Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp5829954pxu;
        Wed, 23 Dec 2020 06:35:06 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyTugLtEPSC+r+rJOBbF7cCkeb72l4oY5nmyHKnBJWsDAzDsD/O8mUe/DWYuds+gZdauj1h
X-Received: by 2002:a17:906:ca08:: with SMTP id jt8mr23585210ejb.368.1608734105937;
        Wed, 23 Dec 2020 06:35:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1608734105; cv=none;
        d=google.com; s=arc-20160816;
        b=JhlizoLp8b+I+ICPYy7oDugJbpht4TkXUUOeC3bkcGSPSa+CmBHP8Xum0hsN31lQ2i
         WzsKQ72NQ7p0I+46Pcd5ZkHAlcCm71jm93hZWKaNkkCj8TGh8xM9hWLoRlt+jsb5SWdG
         dUHjOicJSaQTYO9Qym0kot6yrwKMJxm55w+SMKr9IqrkJF0ngxj4mdoz3Be8SsvfOJ8n
         p1pzIdwfh1ayCdh0w4VpnZ6vJE3bHkM1mg9nyBAiytfx5o8z481P0AUolkLDwbItgp+S
         vzpIfBlehCpy5i9VuvB6A16Ksb+TQQXx23OUG7D6uEuvZQPLocVnsxjvf32nCbeATHsh
         3CQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=7+4GTcYFLpQusPOHsMqzZr0j599OPS4VHSJ5vqf5Y80=;
        b=CjLtZOkCoD2IhiVKsI1Q77cQhwsLBM6iWSmf6pzmMJVYSyBsBkumEBskuFWTOr+oqL
         cwH/z0bNnXEixxjxbwudg+1/AHV7IT2/2SvY5SZgBLhUDlfDiA7aOhaqqeaVe5735tWe
         dlZ4hlMpli8aLOm1uWz46ityRK7J23qO+RK44b+zIlMwtks1WNnIMEdCC8a15SrzBzvd
         ahPYYTAMkwvNjfQXUJN3onRk69IdXQHl9eCa6l3nU4g3hv7KeYiWyb57Hiu4UjGq53SX
         wwG00980QZcanOxWqTmERNUVSeV4NfGFU7kXaeHYJTDhTjje73mnkt/1potaZu/F//Ij
         GADA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=mail header.b=W4yfNfDK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id jg40si12135594ejc.197.2020.12.23.06.34.43;
        Wed, 23 Dec 2020 06:35:05 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=mail header.b=W4yfNfDK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727618AbgLWOdu (ORCPT <rfc822;lucas.de.marchi@gmail.com>
        + 99 others); Wed, 23 Dec 2020 09:33:50 -0500
Received: from mail.zx2c4.com ([192.95.5.64]:59529 "EHLO mail.zx2c4.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725957AbgLWOdu (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Dec 2020 09:33:50 -0500
Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTP id d384b19b;
        Wed, 23 Dec 2020 14:24:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version
        :references:in-reply-to:from:date:message-id:subject:to:cc
        :content-type; s=mail; bh=Io97KoT2j7fFJotgUUvzrUqa2Fs=; b=W4yfNf
        DK9bpU0jmM48T0SxjV+mlpxoJdqoVrWhV7FvACcDI7ZnpR7nrIEZmiHI7VkyjyEV
        4YKwZPrWXBsR/izUJsioqXlrUfErXy6qr0gLUKzaYSojKrvoil8UWy4qwJkdV4vn
        eP84gLsa0zmG+ZgqnJ5SutjLdLhuV/UraS0K1z/Vzg6KdJfdwpDv//JjRYtNCmkC
        CETvOc7D77HhSoujAJbDdKJOp5hVLxB/F0tgbmlEitEekkMSN8ZaH4Z9SBqkYE/K
        unFKyQB+Cvj+ldTlY/V+ic/kDJRNvQ5mlr4MLoaeeh1+zfGXO0xZRio4SPmDjzks
        wLbNkZXJaRW0n9Bw==
Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 7db949a5 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
        Wed, 23 Dec 2020 14:24:35 +0000 (UTC)
Received: by mail-yb1-f174.google.com with SMTP id a16so14747620ybh.5;
        Wed, 23 Dec 2020 06:33:07 -0800 (PST)
X-Gm-Message-State: AOAM532iUhGsJx2fpR7HHDz7Ku8oJQ+rzudBOoDt2fggfhA8GBwebKFk
        g+jPWsevxS4EAL1Ai2usJUcuRrwW5d0+HCJj4p0=
X-Received: by 2002:a5b:78d:: with SMTP id b13mr36070834ybq.123.1608733985640;
 Wed, 23 Dec 2020 06:33:05 -0800 (PST)
MIME-Version: 1.0
References: <20201130151231.GA24862@lst.de> <CAHmME9p4vFGWh7+CKF4f3dw5r+ru5PVG0-vP77JowX8sPhin1g@mail.gmail.com>
 <20201130165339.GE5364@mit.edu> <CAHmME9pksS8ec17RAwCNJimt4B0xZgd3qYHUPnaT4Bj4CF7n0A@mail.gmail.com>
 <20201218132519.kj3nz7swsx7vvlr5@valinor.lan> <20201223132851.55d19271@blackhole.lan>
 <20201223151014.57caf98b@ezekiel.suse.cz>
In-Reply-To: <20201223151014.57caf98b@ezekiel.suse.cz>
From:   "Jason A. Donenfeld" <Jason@zx2c4.com>
Date:   Wed, 23 Dec 2020 15:32:55 +0100
X-Gmail-Original-Message-ID: <CAHmME9ooV1HRGO4bLsNKqv1EjDsUYsM6TcMbmEL=4CejTB+1ZQ@mail.gmail.com>
Message-ID: <CAHmME9ooV1HRGO4bLsNKqv1EjDsUYsM6TcMbmEL=4CejTB+1ZQ@mail.gmail.com>
Subject: Re: drivers/char/random.c needs a (new) maintainer
To:     Petr Tesarik <ptesarik@suse.cz>
Cc:     Torsten Duwe <duwe@lst.de>,
        Marcelo Henrique Cerri <marcelo.cerri@canonical.com>,
        "Theodore Y. Ts'o" <tytso@mit.edu>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        =?UTF-8?Q?Stephan_M=C3=BCller?= <smueller@chronox.de>,
        Willy Tarreau <w@1wt.eu>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        Nicolai Stange <nstange@suse.de>,
        LKML <linux-kernel@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "Alexander E. Patrakov" <patrakov@gmail.com>,
        "Ahmed S. Darwish" <darwish.07@gmail.com>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Vito Caputo <vcaputo@pengaru.com>,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        Jan Kara <jack@suse.cz>, Ray Strode <rstrode@redhat.com>,
        William Jon McCann <mccann@jhu.edu>,
        zhangjs <zachary@baishancloud.com>,
        Andy Lutomirski <luto@kernel.org>,
        Florian Weimer <fweimer@redhat.com>,
        Lennart Poettering <mzxreary@0pointer.de>,
        Peter Matthias <matthias.peter@bsi.bund.de>,
        Neil Horman <nhorman@redhat.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Julia Lawall <julia.lawall@inria.fr>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        And y Lavr <andy.lavr@gmail.com>,
        Eric Biggers <ebiggers@kernel.org>,
        Ard Biesheuvel <ardb@kernel.org>, simo@redhat.com
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Dec 23, 2020 at 3:17 PM Petr Tesarik <ptesarik@suse.cz> wrote:
> Upfront, let me admit that SUSE has a vested interest in a FIPS-certifiable Linux kernel.

Sorry, but just because you have a "vested interest", or a financial
interest, or because you want it does not suddenly make it a good
idea. The idea is to have good crypto, not to merely check some boxes
for the bean counters.

For example, it's very unlikely that future kernel RNGs will move to
using AES, due to the performance overhead involved on non-table-based
implementations, and the lack of availability of FPU/AES-NI in all the
contexts we need. NT's fortuna machine can use AES, because NT allows
the FPU in all contexts. We don't have that luxury (or associated
performance penalty).

I would, however, be interested in a keccak-based construction. But
just using the keccak permutation does not automatically make it
"SHA-3", so we're back at the same issue again. FIPS is simply not
interesting for our requirements.

Jason