lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180502222522.GA15457@thunk.org>
Date:   Wed, 2 May 2018 18:25:22 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Laura Abbott <labbott@...hat.com>
Cc:     Justin Forbes <jmforbes@...uxtx.org>,
        Jeremy Cline <jeremy@...ine.org>,
        Sultan Alsawaf <sultanxda@...il.com>,
        Pavel Machek <pavel@....cz>,
        LKML <linux-kernel@...r.kernel.org>, Jann Horn <jannh@...gle.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`

On Wed, May 02, 2018 at 10:49:34AM -0700, Laura Abbott wrote:
> 
> It is a Fedora patch we're carrying
> https://src.fedoraproject.org/rpms/libgcrypt/blob/master/f/libgcrypt-1.6.2-fips-ctor.patch#_23
> so yes, it is a Fedora specific use case.
> From talking to the libgcrypt team, this is a FIPS mode requirement
> to run power on self test at the library constructor and the self
> test of libgrcypt ends up requiring a fully seeded RNG. Citation
> is in section 9.10 of
> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf

Forgive me if this is a stupid question, but does Fedora need FIPS
compliance?  Or is this something which is only required for RHEL?

("Here's to FIPS: the cause of, and solution to, all of Life's
problems."  :-)

	  	   		     - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ