User-Agent: Cyrus-JMAP/3.5.0-alpha0-4569-g891f756243-fm-20220111.001-g891f7562
Mime-Version: 1.0
Message-Id: <fcd3a0f9-0228-4b4a-b425-a7438acef3b9@www.fastmail.com>
In-Reply-To: <CAHmME9qw8hbbE2y56t7zygedofDDDLoPUxYWGZB_Kae0ipFARA@mail.gmail.com>
References: <f4a4c9a6a06b6ab00dde24721715abaeca184a0d.camel@redhat.com>
 <CAHmME9qP9eYfPH+8eRvpx_tW8iAtDc-byVMvh4tFL_cABdsiOA@mail.gmail.com>
 <20211210014337.xmin2lu5rhhe3b3t@valinor>
 <20220110132349.siplwka7yhe2tmwc@valinor>
 <CAHmME9oSK5sVVhMewm-oVvn=twP4yyYnLY0OVebYZ0sy1mQAyA@mail.gmail.com>
 <YdxCsI3atPILABYe@mit.edu>
 <CAHmME9oRdoc3c36gXAcmOwumwvUi_6oqCsLmFxRP_NDMz_MK1Q@mail.gmail.com>
 <Ydxu+KS5UkQ6hU9R@mit.edu> <Ydx7D3H0PS0Zs9/B@sol.localdomain>
 <CAHmME9pe-DxTcFcMtsNnLPcccoY+0gEysivZQszAusH1M8ThmA@mail.gmail.com>
 <YdyNxJzdBmSSEtDC@mit.edu>
 <CAHmME9rmWBA02SyeFiiGZ8=kydYJSJwcYPscBrTBzoXMEPH9sQ@mail.gmail.com>
 <e6fac6ab-07eb-4d8c-9206-bacf6660a7cf@www.fastmail.com>
 <CAHmME9qw8hbbE2y56t7zygedofDDDLoPUxYWGZB_Kae0ipFARA@mail.gmail.com>
Date:   Tue, 11 Jan 2022 07:10:18 -0800
From:   "Andy Lutomirski" <luto@kernel.org>
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc:     "Theodore Ts'o" <tytso@mit.edu>,
        "Marcelo Henrique Cerri" <marcelo.cerri@canonical.com>,
        "Simo Sorce" <simo@redhat.com>,
        "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
        "Jeffrey Walton" <noloader@gmail.com>,
        "Stephan Mueller" <smueller@chronox.de>,
        "Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
        "Willy Tarreau" <w@1wt.eu>, "Nicolai Stange" <nstange@suse.de>,
        "Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
        "Arnd Bergmann" <arnd@arndb.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "Alexander E. Patrakov" <patrakov@gmail.com>,
        "Ahmed S. Darwish" <darwish.07@gmail.com>,
        "Matthew Garrett" <mjg59@srcf.ucam.org>,
        "Vito Caputo" <vcaputo@pengaru.com>,
        "Andreas Dilger" <adilger.kernel@dilger.ca>,
        "Jan Kara" <jack@suse.cz>, "Ray Strode" <rstrode@redhat.com>,
        "William Jon McCann" <mccann@jhu.edu>,
        zhangjs <zachary@baishancloud.com>,
        "Florian Weimer" <fweimer@redhat.com>,
        "Lennart Poettering" <mzxreary@0pointer.de>,
        "Peter Matthias" <matthias.peter@bsi.bund.de>,
        "Neil Horman" <nhorman@redhat.com>,
        "Randy Dunlap" <rdunlap@infradead.org>,
        "Julia Lawall" <julia.lawall@inria.fr>,
        "Dan Carpenter" <dan.carpenter@oracle.com>,
        "Andy Lavr" <andy.lavr@gmail.com>,
        "Petr Tesarik" <ptesarik@suse.cz>,
        "John Haxby" <john.haxby@oracle.com>,
        "Alexander Lobakin" <alobakin@mailbox.org>,
        "Jirka Hladky" <jhladky@redhat.com>,
        "Eric Biggers" <ebiggers@kernel.org>
Subject: Re: [PATCH v43 01/15] Linux Random Number Generator
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Precedence: bulk


On Tue, Jan 11, 2022, at 5:06 AM, Jason A. Donenfeld wrote:
> Hi Andy,
>
> On Tue, Jan 11, 2022 at 2:44 AM Andy Lutomirski <luto@kernel.org> wrot=
e:
>> So let=E2=80=99s solve it for real.  Have a driver (in a module) that
>
> Um, let's not. This really isn't something the kernel needs to solve
> here at all. There's a viable userspace solution. I see that the
> discussion of something finally slightly technical (as opposed to just
> compliance BS) has nerd sniped you a bit, but keep in mind what the
> actual overall picture is. This isn't something that needs to be done.
> My little CUSE thing (which I'm happy to develop out a bit more, even)
> has the intent of fulfilling a compliance checkbox and nothing more.
>


Can you develop your CUSE thing enough that it=E2=80=99s credibly safe a=
gainst side channels?  If so, fine.

I admit this is all rather absurd. FIPS aware userspace can do whatever =
it wants, and
It should be aware that /dev/urandom IS NOT FIPS.  What=E2=80=99s the pr=
oblem?  rand(3) isn=E2=80=99t FIPS either, but no one puts person-years =
of effort into trying to paint it FIPS-colored