Re: Linux messages full of `random: get_random_u32 called from`

From: Theodore Y. Ts'o
Date: Wed May 02 2018 - 18:25:35 EST

Next message: Miklos Szeredi: "[PATCH] dcache: fix quadratic behavior with parallel shrinkers"
Previous message: Kees Cook: "[PATCH] scsi: dpt_i2o: Remove VLA usage"
In reply to: Laura Abbott: "Re: Linux messages full of `random: get_random_u32 called from`"
Next in thread: Pavel Machek: "Re: Linux messages full of `random: get_random_u32 called from`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 02, 2018 at 10:49:34AM -0700, Laura Abbott wrote:
>
> It is a Fedora patch we're carrying
> https://src.fedoraproject.org/rpms/libgcrypt/blob/master/f/libgcrypt-1.6.2-fips-ctor.patch#_23
> so yes, it is a Fedora specific use case.
> From talking to the libgcrypt team, this is a FIPS mode requirement
> to run power on self test at the library constructor and the self
> test of libgrcypt ends up requiring a fully seeded RNG. Citation
> is in section 9.10 of
> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf

Forgive me if this is a stupid question, but does Fedora need FIPS
compliance? Or is this something which is only required for RHEL?

("Here's to FIPS: the cause of, and solution to, all of Life's
problems." :-)

- Ted

Next message: Miklos Szeredi: "[PATCH] dcache: fix quadratic behavior with parallel shrinkers"
Previous message: Kees Cook: "[PATCH] scsi: dpt_i2o: Remove VLA usage"
In reply to: Laura Abbott: "Re: Linux messages full of `random: get_random_u32 called from`"
Next in thread: Pavel Machek: "Re: Linux messages full of `random: get_random_u32 called from`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]