Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp1415005pxb; Sun, 11 Apr 2021 19:13:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJywouTUwkSkqLL6uWMfU0cwAXfyQofCOO/0tOp8umz9737XfVgeyARRM0oR2/y/cQVoZgK0 X-Received: by 2002:aa7:d397:: with SMTP id x23mr27915782edq.256.1618193612819; Sun, 11 Apr 2021 19:13:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618193612; cv=none; d=google.com; s=arc-20160816; b=yW5xqwEL4yJjK+KvpO8pRMeeo9/CS1m7F5ZUjQYa3Tmi4tHclfaCVLOk0qCoS8CpHp TMV1DUmam2woMDshqBeJ7IiVlsVVJu+Ygk1D8XbNogTZrGm+4L1tY9ZLXckDJPlj16BU vzw/BYQs3wJS9adB4vixrjnlqQtSONSE9bBwGV6hBW1jY54IToy/f7c1K/l4pVrLyvrw vTb9by2FIIMSkthscdxQmbWqgtNfMWUQhHlX8aZfTz9mXNz07cIcFgRJeAko7lKXwiPl ismoRdaE7A8F+NSpuV9BKwCYCRdfP548Q9VzWOmTfSdUdhPZ3cuGlBzgkYdlF8yp0Y0s Psow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=HrLSrYH4xBjuha0oEZJ32zfpXue79TxDMF6euyStLuo=; b=LJHLMna1Hmle5bX1DTV97dwCmjdJ0SExJO/lNTbTXu3iNh8Y+t3zylDsZqZVoMrD0P 7/HHrSfEeaV/BHLN2xfq/ppT8svAGO6ayA1lZNQELGV9tgR6sFbxHcWf/bXS8q3Bpqg7 Ahta3C6P1eDSRtaqj99zv4iO69YKbHWFLmXcSBaDD3eIA9GSf2w+JL2YAE3DoRdmH7EP OUHp9OlsMz0Wg9BWBFCJs+LDrQweBy/diRR6LAGEwSDbuoF+C3ekCiaZpy8Z33UDswJ8 cGlWxer0JaIW9lCjsCjFgFwmND0mjNjjiZjE91dVpUisXQZvmYNBpvTZm1vk74LjEcpJ ieLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jif8JxTU; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b15si7054735edz.247.2021.04.11.19.12.58; Sun, 11 Apr 2021 19:13:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jif8JxTU; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236520AbhDLCMO (ORCPT + 99 others); Sun, 11 Apr 2021 22:12:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235543AbhDLCMN (ORCPT ); Sun, 11 Apr 2021 22:12:13 -0400 Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D590C061574; Sun, 11 Apr 2021 19:11:56 -0700 (PDT) Received: by mail-pj1-x1029.google.com with SMTP id i4so5826561pjk.1; Sun, 11 Apr 2021 19:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=HrLSrYH4xBjuha0oEZJ32zfpXue79TxDMF6euyStLuo=; b=jif8JxTUPmxJ6EoYqfuzKJXvriggHyorchGhg9qzXlchT3SX69DWKQzBbxivySEbc9 egnVQfK8PWwZh7NZ62Lau9/ktdg43P3V3UVZt3hgRga3+W0P/PVWtT9sfHiBBrLtI+XK rc+v/4PuT9IkIslA1UpYCLNyN+210prsOalhGnlX/IA0i7Vjoy8789Lx1ugmk02cDU0c Zqkt3qFAtasaKV612SO9bLgeb6hoXPP4KZBBIotC1Vhs6k5QlrUptGJke0aGroKq2sYz uNo+mGOr4cTPzQDBEz/lzAPTLjW1htMQfv5h0ZoEnUcl7MNo+KQ+TiLTbdZIuf1qD9+0 S5TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=HrLSrYH4xBjuha0oEZJ32zfpXue79TxDMF6euyStLuo=; b=CpGZFJLx1gIOvAKK2fWXV5xbFbhyzeDmeodir4KNl+DJ94mD6yxFXO0tq/3qLCdqP4 RcZvwCE8ND4TnahnJ6NTWHEDpj/x3wCCQCMMfB3mo0oS1wXY2ToJuIWDqNzR0fdb4RoH 3pTnw1yLYFrUSD0w1bp11RXmUAGCMJChEybGFpM+TQaMMKSi0cheGfHogdPyWcHTnn16 l7cYfw7QudAluoSuMkI6WRWpcRBXvB1E5XdRnTV4dbIIMQOUWsWdxEvy5ts2DjB9z0mS UjQ15m4Dn0Dz9E/EzBlNKpGTHodCYN2Xr/2ITxDZvjNsVYvZ/RvVmjxpnODNQsWYnFNZ 818A== X-Gm-Message-State: AOAM532t5w49sf6oq9RIqxXbYdz9ddZ/bNZtuN6fPadqKC5hTMq6cvBV Wlrx9D+cB2ef8DpQMniABfMI4jhKO76KFw== X-Received: by 2002:a17:90b:16cd:: with SMTP id iy13mr27283178pjb.46.1618193516172; Sun, 11 Apr 2021 19:11:56 -0700 (PDT) Received: from Leo-laptop-t470s ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id o18sm8996909pji.10.2021.04.11.19.11.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 11 Apr 2021 19:11:55 -0700 (PDT) Date: Mon, 12 Apr 2021 10:11:44 +0800 From: Hangbin Liu To: "Jason A. Donenfeld" Cc: Eric Biggers , Netdev , Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= , Jakub Kicinski , Herbert Xu , Ondrej Mosnacek , Linux Crypto Mailing List Subject: Re: [PATCH net-next] [RESEND] wireguard: disable in FIPS mode Message-ID: <20210412021144.GP2900@Leo-laptop-t470s> References: <20210407113920.3735505-1-liuhangbin@gmail.com> <20210408010640.GH2900@Leo-laptop-t470s> <20210408115808.GJ2900@Leo-laptop-t470s> <20210409021121.GK2900@Leo-laptop-t470s> <7c2b6eff291b2d326e96c3a5f9cd70aa4ef92df3.camel@chronox.de> <20210409080804.GO2900@Leo-laptop-t470s> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Apr 09, 2021 at 12:29:42PM -0600, Jason A. Donenfeld wrote: > On Fri, Apr 9, 2021 at 2:08 AM Hangbin Liu wrote: > > After offline discussion with Herbert, here is > > what he said: > > > > """ > > This is not a problem in RHEL8 because the Crypto API RNG replaces /dev/random > > in FIPS mode. > > """ > > So far as I can see, this isn't the case in the kernel sources I'm > reading? Maybe you're doing some userspace hack with CUSE? But at > least get_random_bytes doesn't behave this way... > > I'm not familiar with this code, not sure how upstream handle this. Hi Jason, As I said, I'm not familiar with this part of code. If upstream does not handle this correctly, sure this is an issue and need to be fixed. And as Simo said, he is also working on this part. I will talk with him and Herbert and see if we can have a more proper fix. Feel free to drop this patch. Thanks Hangbin