Re: Linux messages full of `random: get_random_u32 called from`

From: Theodore Y. Ts'o
Date: Wed May 02 2018 - 18:25:35 EST


On Wed, May 02, 2018 at 10:49:34AM -0700, Laura Abbott wrote:
>
> It is a Fedora patch we're carrying
> https://src.fedoraproject.org/rpms/libgcrypt/blob/master/f/libgcrypt-1.6.2-fips-ctor.patch#_23
> so yes, it is a Fedora specific use case.
> From talking to the libgcrypt team, this is a FIPS mode requirement
> to run power on self test at the library constructor and the self
> test of libgrcypt ends up requiring a fully seeded RNG. Citation
> is in section 9.10 of
> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf

Forgive me if this is a stupid question, but does Fedora need FIPS
compliance? Or is this something which is only required for RHEL?

("Here's to FIPS: the cause of, and solution to, all of Life's
problems." :-)

- Ted