From: Hangbin Liu <liuhangbin@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "Eric Biggers" <ebiggers@kernel.org>,
Netdev <netdev@vger.kernel.org>,
"Toke Høiland-Jørgensen" <toke@redhat.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"Ondrej Mosnacek" <omosnace@redhat.com>,
"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode
Date: Mon, 12 Apr 2021 10:11:44 +0800 [thread overview]
Message-ID: <20210412021144.GP2900@Leo-laptop-t470s> (raw)
In-Reply-To: <CAHmME9o53wa-_Rpk41Wd34O81o34ndpuej0xz9tThvqiHVeiSQ@mail.gmail.com>
On Fri, Apr 09, 2021 at 12:29:42PM -0600, Jason A. Donenfeld wrote:
> On Fri, Apr 9, 2021 at 2:08 AM Hangbin Liu <liuhangbin@gmail.com> wrote:
> > After offline discussion with Herbert, here is
> > what he said:
> >
> > """
> > This is not a problem in RHEL8 because the Crypto API RNG replaces /dev/random
> > in FIPS mode.
> > """
>
> So far as I can see, this isn't the case in the kernel sources I'm
> reading? Maybe you're doing some userspace hack with CUSE? But at
> least get_random_bytes doesn't behave this way...
> > I'm not familiar with this code, not sure how upstream handle this.
Hi Jason,
As I said, I'm not familiar with this part of code. If upstream does not
handle this correctly, sure this is an issue and need to be fixed.
And as Simo said, he is also working on this part. I will talk with him
and Herbert and see if we can have a more proper fix.
Feel free to drop this patch.
Thanks
Hangbin
next prev parent reply other threads:[~2021-04-12 2:11 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 11:39 [PATCH net-next] [RESEND] wireguard: disable in FIPS mode Hangbin Liu
2021-04-07 21:12 ` Eric Biggers
2021-04-08 1:06 ` Hangbin Liu
2021-04-08 11:58 ` Hangbin Liu
2021-04-08 15:11 ` Eric Biggers
2021-04-09 2:11 ` Hangbin Liu
2021-04-09 7:08 ` Stephan Mueller
2021-04-09 8:08 ` Hangbin Liu
2021-04-09 16:26 ` Simo Sorce
2021-04-09 18:29 ` Jason A. Donenfeld
2021-04-12 2:11 ` Hangbin Liu [this message]
2021-04-07 21:15 ` Jason A. Donenfeld
2021-04-08 6:52 ` Hangbin Liu
2021-04-08 7:36 ` Ondrej Mosnacek
2021-04-08 13:55 ` Simo Sorce
2021-04-08 21:55 ` Jason A. Donenfeld
2021-04-08 22:16 ` Simo Sorce
2021-04-09 2:41 ` Hangbin Liu
2021-04-09 2:44 ` Jason A. Donenfeld
2021-04-09 2:49 ` Hangbin Liu
2021-04-09 3:03 ` Jason A. Donenfeld
2021-04-09 6:02 ` Ard Biesheuvel
2021-04-09 12:47 ` Simo Sorce
2021-04-09 18:36 ` Jason A. Donenfeld
2021-04-09 18:56 ` Simo Sorce
2021-04-12 12:46 ` Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210412021144.GP2900@Leo-laptop-t470s \
--to=liuhangbin@gmail.com \
--cc=Jason@zx2c4.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).