Am Mittwoch, 7. Juni 2017, 12:09:31 CEST schrieb Jason A. Donenfeld: Hi Jason, > On Wed, Jun 7, 2017 at 7:14 AM, Stephan Müller <smueller@xxxxxxxxxx> wrote: > > including those who like FIPS and Co. The crypto/rng code > > I'm 99% certain it was this way because the developer who wrote it > originally didn't know what he was doing. Also, no other code anywhere > in the kernel instantiates that generator like hat. More generally, > though, I refuse to FIPS. The right way to instantiate the crypto API RNG is by crypto_get_default_rng and crypto_put_default_rng. I can understand that you refuse FIPS. It would even be great if *nobody* outside the crypto/testmgr.c needs to care about FIPS at all. That would imply that the get_random_bytes provdes access to a DRBG if somebody desires FIPS. Thus, if the get_random_bytes would provide random numbers from a pluggable DRNG allowing users to use a DRBG if desired (or ChaCha20 or another favorite DRNG), the entire RNG API in the kernel crypto API could be removed entirely in favor of a get_random_bytes call everywhere. Ciao Stephan