Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp830229rwl; Fri, 24 Mar 2023 02:33:45 -0700 (PDT) X-Google-Smtp-Source: AKy350Yuja2kZ1CH8nK0eHdISvKYN+CVRUdP6nBV1bnwTCuw2yzqG6Agd9yowMDFme5dyIOZjwsK X-Received: by 2002:a05:6402:268e:b0:502:ffd:74a0 with SMTP id w14-20020a056402268e00b005020ffd74a0mr2674543edd.2.1679650424942; Fri, 24 Mar 2023 02:33:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679650424; cv=none; d=google.com; s=arc-20160816; b=kyz0RUYWWYLhO5zWEQOLfDo8zOm9ohZVnJuj6nvRQ+SnEZ3nPbAkW9uaw2zdW0jUw2 RvGUnLwriP1FIvKi/V43iKj5LtKieW14jQrrh0BDwYtIV/SWq/CUGE+sk6QadiJ+LwLA eMORbHa5xqlMpR+J8bAuvNbI/WGMfidWwyz3N2YSX5nWJCstNPMTwFXix748xwW1+63f kRJGaO5w5sZjlClhfcUPX0U226TV2nuKu/8D59KFCeSSfCPhh7pkqbzOHQ1bkmDtB7J7 HcAE7H9tGPt6UeCIft3qwWAlipBh2B1NJpkPxbJPbBo3qU40YXDGluiZYFGbRHJwOSO6 J6Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=gXdzL3h/PmVNPvM66PP4ZDEjAYU0Tcibe+i2hjUVfW8=; b=PDUqLHcy+3Xyt8xp9r0ufW0eV8zDMlh9yTSwkJRz7Q5ATebDfLcDcgZOFpsMguFLRD ujr+FOvj5/AVjK26/Q+Yl3d/exoZ7Jecfe6ciajod5AVvL/TFAhJFnAqusXGEqGzJKoK UAd4BycWCPhzZosez1HhMVnvWvL4jbJjDLK0pHLpv6h8EUjdQCiYHqLMaRKb+7OFbPyb tGGwB+dbDUQM1tGXBuob0WOC0x1c6OSYY7A+7nZOYwk9vVG87MET5qHk0tnhBiPkw3x9 HS16KFD2SIvdJCuZX3N8e7kIq8xk1kwTfhNjhegGNEZ14hFmoV3798e/4MgL44UbUBJn 08Tg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bf26-20020a0564021a5a00b004ab250bcee5si14158613edb.647.2023.03.24.02.33.14; Fri, 24 Mar 2023 02:33:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230350AbjCXJ1r (ORCPT + 99 others); Fri, 24 Mar 2023 05:27:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229938AbjCXJ1q (ORCPT ); Fri, 24 Mar 2023 05:27:46 -0400 Received: from 167-179-156-38.a7b39c.syd.nbn.aussiebb.net (167-179-156-38.a7b39c.syd.nbn.aussiebb.net [167.179.156.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66747E3AB for ; Fri, 24 Mar 2023 02:27:44 -0700 (PDT) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1pfdhx-008EFc-VC; Fri, 24 Mar 2023 17:27:39 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 24 Mar 2023 17:27:37 +0800 Date: Fri, 24 Mar 2023 17:27:37 +0800 From: Herbert Xu To: Stephan =?iso-8859-1?Q?M=FCller?= Cc: linux-crypto@vger.kernel.org Subject: Re: [PATCH] crypto: Jitter RNG - Permanent and Intermittent health errors Message-ID: References: <12194787.O9o76ZdvQC@positron.chronox.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <12194787.O9o76ZdvQC@positron.chronox.de> X-Spam-Status: No, score=4.3 required=5.0 tests=HELO_DYNAMIC_IPADDR2, PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Mar 23, 2023 at 08:17:14AM +0100, Stephan M?ller wrote: > > @@ -138,29 +139,35 @@ static int jent_kcapi_random(struct crypto_rng *tfm, > > spin_lock(&rng->jent_lock); > > - /* Return a permanent error in case we had too many resets in a row. */ > - if (rng->reset_cnt > (1<<10)) { > + /* Enforce a disabled entropy source. */ > + if (rng->disabled) { > ret = -EFAULT; > goto out; > } Can we please get rid of this completely when we're not in FIPS mode? Remember that jent is now used by all kernel users through drbg. Having it fail permanently in this fashion is unacceptable. If we're not in FIPS mode it should simply carry on or at least seek another source of entropy, perhaps from the kernel RNG. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt