[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210412021144.GP2900@Leo-laptop-t470s>
Date: Mon, 12 Apr 2021 10:11:44 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: Eric Biggers <ebiggers@...nel.org>,
Netdev <netdev@...r.kernel.org>,
Toke Høiland-Jørgensen <toke@...hat.com>,
Jakub Kicinski <kuba@...nel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Ondrej Mosnacek <omosnace@...hat.com>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode
On Fri, Apr 09, 2021 at 12:29:42PM -0600, Jason A. Donenfeld wrote:
> On Fri, Apr 9, 2021 at 2:08 AM Hangbin Liu <liuhangbin@...il.com> wrote:
> > After offline discussion with Herbert, here is
> > what he said:
> >
> > """
> > This is not a problem in RHEL8 because the Crypto API RNG replaces /dev/random
> > in FIPS mode.
> > """
>
> So far as I can see, this isn't the case in the kernel sources I'm
> reading? Maybe you're doing some userspace hack with CUSE? But at
> least get_random_bytes doesn't behave this way...
> > I'm not familiar with this code, not sure how upstream handle this.
Hi Jason,
As I said, I'm not familiar with this part of code. If upstream does not
handle this correctly, sure this is an issue and need to be fixed.
And as Simo said, he is also working on this part. I will talk with him
and Herbert and see if we can have a more proper fix.
Feel free to drop this patch.
Thanks
Hangbin
Powered by blists - more mailing lists