULL)
-        return 0;
-
-    n = ossl_pool_acquire_entropy(pool);
-    if (n >= CRNGT_BUFSIZ) {
-        fmd = EVP_MD_fetch(ctx, "SHA256", "");
-        if (fmd == NULL)
-            return 0;
-        p = rand_pool_detach(pool);
-        r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, fmd, NULL);
+    n = ossl_prov_get_entropy(provctx, &p, 0, CRNGT_BUFSIZ, CRNGT_BUFSIZ);
+    if (n == CRNGT_BUFSIZ) {
+        r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, digest, NULL);
         if (r != 0)
             memcpy(buf, p, CRNGT_BUFSIZ);
-        rand_pool_reattach(pool, p);
-        EVP_MD_free(fmd);
-        return r;
+        ossl_prov_cleanup_entropy(provctx, p, n);
+        return r != 0;
     }
+    if (n != 0)
+        ossl_prov_cleanup_entropy(provctx, p, n);
     return 0;
 }
 
@@ -61,31 +56,30 @@ static void rand_crng_ossl_ctx_free(void *vcrngt_glob)
 {
     CRNG_TEST_GLOBAL *crngt_glob = vcrngt_glob;
 
-    rand_pool_free(crngt_glob->crngt_pool);
+    CRYPTO_THREAD_lock_free(crngt_glob->lock);
+    EVP_MD_free(crngt_glob->md);
     OPENSSL_free(crngt_glob);
 }
 
 static void *rand_crng_ossl_ctx_new(OSSL_LIB_CTX *ctx)
 {
-    unsigned char buf[CRNGT_BUFSIZ];
     CRNG_TEST_GLOBAL *crngt_glob = OPENSSL_zalloc(sizeof(*crngt_glob));
 
     if (crngt_glob == NULL)
         return NULL;
 
-    if ((crngt_glob->crngt_pool
-         = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) {
+    if ((crngt_glob->md = EVP_MD_fetch(ctx, "SHA256", "")) == NULL) {
         OPENSSL_free(crngt_glob);
         return NULL;
     }
-    if (crngt_get_entropy(ctx, crngt_glob->crngt_pool, buf,
-                          crngt_glob->crngt_prev, NULL)) {
-        OPENSSL_cleanse(buf, sizeof(buf));
-        return crngt_glob;
+
+    if ((crngt_glob->lock = CRYPTO_THREAD_lock_new()) == NULL) {
+        EVP_MD_free(crngt_glob->md);
+        OPENSSL_free(crngt_glob);
+        return NULL;
     }
-    rand_pool_free(crngt_glob->crngt_pool);
-    OPENSSL_free(crngt_glob);
-    return NULL;
+
+    return crngt_glob;
 }
 
 static const OSSL_LIB_CTX_METHOD rand_crng_ossl_ctx_method = {
@@ -109,12 +103,14 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
                               int entropy, size_t min_len, size_t max_len,
                               int prediction_resistance)
 {
-    unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned char buf[CRNGT_BUFSIZ];
+    unsigned char *ent, *entp, *entbuf;
     unsigned int sz;
-    RAND_POOL *pool;
-    size_t q, r = 0, s, t = 0;
-    int attempts = 3, crng_test_pass = 1;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(drbg->provctx);
+    size_t bytes_needed;
+    size_t r = 0, s, t;
+    int crng_test_pass = 1;
+    OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx);
     CRNG_TEST_GLOBAL *crngt_glob
         = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_RAND_CRNGT_INDEX,
                                 &rand_crng_ossl_ctx_method);
@@ -125,9 +121,32 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
     if (crngt_glob == NULL)
         return 0;
 
-    if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
+    if (!CRYPTO_THREAD_write_lock(crngt_glob->lock))
         return 0;
 
+    if (!crngt_glob->preloaded) {
+        if (!crngt_get_entropy(drbg->provctx, crngt_glob->md, buf,
+                               crngt_glob->crngt_prev, NULL)) {
+            OPENSSL_cleanse(buf, sizeof(buf));
+            goto unlock_return;
+        }
+        crngt_glob->preloaded = 1;
+    }
+
+    /*
+     * Calculate how many bytes of seed material we require, rounded up
+     * to the nearest byte.  If the entropy is of less than full quality,
+     * the amount required should be scaled up appropriately here.
+     */
+    bytes_needed = (entropy + 7) / 8;
+    if (bytes_needed < min_len)
+        bytes_needed = min_len;
+    if (bytes_needed > max_len)
+        goto unlock_return;
+    entp = ent = OPENSSL_secure_malloc(bytes_needed);
+    if (ent == NULL)
+        goto unlock_return;
+
     OSSL_SELF_TEST_get_callback(libctx, &stcb, &stcbarg);
     if (stcb != NULL) {
         st = OSSL_SELF_TEST_new(stcb, stcbarg);
@@ -137,10 +156,14 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
                                OSSL_SELF_TEST_DESC_RNG);
     }
 
-    while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
-        s = q > sizeof(buf) ? sizeof(buf) : q;
-        if (!crngt_get_entropy(libctx, crngt_glob->crngt_pool, buf, md, &sz))
+    for (t = bytes_needed; t > 0;) {
+        /* Care needs to be taken to avoid overrunning the buffer */
+        s = t >= CRNGT_BUFSIZ ? CRNGT_BUFSIZ : t;
+        entbuf = t >= CRNGT_BUFSIZ ? entp : buf;
+        if (!crngt_get_entropy(drbg->provctx, crngt_glob->md, entbuf, md, &sz))
             goto err;
+        if (t < CRNGT_BUFSIZ)
+            memcpy(entp, buf, t);
         /* Force a failure here if the callback returns 1 */
         if (OSSL_SELF_TEST_oncorrupt_byte(st, md))
             memcpy(md, crngt_glob->crngt_prev, sz);
@@ -148,23 +171,26 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
             crng_test_pass = 0;
             goto err;
         }
-        if (!rand_pool_add(pool, buf, s, s * 8))
-            goto err;
+        /* Update for next block */
         memcpy(crngt_glob->crngt_prev, md, sz);
-        t += s;
-        attempts++;
+        entp += s;
+        t -= s;
     }
-    r = t;
-    *pout = rand_pool_detach(pool);
-err:
+    r = bytes_needed;
+    *pout = ent;
+    ent = NULL;
+
+ err:
     OSSL_SELF_TEST_onend(st, crng_test_pass);
     OSSL_SELF_TEST_free(st);
-    OPENSSL_cleanse(buf, sizeof(buf));
-    rand_pool_free(pool);
+    OPENSSL_secure_clear_free(ent, bytes_needed);
+
+ unlock_return:
+    CRYPTO_THREAD_unlock(crngt_glob->lock);
     return r;
 }
 
-void ossl_crngt_cleanup_entropy(PROV_DRBG *drbg,
+void ossl_crngt_cleanup_entropy(ossl_unused PROV_DRBG *drbg,
                                 unsigned char *out, size_t outlen)
 {
     OPENSSL_secure_clear_free(out, outlen);
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index a294ed7f1d..cc965c9bc0 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -17,7 +17,7 @@
 #include "internal/thread_once.h"
 #include "crypto/cryptlib.h"
 #include "prov/seeding.h"
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommonerr.h"
 #include "prov/providercommon.h"
@@ -110,18 +110,15 @@ static unsigned int get_parent_reseed_count(PROV_DRBG *drbg)
 {
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
     void *parent = drbg->parent;
-    unsigned int r;
+    unsigned int r = 0;
 
     *params = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, &r);
     if (!ossl_drbg_lock_parent(drbg)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOCK_PARENT);
         goto err;
     }
-    if (!drbg->parent_get_ctx_params(parent, params)) {
-        ossl_drbg_unlock_parent(drbg);
-        ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_RESEED_PROP_CTR);
-        goto err;
-    }
+    if (!drbg->parent_get_ctx_params(parent, params))
+        r = 0;
     ossl_drbg_unlock_parent(drbg);
     return r;
 
@@ -148,106 +145,90 @@ static size_t prov_drbg_get_entropy(PROV_DRBG *drbg, unsigned char **pout,
                                     int entropy, size_t min_len,
                                     size_t max_len, int prediction_resistance)
 {
-    size_t ret = 0;
-    size_t entropy_available = 0;
-    RAND_POOL *pool;
     unsigned int p_str;
+    size_t r, bytes_needed;
+    unsigned char *buffer;
 
-    if (drbg->parent != NULL) {
-        if (!get_parent_strength(drbg, &p_str))
-            return 0;
-        if (drbg->strength > p_str) {
-            /*
-             * We currently don't support the algorithm from NIST SP 800-90C
-             * 10.1.2 to use a weaker DRBG as source
-             */
-            ERR_raise(ERR_LIB_RAND, PROV_R_PARENT_STRENGTH_TOO_WEAK);
-            return 0;
-        }
+    if (!get_parent_strength(drbg, &p_str))
+        return 0;
+    if (drbg->strength > p_str) {
+        /*
+         * We currently don't support the algorithm from NIST SP 800-90C
+         * 10.1.2 to use a weaker DRBG as source
+         */
+        ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_STRENGTH_TOO_WEAK);
+        return 0;
     }
 
-    if (drbg->seed_pool != NULL) {
-        pool = drbg->seed_pool;
-        pool->entropy_requested = entropy;
-    } else {
-        pool = rand_pool_new(entropy, 1, min_len, max_len);
-        if (pool == NULL) {
-            ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
+    if (drbg->parent_generate == NULL) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS);
+        return 0;
     }
 
-    if (drbg->parent != NULL) {
-        size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
-        unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
+    /* Figure out how many bytes we need */
+    bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0;
+    if (bytes_needed < min_len)
+        bytes_needed = min_len;
+    if (bytes_needed > max_len)
+        bytes_needed = max_len;
 
-        if (buffer != NULL) {
-            size_t bytes = 0;
-
-            if (drbg->parent_generate == NULL)
-                goto err;
-            /*
-             * Our lock is already held, but we need to lock our parent before
-             * generating bits from it. (Note: taking the lock will be a no-op
-             * if locking if drbg->parent->lock == NULL.)
-             */
-            ossl_drbg_lock_parent(drbg);
-            /*
-             * Get random data from parent.  Include our DRBG address as
-             * additional input, in order to provide a distinction between
-             * different DRBG child instances.
-             *
-             * Note: using the sizeof() operator on a pointer triggers
-             *       a warning in some static code analyzers, but it's
-             *       intentional and correct here.
-             */
-            if (drbg->parent_generate(drbg->parent, buffer, bytes_needed,
-                                      drbg->strength, prediction_resistance,
-                                      (unsigned char *)&drbg,
-                                      sizeof(drbg)) != 0)
-                bytes = bytes_needed;
-            ossl_drbg_unlock_parent(drbg);
-            drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
-
-            rand_pool_add_end(pool, bytes, 8 * bytes);
-            entropy_available = rand_pool_entropy_available(pool);
-        }
-    } else {
-        /* Get entropy by polling system entropy sources. */
-        entropy_available = ossl_pool_acquire_entropy(pool);
+    /* Allocate storage */
+    buffer = OPENSSL_secure_malloc(bytes_needed);
+    if (buffer == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return 0;
     }
 
-    if (entropy_available > 0) {
-        ret   = rand_pool_length(pool);
-        *pout = rand_pool_detach(pool);
+    /*
+     * Our lock is already held, but we need to lock our parent before
+     * generating bits from it.  Note: taking the lock will be a no-op
+     * if locking is not required (while drbg->parent->lock == NULL).
+     */
+    ossl_drbg_lock_parent(drbg);
+    /*
+     * Get random data from parent.  Include our DRBG address as
+     * additional input, in order to provide a distinction between
+     * different DRBG child instances.
+     *
+     * Note: using the sizeof() operator on a pointer triggers
+     *       a warning in some static code analyzers, but it's
+     *       intentional and correct here.
+     */
+    r = drbg->parent_generate(drbg->parent, buffer, bytes_needed,
+                              drbg->strength, prediction_resistance,
+                              (unsigned char *)&drbg,
+                              sizeof(drbg));
+    ossl_drbg_unlock_parent(drbg);
+    if (r == 0) {
+        OPENSSL_secure_clear_free(buffer, bytes_needed);
+        ERR_raise(ERR_LIB_PROV, PROV_R_GENERATE_ERROR);
+        return 0;
     }
-
-err:
-    if (drbg->seed_pool == NULL)
-        rand_pool_free(pool);
-    return ret;
+    *pout = buffer;
+    return bytes_needed;
 }
 
 /*
  * Implements the cleanup_entropy() callback
  *
  */
-static void prov_drbg_cleanup_entropy(PROV_DRBG *drbg,
+static void prov_drbg_cleanup_entropy(ossl_unused PROV_DRBG *drbg,
                                       unsigned char *out, size_t outlen)
 {
-    if (drbg->seed_pool == NULL) {
-        OPENSSL_secure_clear_free(out, outlen);
-    }
+    OPENSSL_secure_clear_free(out, outlen);
 }
 
 static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy,
                           size_t min_len, size_t max_len,
                           int prediction_resistance)
 {
-#ifdef FIPS_MODULE
     if (drbg->parent == NULL)
+#ifdef FIPS_MODULE
         return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len,
                                       prediction_resistance);
+#else
+        return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len,
+                                     max_len);
 #endif
 
     return prov_drbg_get_entropy(drbg, pout, entropy, min_len, max_len,
@@ -256,12 +237,15 @@ static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy,
 
 static void cleanup_entropy(PROV_DRBG *drbg, unsigned char *out, size_t outlen)
 {
+    if (drbg->parent == NULL) {
 #ifdef FIPS_MODULE
-    if (drbg->parent == NULL)
         ossl_crngt_cleanup_entropy(drbg, out, outlen);
-    else
+#else
+        ossl_prov_cleanup_entropy(drbg->provctx, out, outlen);
 #endif
+    } else {
         prov_drbg_cleanup_entropy(drbg, out, outlen);
+    }
 }
 
 #ifndef PROV_RAND_GET_RANDOM_NONCE
@@ -311,75 +295,45 @@ static const OSSL_LIB_CTX_METHOD drbg_nonce_ossl_ctx_method = {
 };
 
 /* Get a nonce from the operating system */
-static size_t prov_drbg_get_nonce(PROV_DRBG *drbg,
-                                  unsigned char **pout,
-                                  int entropy, size_t min_len, size_t max_len)
+static size_t prov_drbg_get_nonce(PROV_DRBG *drbg, unsigned char **pout,
+                                  size_t min_len, size_t max_len)
 {
     size_t ret = 0, n;
-    RAND_POOL *pool;
     unsigned char *buf = NULL;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(drbg->provctx);
+    OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx);
     PROV_DRBG_NONCE_GLOBAL *dngbl
         = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DRBG_NONCE_INDEX,
                                 &drbg_nonce_ossl_ctx_method);
     struct {
-        void *instance;
+        void *drbg;
         int count;
     } data;
-    
+
     if (dngbl == NULL)
         return 0;
 
-    if (drbg->parent != NULL) {
-        if (drbg->parent_nonce != NULL) {
-            n = drbg->parent_nonce(drbg->parent, NULL, 0, drbg->min_noncelen,
-                                   drbg->max_noncelen);
-            if (n > 0 && (buf = OPENSSL_malloc(n)) != NULL) {
-                ret = drbg->parent_nonce(drbg->parent, buf, 0,
-                                         drbg->min_noncelen,
-                                         drbg->max_noncelen);
-                if (ret == n) {
-                    *pout = buf;
-                    return ret;
-                }
-                OPENSSL_free(buf);
+    if (drbg->parent != NULL && drbg->parent_nonce != NULL) {
+        n = drbg->parent_nonce(drbg->parent, NULL, 0, drbg->min_noncelen,
+                               drbg->max_noncelen);
+        if (n > 0 && (buf = OPENSSL_malloc(n)) != NULL) {
+            ret = drbg->parent_nonce(drbg->parent, buf, 0,
+                                     drbg->min_noncelen, drbg->max_noncelen);
+            if (ret == n) {
+                *pout = buf;
+                return ret;
             }
+            OPENSSL_free(buf);
         }
     }
 
-    /* Use the built in nonce source */
+    /* Use the built in nonce source plus some of our specifics */
     memset(&data, 0, sizeof(data));
-    pool = rand_pool_new(0, 0, min_len, max_len);
-    if (pool == NULL)
-        return 0;
-
-    if (ossl_pool_add_nonce_data(pool) == 0)
-        goto err;
-
-    data.instance = drbg;
+    data.drbg = drbg;
     CRYPTO_atomic_add(&dngbl->rand_nonce_count, 1, &data.count,
                       dngbl->rand_nonce_lock);
-
-    if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)
-        goto err;
-
-    ret   = rand_pool_length(pool);
-    *pout = rand_pool_detach(pool);
-
- err:
-    rand_pool_free(pool);
-
-    return ret;
+    return ossl_prov_get_nonce(drbg->provctx, pout, min_len, max_len,
+                               &data, sizeof(data));
 }
-
-static void prov_drbg_clear_nonce(PROV_DRBG *drbg, unsigned char *nonce,
-                                  size_t noncelen)
-{
-    OPENSSL_clear_free(nonce, noncelen);
-}
-#else
-# define prov_drbg_clear_nonce(drbg, nonce, len) \
-    OPENSSL_clear_free((nonce), (len))
 #endif /* PROV_RAND_GET_RANDOM_NONCE */
 
 /*
@@ -465,8 +419,7 @@ int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength,
         }
 #ifndef PROV_RAND_GET_RANDOM_NONCE
         else { /* parent == NULL */
-            noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->strength / 2,
-                                           drbg->min_noncelen, 
+            noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->min_noncelen, 
                                            drbg->max_noncelen);
             if (noncelen < drbg->min_noncelen
                     || noncelen > drbg->max_noncelen) {
@@ -507,7 +460,8 @@ int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength,
  end:
     if (entropy != NULL)
         cleanup_entropy(drbg, entropy, entropylen);
-    prov_drbg_clear_nonce(drbg, nonce, noncelen);
+    if (nonce != NULL)
+        ossl_prov_cleanup_nonce(drbg->provctx, nonce, noncelen);
     if (drbg->state == EVP_RAND_STATE_READY)
         return 1;
     return 0;
@@ -745,14 +699,6 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
  */
 static int rand_drbg_restart(PROV_DRBG *drbg)
 {
-    if (drbg->seed_pool != NULL) {
-        drbg->state = EVP_RAND_STATE_ERROR;
-        rand_pool_free(drbg->seed_pool);
-        drbg->seed_pool = NULL;
-        ERR_raise(ERR_LIB_RAND, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-
     /* repair error state */
     if (drbg->state == EVP_RAND_STATE_ERROR)
         drbg->uninstantiate(drbg);
@@ -762,8 +708,6 @@ static int rand_drbg_restart(PROV_DRBG *drbg)
         /* reinstantiate drbg */
         ossl_prov_drbg_instantiate(drbg, drbg->strength, 0, NULL, 0);
 
-    rand_pool_free(drbg->seed_pool);
-    drbg->seed_pool = NULL;
     return drbg->state == EVP_RAND_STATE_READY;
 }
 
@@ -892,7 +836,6 @@ void ossl_rand_drbg_free(PROV_DRBG *drbg)
     if (drbg == NULL)
         return;
 
-    rand_pool_free(drbg->adin_pool);
     CRYPTO_THREAD_lock_free(drbg->lock);
     OPENSSL_free(drbg);
 }
@@ -909,7 +852,7 @@ int ossl_drbg_get_ctx_params(PROV_DRBG *drbg, OSSL_PARAM params[])
     if (p != NULL && !OSSL_PARAM_set_int(p, drbg->strength))
         return 0;
 
-    p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MAX_REQUEST);
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
     if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_request))
         return 0;
 
diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h
index 1877dce44f..fbae882535 100644
--- a/providers/implementations/rands/drbg_local.h
+++ b/providers/implementations/rands/drbg_local.h
@@ -17,6 +17,7 @@
 # include "internal/tsan_assist.h"
 # include "internal/nelem.h"
 # include "internal/numbers.h"
+# include "prov/provider_ctx.h"
 
 /* How many times to read the TSC as a randomness source. */
 # define TSC_READ_COUNT                 4
@@ -71,7 +72,7 @@ typedef enum drbg_status_e {
  */
 struct prov_drbg_st {
     CRYPTO_RWLOCK *lock;
-    void *provctx;
+    PROV_CTX *provctx;
 
     /* Virtual functions are cache here */
     int (*instantiate)(PROV_DRBG *drbg,
@@ -104,21 +105,6 @@ struct prov_drbg_st {
     int fork_id;
     unsigned short flags; /* various external flags */
 
-    /*
-     * The random_data is used by PROV_add()/drbg_add() to attach random
-     * data to the global drbg, such that the rand_drbg_get_entropy() callback
-     * can pull it during instantiation and reseeding. This is necessary to
-     * reconcile the different philosophies of the PROV and the PROV_DRBG
-     * with respect to how randomness is added to the RNG during reseeding
-     * (see PR #4328).
-     */
-    struct rand_pool_st *seed_pool;
-
-    /*
-     * Auxiliary pool for additional data.
-     */
-    struct rand_pool_st *adin_pool;
-
     /*
      * The following parameters are setup by the per-type "init" function.
      *
@@ -242,17 +228,17 @@ int ossl_drbg_set_ctx_params(PROV_DRBG *drbg, const OSSL_PARAM params[]);
     OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL),             \
     OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL)
 
-#define OSSL_PARAM_DRBG_GETTABLE_CTX_COMMON                              \
+#define OSSL_PARAM_DRBG_GETTABLE_CTX_COMMON                             \
     OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),                        \
     OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),                    \
-    OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, NULL),               \
+    OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),               \
     OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_ENTROPYLEN, NULL),            \
     OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ENTROPYLEN, NULL),            \
     OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_NONCELEN, NULL),              \
     OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_NONCELEN, NULL),              \
     OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_PERSLEN, NULL),               \
     OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ADINLEN, NULL),               \
-    OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, NULL),                  \
+    OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, NULL),              \
     OSSL_PARAM_time_t(OSSL_DRBG_PARAM_RESEED_TIME, NULL),               \
     OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL),             \
     OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL)
diff --git a/providers/implementations/rands/seeding/build.info b/providers/implementations/rands/seeding/build.info
index e75a941098..58c5be3daf 100644
--- a/providers/implementations/rands/seeding/build.info
+++ b/providers/implementations/rands/seeding/build.info
@@ -6,6 +6,5 @@ IF[{- $config{target} =~ /vms/i -}]
   $COMMON=$COMMON rand_vms.c
 ENDIF
 
-SOURCE[../../../libfips.a]=$COMMON
 SOURCE[../../../libnonfips.a]=$COMMON
 
diff --git a/providers/implementations/rands/seeding/rand_cpu_x86.c b/providers/implementations/rands/seeding/rand_cpu_x86.c
index 46ced51af2..0b163571f1 100644
--- a/providers/implementations/rands/seeding/rand_cpu_x86.c
+++ b/providers/implementations/rands/seeding/rand_cpu_x86.c
@@ -9,7 +9,7 @@
 
 #include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "prov/seeding.h"
 
 #ifdef OPENSSL_RAND_SEED_RDCPU
diff --git a/providers/implementations/rands/seeding/rand_tsc.c b/providers/implementations/rands/seeding/rand_tsc.c
index 520f140fdf..2777335469 100644
--- a/providers/implementations/rands/seeding/rand_tsc.c
+++ b/providers/implementations/rands/seeding/rand_tsc.c
@@ -9,7 +9,7 @@
 
 #include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "prov/seeding.h"
 
 #ifdef OPENSSL_RAND_SEED_RDTSC
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
index 35d2878d5c..81fd50c430 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -15,7 +15,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "crypto/rand.h"
 #include <stdio.h>
 #include "internal/dso.h"
diff --git a/providers/implementations/rands/seeding/rand_vms.c b/providers/implementations/rands/seeding/rand_vms.c
index da143f3dbe..3a91d24405 100644
--- a/providers/implementations/rands/seeding/rand_vms.c
+++ b/providers/implementations/rands/seeding/rand_vms.c
@@ -14,7 +14,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include "crypto/rand.h"
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "prov/seeding.h"
 #include <descrip.h>
 #include <dvidef.h>
diff --git a/providers/implementations/rands/seeding/rand_vxworks.c b/providers/implementations/rands/seeding/rand_vxworks.c
index 70b4c7b677..2629346e62 100644
--- a/providers/implementations/rands/seeding/rand_vxworks.c
+++ b/providers/implementations/rands/seeding/rand_vxworks.c
@@ -10,7 +10,7 @@
 #include <openssl/opensslconf.h>
 
 #include <openssl/rand.h>
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "crypto/rand.h"
 #include "internal/cryptlib.h"
 #include "prov/seeding.h"
diff --git a/providers/implementations/rands/seeding/rand_win.c b/providers/implementations/rands/seeding/rand_win.c
index bac6b5723e..39b0902e55 100644
--- a/providers/implementations/rands/seeding/rand_win.c
+++ b/providers/implementations/rands/seeding/rand_win.c
@@ -9,7 +9,7 @@
 
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 #include "crypto/rand.h"
 #include "prov/seeding.h"
 
diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c
index 68aedda344..33cbd20e9b 100644
--- a/providers/implementations/rands/test_rng.c
+++ b/providers/implementations/rands/test_rng.c
@@ -11,114 +11,103 @@
 #include <openssl/core_dispatch.h>
 #include <openssl/e_os2.h>
 #include <openssl/params.h>
+#include <openssl/core_names.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/randerr.h>
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
 #include "prov/implementations.h"
-#include "drbg_local.h"
 
-static OSSL_FUNC_rand_newctx_fn test_rng_new_wrapper;
+static OSSL_FUNC_rand_newctx_fn test_rng_new;
 static OSSL_FUNC_rand_freectx_fn test_rng_free;
-static OSSL_FUNC_rand_instantiate_fn test_rng_instantiate_wrapper;
-static OSSL_FUNC_rand_uninstantiate_fn test_rng_uninstantiate_wrapper;
-static OSSL_FUNC_rand_generate_fn test_rng_generate_wrapper;
-static OSSL_FUNC_rand_reseed_fn test_rng_reseed_wrapper;
+static OSSL_FUNC_rand_instantiate_fn test_rng_instantiate;
+static OSSL_FUNC_rand_uninstantiate_fn test_rng_uninstantiate;
+static OSSL_FUNC_rand_generate_fn test_rng_generate;
+static OSSL_FUNC_rand_reseed_fn test_rng_reseed;
 static OSSL_FUNC_rand_nonce_fn test_rng_nonce;
 static OSSL_FUNC_rand_settable_ctx_params_fn test_rng_settable_ctx_params;
 static OSSL_FUNC_rand_set_ctx_params_fn test_rng_set_ctx_params;
 static OSSL_FUNC_rand_gettable_ctx_params_fn test_rng_gettable_ctx_params;
 static OSSL_FUNC_rand_get_ctx_params_fn test_rng_get_ctx_params;
 static OSSL_FUNC_rand_verify_zeroization_fn test_rng_verify_zeroization;
+static OSSL_FUNC_rand_enable_locking_fn test_rng_enable_locking;
+static OSSL_FUNC_rand_lock_fn test_rng_lock;
+static OSSL_FUNC_rand_unlock_fn test_rng_unlock;
 
 typedef struct {
+    void *provctx;
+    int state;
+    unsigned int strength;
+    size_t max_request;
     unsigned char *entropy, *nonce;
     size_t entropy_len, entropy_pos, nonce_len;
-    unsigned int strength;
+    CRYPTO_RWLOCK *lock;
 } PROV_TEST_RNG;
 
-static int test_rng_new(PROV_DRBG *ctx)
+static void *test_rng_new(void *provctx, void *parent,
+                          const OSSL_DISPATCH *parent_dispatch)
 {
     PROV_TEST_RNG *t;
 
+    if (parent != NULL)
+        return NULL;
+
     t = OPENSSL_zalloc(sizeof(*t));
     if (t == NULL)
-        return 0;
-    ctx->data = t;
-    ctx->seedlen = INT_MAX;
-    ctx->max_entropylen = INT_MAX;
-    ctx->max_noncelen = INT_MAX;
-    ctx->max_perslen = INT_MAX;
-    ctx->max_adinlen = INT_MAX;
-    ctx->max_request = INT_MAX;
-    return 1;
+        return NULL;
+
+    t->max_request = INT_MAX;
+    t->provctx = provctx;
+    t->state = EVP_RAND_STATE_UNINITIALISED;
+    return t;
 }
 
-static void test_rng_free(void *vdrbg)
+static void test_rng_free(void *vtest)
 {
-    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
-    PROV_TEST_RNG *t = (PROV_TEST_RNG *)drbg->data;
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
 
+    if (t == NULL)
+        return;
     OPENSSL_free(t->entropy);
     OPENSSL_free(t->nonce);
-    OPENSSL_free(drbg->data);
-    ossl_rand_drbg_free(drbg);
+    CRYPTO_THREAD_lock_free(t->lock);
+    OPENSSL_free(t);
 }
 
-static int test_rng_instantiate(PROV_DRBG *drbg,
-                                const unsigned char *ent, size_t ent_len,
-                                const unsigned char *nonce, size_t nonce_len,
+static int test_rng_instantiate(void *vtest, unsigned int strength,
+                                int prediction_resistance,
                                 const unsigned char *pstr, size_t pstr_len)
 {
-    PROV_TEST_RNG *t = (PROV_TEST_RNG *)drbg->data;
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
 
-    if (ent != NULL && (ent_len < drbg->min_entropylen
-                        || ent_len >= drbg->max_entropylen))
-        return 0;
-    if (nonce != NULL && (nonce_len < drbg->min_noncelen
-                        || nonce_len >= drbg->max_noncelen))
-        return 0;
-    if (pstr != NULL && pstr_len >= drbg->max_perslen)
+    if (strength > t->strength)
         return 0;
 
+    t->state = EVP_RAND_STATE_READY;
     t->entropy_pos = 0;
-    return 1;
-}
-
-static int test_rng_instantiate_wrapper(void *vdrbg, unsigned int strength,
-                                        int prediction_resistance,
-                                        const unsigned char *pstr,
-                                        size_t pstr_len)
-{
-    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
-
-    if (pstr != NULL && pstr_len >= drbg->max_perslen)
-        return 0;
 
-    return ossl_prov_drbg_instantiate(drbg, strength, prediction_resistance,
-                                      pstr, pstr_len);
+    return 1;
 }
 
-static int test_rng_uninstantiate(PROV_DRBG *drbg)
+static int test_rng_uninstantiate(void *vtest)
 {
-    PROV_TEST_RNG *t = (PROV_TEST_RNG *)drbg->data;
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
 
     t->entropy_pos = 0;
-    return ossl_prov_drbg_uninstantiate(drbg);
-}
-
-static int test_rng_uninstantiate_wrapper(void *vdrbg)
-{
-    return test_rng_uninstantiate((PROV_DRBG *)vdrbg);
+    t->state = EVP_RAND_STATE_UNINITIALISED;
+    return 1;
 }
 
-static int test_rng_generate(PROV_DRBG *drbg,
-                             unsigned char *out, size_t outlen,
+static int test_rng_generate(void *vtest, unsigned char *out, size_t outlen,
+                             unsigned int strength, int prediction_resistance,
                              const unsigned char *adin, size_t adin_len)
 {
-    PROV_TEST_RNG *t = (PROV_TEST_RNG *)drbg->data;
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
     size_t i;
 
-    if (t->entropy == NULL || (adin != NULL && adin_len >= drbg->max_adinlen))
+    if (strength > t->strength)
         return 0;
 
     for (i = 0; i < outlen; i++) {
@@ -129,49 +118,24 @@ static int test_rng_generate(PROV_DRBG *drbg,
     return 1;
 }
 
-static int test_rng_generate_wrapper
-    (void *vdrbg, unsigned char *out, size_t outlen,
-      unsigned int strength, int prediction_resistance,
-      const unsigned char *adin, size_t adin_len)
+static int test_rng_reseed(ossl_unused void *vtest,
+                           ossl_unused int prediction_resistance,
+                           ossl_unused const unsigned char *ent,
+                           ossl_unused size_t ent_len,
+                           ossl_unused const unsigned char *adin,
+                           ossl_unused size_t adin_len)
 {
-    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
-
-    if (strength > drbg->strength)
-        return 0;
-    return test_rng_generate(drbg, out, outlen, adin, adin_len);
-}
-
-static int test_rng_reseed(PROV_DRBG *drbg,
-                            const unsigned char *ent, size_t ent_len,
-                            const unsigned char *adin, size_t adin_len)
-{
-    if (ent != NULL && (ent_len < drbg->min_entropylen
-                        || ent_len >= drbg->max_entropylen))
-        return 0;
-    if (adin != NULL && adin_len >= drbg->max_adinlen)
-        return 0;
-
     return 1;
 }
 
-static int test_rng_reseed_wrapper(void *vdrbg, int prediction_resistance,
-                                   const unsigned char *ent, size_t ent_len,
-                                   const unsigned char *adin, size_t adin_len)
-{
-    return test_rng_reseed((PROV_DRBG *)vdrbg, ent, ent_len, adin, adin_len);
-}
-
-static size_t test_rng_nonce(void *vdrbg, unsigned char *out,
-                             unsigned int strength, size_t min_noncelen,
-                             size_t max_noncelen)
+static size_t test_rng_nonce(void *vtest, unsigned char *out,
+                             unsigned int strength,
+                             ossl_unused size_t min_noncelen,
+                             ossl_unused size_t max_noncelen)
 {
-    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
-    PROV_TEST_RNG *t = (PROV_TEST_RNG *)drbg->data;
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
 
-    if (t->nonce == NULL
-            || strength > drbg->strength
-            || min_noncelen > t->nonce_len
-            || max_noncelen < t->nonce_len)
+    if (t->nonce == NULL || strength > t->strength)
         return 0;
 
     if (out != NULL)
@@ -179,41 +143,45 @@ static size_t test_rng_nonce(void *vdrbg, unsigned char *out,
     return t->nonce_len;
 }
 
-static int test_rng_get_ctx_params(void *vdrbg, OSSL_PARAM params[])
+static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[])
 {
-    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
+    OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE);
+    if (p != NULL && !OSSL_PARAM_set_int(p, t->state))
+        return 0;
+
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH);
+    if (p != NULL && !OSSL_PARAM_set_int(p, t->strength))
+        return 0;
 
-    return ossl_drbg_get_ctx_params(drbg, params);
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, t->max_request))
+        return 0;
+    return 1;
 }
 
 static const OSSL_PARAM *test_rng_gettable_ctx_params(ossl_unused void *provctx)
 {
     static const OSSL_PARAM known_gettable_ctx_params[] = {
-        OSSL_PARAM_DRBG_GETTABLE_CTX_COMMON,
+        OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
+        OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
+        OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
         OSSL_PARAM_END
     };
     return known_gettable_ctx_params;
 }
 
-static int set_size_t(const OSSL_PARAM *params, const char *name,
-                            size_t *val)
+static int test_rng_set_ctx_params(void *vtest, const OSSL_PARAM params[])
 {
-    const OSSL_PARAM *p = OSSL_PARAM_locate_const(params, name);
-
-    return p == NULL || OSSL_PARAM_get_size_t(p, val);
-}
-
-static int test_rng_set_ctx_params(void *vdrbg, const OSSL_PARAM params[])
-{
-    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
-    PROV_TEST_RNG *t = (PROV_TEST_RNG *)drbg->data;
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
     const OSSL_PARAM *p;
     void *ptr = NULL;
     size_t size = 0;
-    unsigned int uint;
 
     p = OSSL_PARAM_locate_const(params, OSSL_RAND_PARAM_STRENGTH);
-    if (p != NULL && !OSSL_PARAM_get_uint(p, &drbg->strength))
+    if (p != NULL && !OSSL_PARAM_get_uint(p, &t->strength))
         return 0;
 
     p = OSSL_PARAM_locate_const(params, OSSL_RAND_PARAM_TEST_ENTROPY);
@@ -236,32 +204,11 @@ static int test_rng_set_ctx_params(void *vdrbg, const OSSL_PARAM params[])
         t->nonce_len = size;
     }
 
-    p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_RESEED_COUNTER);
-    if (p != NULL) {
-        if (!OSSL_PARAM_get_uint(p, &uint))
-            return 0;
-        tsan_store(&drbg->reseed_counter, uint);
-    }
-
-    p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_RESEED_TIME);
-    if (p != NULL && !OSSL_PARAM_get_time_t(p, &drbg->reseed_time))
+    p = OSSL_PARAM_locate_const(params, OSSL_RAND_PARAM_MAX_REQUEST);
+    if (p != NULL  && !OSSL_PARAM_get_size_t(p, &t->max_request))
         return 0;
 
-    if (!set_size_t(params, OSSL_DRBG_PARAM_MAX_REQUEST, &drbg->max_request)
-            || !set_size_t(params, OSSL_DRBG_PARAM_MIN_ENTROPYLEN,
-                           &drbg->min_entropylen)
-            || !set_size_t(params, OSSL_DRBG_PARAM_MAX_ENTROPYLEN,
-                           &drbg->max_entropylen)
-            || !set_size_t(params, OSSL_DRBG_PARAM_MIN_NONCELEN,
-                           &drbg->min_noncelen)
-            || !set_size_t(params, OSSL_DRBG_PARAM_MAX_NONCELEN,
-                           &drbg->max_noncelen)
-            || !set_size_t(params, OSSL_DRBG_PARAM_MAX_PERSLEN,
-                           &drbg->max_perslen)
-            || !set_size_t(params, OSSL_DRBG_PARAM_MAX_ADINLEN,
-                           &drbg->max_adinlen))
-        return 0;
-    return ossl_drbg_set_ctx_params(drbg, params);
+    return 1;
 }
 
 static const OSSL_PARAM *test_rng_settable_ctx_params(ossl_unused void *provctx)
@@ -270,48 +217,61 @@ static const OSSL_PARAM *test_rng_settable_ctx_params(ossl_unused void *provctx)
         OSSL_PARAM_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, NULL, 0),
         OSSL_PARAM_octet_string(OSSL_RAND_PARAM_TEST_NONCE, NULL, 0),
         OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
-        OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, NULL),
-        OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_ENTROPYLEN, NULL),
-        OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ENTROPYLEN, NULL),
-        OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_NONCELEN, NULL),
-        OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_NONCELEN, NULL),
-        OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_PERSLEN, NULL),
-        OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ADINLEN, NULL),
-        OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, NULL),
-        OSSL_PARAM_time_t(OSSL_DRBG_PARAM_RESEED_TIME, NULL),
-        OSSL_PARAM_DRBG_SETTABLE_CTX_COMMON,
+        OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
         OSSL_PARAM_END
     };
     return known_settable_ctx_params;
 }
 
-static int test_rng_verify_zeroization(void *vdrbg)
+static int test_rng_verify_zeroization(ossl_unused void *vtest)
 {
     return 1;
 }
 
-static void *test_rng_new_wrapper(void *provctx, void *parent,
-                                   const OSSL_DISPATCH *parent_dispatch)
+static int test_rng_enable_locking(void *vtest)
 {
-    return ossl_rand_drbg_new(provctx, parent, parent_dispatch,
-                              &test_rng_new, &test_rng_instantiate,
-                              &test_rng_uninstantiate, &test_rng_reseed,
-                              &test_rng_generate);
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
+
+    if (t != NULL && t->lock == NULL) {
+        t->lock = CRYPTO_THREAD_lock_new();
+        if (t->lock == NULL) {
+            ERR_raise(ERR_LIB_PROV, RAND_R_FAILED_TO_CREATE_LOCK);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int test_rng_lock(void *vtest)
+{
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
+
+    if (t == NULL || t->lock == NULL)
+        return 1;
+    return CRYPTO_THREAD_write_lock(t->lock);
+}
+
+static void test_rng_unlock(void *vtest)
+{
+    PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
+
+    if (t != NULL && t->lock != NULL)
+        CRYPTO_THREAD_unlock(t->lock);
 }
 
 const OSSL_DISPATCH ossl_test_rng_functions[] = {
-    { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))test_rng_new_wrapper },
+    { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))test_rng_new },
     { OSSL_FUNC_RAND_FREECTX, (void(*)(void))test_rng_free },
     { OSSL_FUNC_RAND_INSTANTIATE,
-      (void(*)(void))test_rng_instantiate_wrapper },
+      (void(*)(void))test_rng_instantiate },
     { OSSL_FUNC_RAND_UNINSTANTIATE,
-      (void(*)(void))test_rng_uninstantiate_wrapper },
-    { OSSL_FUNC_RAND_GENERATE, (void(*)(void))test_rng_generate_wrapper },
-    { OSSL_FUNC_RAND_RESEED, (void(*)(void))test_rng_reseed_wrapper },
+      (void(*)(void))test_rng_uninstantiate },
+    { OSSL_FUNC_RAND_GENERATE, (void(*)(void))test_rng_generate },
+    { OSSL_FUNC_RAND_RESEED, (void(*)(void))test_rng_reseed },
     { OSSL_FUNC_RAND_NONCE, (void(*)(void))test_rng_nonce },
-    { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))ossl_drbg_enable_locking },
-    { OSSL_FUNC_RAND_LOCK, (void(*)(void))ossl_drbg_lock },
-    { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))ossl_drbg_unlock },
+    { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))test_rng_enable_locking },
+    { OSSL_FUNC_RAND_LOCK, (void(*)(void))test_rng_lock },
+    { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))test_rng_unlock },
     { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS,
       (void(*)(void))test_rng_settable_ctx_params },
     { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))test_rng_set_ctx_params },
diff --git a/test/build.info b/test/build.info
index b7fafb7eba..0ce3e27ae8 100644
--- a/test/build.info
+++ b/test/build.info
@@ -381,7 +381,7 @@ IF[{- !$disabled{tests} -}]
   DEPEND[recordlentest]=../libcrypto ../libssl libtestutil.a
 
   SOURCE[drbgtest]=drbgtest.c
-  INCLUDE[drbgtest]=../include ../apps/include
+  INCLUDE[drbgtest]=../include ../apps/include ../providers/common/include
   DEPEND[drbgtest]=../libcrypto.a libtestutil.a
 
   SOURCE[rand_status_test]=rand_status_test.c
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index e2f78f1496..a52b472ba6 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1978,7 +1978,7 @@ static int test_rand_agglomeration(void)
     memset(out, 0, sizeof(out));
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
                                              seed, sizeof(seed));
-    *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
+    *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
     *p = OSSL_PARAM_construct_end();
     res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
           && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))


More information about the openssl-commits mailing list