lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250628042918.32253-1-wanjay@amazon.com>
Date: Sat, 28 Jun 2025 04:29:16 +0000
From: Jay Wang <wanjay@...zon.com>
To: <stable@...r.kernel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, "David S . Miller"
	<davem@...emloft.net>, <linux-crypto@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <wanjay@...zon.com>
Subject: [PATCH 6.12.y 0/2] crypto: rng - FIPS 140-3 compliance for random number generation

This patch series implements FIPS 140-3 compliance requirements for random
number generation in the Linux kernel 6.12. The changes ensure that when the
kernel is operating in FIPS mode, FIPS-compliant random number
generators are used instead of the default /dev/random implementation.

IMPORTANT: These two patches must be applied together as a series. Applying
only the first patch without the second will cause a deadlock during boot
in FIPS-enabled environments. The second patch fixes a critical timing issue
introduced by the first patch where the crypto RNG attempts to override the
drivers/char/random interface before the default RNG becomes available.

The series consists of two patches:
1. Initial implementation to override drivers/char/random in FIPS mode
2. Refinement to ensure override only occurs after FIPS-mode RNGs are available

These 2 patches are required for FIPS 140-3 certification
and compliance in government and enterprise environments.

Herbert Xu (1):
  crypto: rng - Override drivers/char/random in FIPS mode

Jay Wang (1):
  Override drivers/char/random only after FIPS-mode RNGs become
    available

 crypto/rng.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)

-- 
2.47.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ