On Mon, Sep 18, 2017 at 01:24:18PM +0200, Jason A. Donenfeld wrote: > Good luck with getting approval... While Ted and I have our > differences like any two kernel developers, I really tend agree with > him in his attitude about this FIPS silliness. It's unlikely you're > going to be able to shovel this stuff into random.c, and I think doing > so will undermine your entire LRNG effort. Let me add one more reason why FIPS compliance for the kernel is just ***stupid***. The way FIPS compliance works, you have to pay hundreds of thousands of dollars to a FIPS certification lab to certify a specific binary, complete with the exact build environment (compiler, binutils, etc.) used to build that kernel binary. The moment you need to make a change --- say, to fix a critical zero-day security bug --- this breaks the FIPS certification, and you then have to go back to the FIPS certification lab, and pay another hundreds of thousands of dollars for another certification. This will take weeks/months, and while you are waiting for the results to come back from the FIPS certification lab, the hackers will be busy extracting another 143 million credit histories, or another 4.1 million SF-86 Security Clearance Forms from the systems involved. :-) You might say that FIPS certification != FIPS compliance. Sure, but the only silly people who care about FIPS compliance also need FIPS certification, for the US Goverment signoff. Realistically, people who need FIPS certification will need to use FIPS certified crypto in hardware. In which case the FIPS certified RNG, as well as the FIPS certified crypto, will all be in a single certified lump of hardware, which doesn't have to change when we need to fix various kernel bugs. Cheers, - Ted