lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210412021144.GP2900@Leo-laptop-t470s>
Date:   Mon, 12 Apr 2021 10:11:44 +0800
From:   Hangbin Liu <liuhangbin@...il.com>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     Eric Biggers <ebiggers@...nel.org>,
        Netdev <netdev@...r.kernel.org>,
        Toke Høiland-Jørgensen <toke@...hat.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Ondrej Mosnacek <omosnace@...hat.com>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode

On Fri, Apr 09, 2021 at 12:29:42PM -0600, Jason A. Donenfeld wrote:
> On Fri, Apr 9, 2021 at 2:08 AM Hangbin Liu <liuhangbin@...il.com> wrote:
> > After offline discussion with Herbert, here is
> > what he said:
> >
> > """
> > This is not a problem in RHEL8 because the Crypto API RNG replaces /dev/random
> > in FIPS mode.
> > """
> 
> So far as I can see, this isn't the case in the kernel sources I'm
> reading? Maybe you're doing some userspace hack with CUSE? But at
> least get_random_bytes doesn't behave this way...

> > I'm not familiar with this code, not sure how upstream handle this.

Hi Jason,

As I said, I'm not familiar with this part of code. If upstream does not
handle this correctly, sure this is an issue and need to be fixed.

And as Simo said, he is also working on this part. I will talk with him
and Herbert and see if we can have a more proper fix.

Feel free to drop this patch.

Thanks
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ