linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stephan Mueller <smueller@chronox.de>
To: Simo Sorce <simo@redhat.com>, noloader@gmail.com
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>, Tso Ted <tytso@mit.edu>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Willy Tarreau <w@1wt.eu>, Nicolai Stange <nstange@suse.de>,
	LKML <linux-kernel@vger.kernel.org>,
	Arnd Bergmann <arnd@arndb.de>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	"Alexander E. Patrakov" <patrakov@gmail.com>,
	"Ahmed S. Darwish" <darwish.07@gmail.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Vito Caputo <vcaputo@pengaru.com>,
	Andreas Dilger <adilger.kernel@dilger.ca>,
	Jan Kara <jack@suse.cz>, Ray Strode <rstrode@redhat.com>,
	William Jon McCann <mccann@jhu.edu>,
	zhangjs <zachary@baishancloud.com>,
	Andy Lutomirski <luto@kernel.org>,
	Florian Weimer <fweimer@redhat.com>,
	Lennart Poettering <mzxreary@0pointer.de>,
	Peter Matthias <matthias.peter@bsi.bund.de>,
	Marcelo Henrique Cerri <marcelo.cerri@canonical.com>,
	Neil Horman <nhorman@redhat.com>,
	Randy Dunlap <rdunlap@infradead.org>,
	Julia Lawall <julia.lawall@inria.fr>,
	Dan Carpenter <dan.carpenter@oracle.com>,
	Andy Lavr <andy.lavr@gmail.com>,
	Eric Biggers <ebiggers@kernel.org>,
	Petr Tesarik <ptesarik@suse.cz>,
	John Haxby <john.haxby@oracle.com>,
	Alexander Lobakin <alobakin@mailbox.org>,
	Jirka Hladky <jhladky@redhat.com>
Subject: Re: [PATCH v43 01/15] Linux Random Number Generator
Date: Tue, 23 Nov 2021 06:38:29 +0100	[thread overview]
Message-ID: <5873227.WSGUhziGkc@tauon.chronox.de> (raw)
In-Reply-To: <CAH8yC8niN=q-pD4B3OU9zj84GN-vfi=T_aLq9V3sLTZ-mRP_GQ@mail.gmail.com>

Am Montag, 22. November 2021, 22:06:55 CET schrieb Jeffrey Walton:

Hi Jeffrey,

> On Mon, Nov 22, 2021 at 10:10 AM Simo Sorce <simo@redhat.com> wrote:
> > On Mon, 2021-11-22 at 07:55 +0100, Greg Kroah-Hartman wrote:
> > > On Mon, Nov 22, 2021 at 07:42:02AM +0100, Stephan Mueller wrote:
> > > > ...
> > > > I will leave the representatives from the distros to chime in and
> > > > point to
> > > > these patches.
> > > 
> > > Then why not work with the distros to get these changes merged into the
> > > kernel tree?  They know that keeping things out-of-the-tree costs them
> > > time and money, so why are they keeping them there?
> > 
> > I can speak for my distro.
> > We have not proposed them because they are hacks, we know they are
> > hacks, and we know they are not the long term solution.
> > Yet we have no better way (in our products, today) so far to deal with
> > these issues because what is needed is an effort like LRNG (does not
> > have to be this specific implementation), because hacks will not cut it
> > in the long term.
> 
> Kernel support for FIPS validated crypto would be very useful, IMHO.
> 
> Currently most folks I know and consult with use CentOS because CentOS
> is free and includes the FIPS canister for OpenSSL. Several folks I
> know and consult with don't have a solution because they use Debian
> derivatives, like Ubuntu. They use Ubuntu because Ubuntu offers the
> image processing packages they need out of the box.
> 
> Moving the validated crypto into the kernel would be useful since all
> distros can provide it without the need for one-off patches.
> 
> What I am less clear about.... NIST is only one standard body, and not
> everyone trusts the US. There are other bodies that should probably be
> represented, like KISA. So the big question becomes, how does the
> kernel offer "approved" crypto for different consumers? (where
> "approved" means blessed by some agency like NIST or KISA).

IMHO that is where the flexibility of the LRNG comes in. I am currently in 
discussion with the German BSI on their requirements and these requirements 
can be covered by a few extra lines since it only affects a different initial 
seeding of the DRNG.

In any case, the LRNG supports other approaches by:

- select one or more entropy sources (or provide one from external) that are 
considered appropriate

- if needed, adjust the initial seeding operation

- if needed, adjust the crypto primitives that are in use.

Ciao
Stephan
> 
> Jeff


Ciao
Stephan



  reply	other threads:[~2021-11-23  5:39 UTC|newest]

Thread overview: 101+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-21 16:39 [PATCH v43 00/15] /dev/random - a new approach Stephan Müller
2021-11-21 16:40 ` [PATCH v43 01/15] Linux Random Number Generator Stephan Müller
2021-11-21 17:23   ` Joe Perches
2021-11-21 22:42   ` Jason A. Donenfeld
2021-11-22  5:34     ` Stephan Mueller
2021-11-22  6:02       ` Greg Kroah-Hartman
2021-11-22  6:42         ` Stephan Mueller
2021-11-22  6:55           ` Greg Kroah-Hartman
2021-11-22 15:09             ` Simo Sorce
2021-11-22 21:06               ` Jeffrey Walton
2021-11-23  5:38                 ` Stephan Mueller [this message]
2021-11-26 15:42               ` Greg Kroah-Hartman
2021-11-22 16:56         ` John Haxby
2021-11-26 15:40           ` Greg Kroah-Hartman
2021-11-22 14:59     ` Simo Sorce
2021-11-26 15:44       ` Greg Kroah-Hartman
2021-11-26 16:15         ` Stephan Mueller
2021-11-26 16:22           ` Greg Kroah-Hartman
2021-11-29 15:31             ` Stephan Mueller
2021-11-29 16:25               ` Greg Kroah-Hartman
2021-11-29 16:50                 ` Stephan Mueller
2021-11-30 12:24                 ` Jeffrey Walton
2021-11-30 14:04                   ` Greg Kroah-Hartman
2021-11-30 14:31                     ` Simo Sorce
2021-11-30 15:45                       ` Greg Kroah-Hartman
2021-11-30 17:05                         ` Willy Tarreau
2021-11-30 17:08                         ` Simo Sorce
2021-11-30 18:15                         ` Eric Biggers
2021-11-30 18:39                           ` Jason A. Donenfeld
2021-11-30 19:41                             ` Simo Sorce
2021-12-01 16:02                               ` Jason A. Donenfeld
2021-12-01 17:19                                 ` Simo Sorce
2021-12-01 17:55                                   ` Boris Krasnovskiy
2021-12-01 18:05                                     ` Greg Kroah-Hartman
2021-12-01 18:24                                   ` Jason A. Donenfeld
2021-12-02  0:24                                     ` Jeffrey Walton
2021-12-02  7:12                                       ` Greg Kroah-Hartman
2021-12-02 15:50                                         ` John Haxby
2021-12-01 18:29                                   ` Jason A. Donenfeld
     [not found]                                 ` <BY5PR14MB3416DF44172D8F47D0B078A986689@BY5PR14MB3416.namprd14.prod.outlook.com>
2021-12-01 18:05                                   ` Greg Kroah-Hartman
2021-12-10  1:43                                 ` Marcelo Henrique Cerri
2021-12-10  6:46                                   ` Greg Kroah-Hartman
2021-12-10  9:30                                     ` Marcelo Henrique Cerri
2021-12-10  9:48                                       ` Greg Kroah-Hartman
2021-12-10 17:02                                         ` Simo Sorce
2021-12-11  7:06                                           ` Willy Tarreau
2021-12-11  8:09                                             ` Stephan Müller
2021-12-11  8:57                                               ` Willy Tarreau
2022-01-10 13:23                                   ` Marcelo Henrique Cerri
2022-01-10 14:11                                     ` Jason A. Donenfeld
2022-01-10 14:29                                       ` Theodore Ts'o
2022-01-10 14:38                                         ` Jason A. Donenfeld
2022-01-10 17:38                                           ` Theodore Ts'o
2022-01-10 18:29                                             ` Eric Biggers
2022-01-10 18:44                                               ` Jason A. Donenfeld
2022-01-10 19:41                                                 ` Simo Sorce
2022-01-10 20:05                                                   ` Eric Biggers
2022-01-10 19:49                                                 ` Theodore Ts'o
2022-01-10 22:19                                                   ` Jason A. Donenfeld
2022-01-11  1:44                                                     ` Andy Lutomirski
2022-01-11  3:10                                                       ` Theodore Ts'o
2022-01-11  4:04                                                         ` Willy Tarreau
2022-01-11  4:13                                                         ` Matthew Garrett
2022-01-11 10:01                                                           ` Alexander E. Patrakov
     [not found]                                                           ` <CAN_LGv0CTDi9k=t=TGHvaHZz5YVT+OUEBaRXjP=Xv=kousHY1w@mail.gmail.com>
2022-01-11 17:10                                                             ` Matthew Garrett
2022-01-11 13:16                                                         ` Jason A. Donenfeld
2022-01-11 16:08                                                           ` Theodore Ts'o
2022-01-11 13:06                                                       ` Jason A. Donenfeld
2022-01-11 15:10                                                         ` Andy Lutomirski
2022-01-10 21:38                                                 ` Jason A. Donenfeld
2022-01-10 15:07                                         ` Marcelo Henrique Cerri
2021-11-30 15:13                     ` Jeffrey Walton
2021-11-30 15:39                       ` Greg Kroah-Hartman
2021-11-30  7:32       ` Sandy Harris
2021-11-30  7:55         ` Greg Kroah-Hartman
2021-11-30  8:56           ` Stephan Mueller
2021-11-30  9:12             ` Greg Kroah-Hartman
2021-12-04  9:53           ` Sandy Harris
2021-11-22 10:33   ` kernel test robot
2021-11-22 11:47     ` Stephan Mueller
2021-11-25  5:25       ` [kbuild-all] " Chen, Rong A
2021-11-30  2:55         ` Sandy Harris
2021-11-30  6:06           ` Stephan Müller
2021-11-21 16:40 ` [PATCH v43 02/15] LRNG - IRQ entropy source Stephan Müller
2021-11-21 16:40 ` [PATCH v43 03/15] LRNG - sysctls and /proc interface Stephan Müller
2021-11-21 16:41 ` [PATCH v43 04/15] LRNG - allocate one DRNG instance per NUMA node Stephan Müller
2021-11-21 16:42 ` [PATCH v43 05/15] LRNG - CPU entropy source Stephan Müller
2021-11-22  7:09   ` kernel test robot
2021-11-22 11:48     ` Stephan Mueller
2021-11-21 16:42 ` [PATCH v43 06/15] LRNG - add switchable DRNG support Stephan Müller
2021-11-21 16:43 ` [PATCH v43 07/15] LRNG - add common generic hash support Stephan Müller
2021-11-21 16:43 ` [PATCH v43 08/15] crypto: DRBG - externalize DRBG functions for LRNG Stephan Müller
2021-11-21 16:44 ` [PATCH v43 09/15] LRNG - add SP800-90A DRBG extension Stephan Müller
2021-11-21 16:45 ` [PATCH v43 10/15] LRNG - add kernel crypto API PRNG extension Stephan Müller
2021-11-21 16:45 ` [PATCH v43 11/15] crypto: move Jitter RNG header include dir Stephan Müller
2021-11-21 16:46 ` [PATCH v43 12/15] LRNG - add Jitter RNG fast noise source Stephan Müller
2021-11-21 16:46 ` [PATCH v43 13/15] LRNG - add SP800-90B compliant health tests Stephan Müller
2021-11-21 16:47 ` [PATCH v43 14/15] LRNG - add interface for gathering of raw entropy Stephan Müller
2021-11-21 16:47 ` [PATCH v43 15/15] LRNG - add power-on and runtime self-tests Stephan Müller
2021-12-11 15:45 ` [PATCH v43 00/15] /dev/random - a new approach Thomas Schoebel-Theuer
2021-12-11 16:04   ` Willy Tarreau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5873227.WSGUhziGkc@tauon.chronox.de \
    --to=smueller@chronox.de \
    --cc=Jason@zx2c4.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=alobakin@mailbox.org \
    --cc=andy.lavr@gmail.com \
    --cc=arnd@arndb.de \
    --cc=dan.carpenter@oracle.com \
    --cc=darwish.07@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=ebiggers@kernel.org \
    --cc=fweimer@redhat.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jack@suse.cz \
    --cc=jhladky@redhat.com \
    --cc=john.haxby@oracle.com \
    --cc=julia.lawall@inria.fr \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=marcelo.cerri@canonical.com \
    --cc=matthias.peter@bsi.bund.de \
    --cc=mccann@jhu.edu \
    --cc=mjg59@srcf.ucam.org \
    --cc=mzxreary@0pointer.de \
    --cc=nhorman@redhat.com \
    --cc=noloader@gmail.com \
    --cc=nstange@suse.de \
    --cc=patrakov@gmail.com \
    --cc=ptesarik@suse.cz \
    --cc=rdunlap@infradead.org \
    --cc=rstrode@redhat.com \
    --cc=simo@redhat.com \
    --cc=tytso@mit.edu \
    --cc=vcaputo@pengaru.com \
    --cc=w@1wt.eu \
    --cc=zachary@baishancloud.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).