Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp132723pxu;
        Tue, 6 Oct 2020 21:42:34 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwtrtRP0vdq0AoKv5nJNJdSlN2oIK4nkcJdEnxNVF2P3tXj1wsSDrImwMdge0Y/gRvo+0Q1
X-Received: by 2002:a17:907:2076:: with SMTP id qp22mr1464340ejb.358.1602045753980;
        Tue, 06 Oct 2020 21:42:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1602045753; cv=none;
        d=google.com; s=arc-20160816;
        b=ZNVMGdNuwC/4Us/lU2+/AzhNjdaABg74lMolJ9VyYHpkSR0V9tVG+i+SMbopmZljFP
         mWHsIYXeexdIIgxapfDz5lxF41bwqg9uAzVau/UEBL1YQPCIf7nb52yrYElmAOhJdAWR
         rq4w+kEW10xqGeXNDT3+enOEYG/xqQ2o9vEvO+u8cMh3nS6Tnn84Wj40NfWb+ZgtH2vt
         ToTl2n5UjOP+MLNi/Ge3Kxm47pfbhDDwT4hD/Ei4DuRno7yiaZlRGo29c1Aua/vNedAs
         f8Jlq+/JGDsrv9zRCEgtJke2uf9dIDB7OXDnYTcgKtGrU0GU0OzqY2LaCHQztmuvaHeo
         aQTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=iWTnzFekUn6mQczxN0KhTtpPhPW9DEiZSj5kBM4jBbY=;
        b=oOKjhDmZypa0GixtbUr97/1sQw44A5X26qrTTzs3Cz8ELdlI7BYX1EbzKCoXiEYPy0
         uirM5o7EDe2W2KAtcNO0wRbUI6OeW0L2JVNQj0oFeP4JVzws+jnRLbVH6aZws6iDWfPt
         ScndjlhGPbi0YdWiI7Dd+uaBeWYRhToBz0QipuggLRvkeeheIHcKvZjX9jnNCYTmTuzU
         oXwNq0ak9CVp5IqTE9sIR3c+AF/2U5MG/Gv483DKbqxTztwhBULBiuln1nMMqXrypEp1
         S0fAtB6SxZ8gYJasWgi3dbdxal8SYWD/JiskV2p+cWIGloaUUI1FZ44r2Py0oxZt7NTh
         suqQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=errdOSLL;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id pk8si599166ejb.729.2020.10.06.21.42.10;
        Tue, 06 Oct 2020 21:42:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=errdOSLL;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726152AbgJGEYN (ORCPT <rfc822;christopherhkane@gmail.com>
        + 99 others); Wed, 7 Oct 2020 00:24:13 -0400
Received: from mail.kernel.org ([198.145.29.99]:50214 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725970AbgJGEYM (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 7 Oct 2020 00:24:12 -0400
Received: from sol.localdomain (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 1FAA1208C7;
        Wed,  7 Oct 2020 04:24:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1602044652;
        bh=HNZgGw5t+zku3ew40cODLileKIhXkp3jSljN6AT8TLc=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=errdOSLLvUuLmIJhiUvORHXPdy4e8M12nUcZNwbqksJZ3hgZcLzDnSs0aVX+gGbxw
         +Oo9U1uMWXrUFFXkGuerRU9SciMb7timjw/YOzmep2l/jRWADGaQJG8q0kko6KBVc3
         OCklyThqJpOyLH+hiRL7yjaC19diNIqmaeAL0xa8=
Date:   Tue, 6 Oct 2020 21:24:09 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Torsten Duwe <duwe@lst.de>
Cc:     "Theodore Y. Ts'o" <tytso@mit.edu>, linux-crypto@vger.kernel.org,
        Nicolai Stange <nstange@suse.de>,
        LKML <linux-kernel@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "Alexander E. Patrakov" <patrakov@gmail.com>,
        "Ahmed S. Darwish" <darwish.07@gmail.com>,
        Willy Tarreau <w@1wt.eu>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Vito Caputo <vcaputo@pengaru.com>,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        Jan Kara <jack@suse.cz>, Ray Strode <rstrode@redhat.com>,
        William Jon McCann <mccann@jhu.edu>,
        zhangjs <zachary@baishancloud.com>,
        Andy Lutomirski <luto@kernel.org>,
        Florian Weimer <fweimer@redhat.com>,
        Lennart Poettering <mzxreary@0pointer.de>,
        Peter Matthias <matthias.peter@bsi.bund.de>,
        Marcelo Henrique Cerri <marcelo.cerri@canonical.com>,
        Neil Horman <nhorman@redhat.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Julia Lawall <julia.lawall@inria.fr>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        Andy Lavr <andy.lavr@gmail.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Stephan =?iso-8859-1?Q?M=FCller?= <smueller@chronox.de>,
        Petr Tesarik <ptesarik@suse.cz>
Subject: Re: [DISCUSSION PATCH 00/41] random: possible ways towards NIST
 SP800-90B compliance
Message-ID: <20201007042409.GE912@sol.localdomain>
References: <20200921075857.4424-1-nstange@suse.de>
 <20201002123836.GA14807@lst.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20201002123836.GA14807@lst.de>
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Fri, Oct 02, 2020 at 02:38:36PM +0200, Torsten Duwe wrote:
> Almost two weeks passed and these are the "relevant" replies:
> 
> Jason personally does not like FIPS, and is afraid of
> "subpar crypto". Albeit this patch set strictly isn't about
> crypto at all; the crypto subsystem is in the unlucky position
> to just depend on a good entropy source.
> 
> Greg claims that Linux (kernel) isn't about choice, which is clearly
> wrong.
> 
> And this is all ???
> 
> There are options for stack protection. I can see bounds checking
> and other sanity checks all over the place. And doing a similar thing
> on entropy sources is a problem?
> 
> Admittedly, if entropy sources fail, the kernel will happily remain
> running. No bad immediate effects in userland will arise. Only some
> cryptographic algorithms, otherwise very decent, will run on
> unneccessarily weak keys, probably causing some real-world problems.
> Does anybody care?
> The NIST and the BSI do, but that does not mean their solutions are
> automatically wrong or backdoored.
> 
> There is now a well layed-out scheme to ensure quality randomness,
> and a lot of work here has been put into its implementation.
> 
> Would some maintainer please comment on potential problems or
> shortcomings? Otherwise a "Thanks, applied" would be appropriate, IMO.
> 

Well, very people are experts in the Linux RNG *and* have time to review large
patchsets, especially when three people are all proposing conflicting changes.
And those that might be able to review these patches aren't necessarily
interested in compliance with particular government standards.

Note that having multiple RNG implementations would cause fragmentation, more
maintenance burden, etc.  So IMO, that should be a last resort.  Instead we
should try to find an implementation that works for everyone.  I.e., at least to
me, Nicolai's patchset seems more on the right track than Stephan's patchset...

However, not everyone cares about "compliance".  So any changes for "compliance"
either need to have a real technical argument for making the change, *or* need
to be optional (e.g. controlled by fips_enabled).

AFAICS, this patchset mostly just talks about NIST SP800-90B compliance, and
doesn't make clear whether the changes make the RNG better, worse, or the same
from an actual technical perspective.

If that was properly explained, and if the answer was "better" or at least
"not worse", I expect that people would be more interested.

- Eric