Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL] Crypto Update for 6.17]

Next message: Alexander Lobakin: "[PATCH iwl-next] ice: implement configurable header split for regular Rx"
Previous message: Pasha Tatashin: "Re: [PATCH v4 03/30] kho: drop notifiers"
In reply to: Eric Biggers: "Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL] Crypto Update for 6.17]"
Next in thread: Vegard Nossum: "Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL] Crypto Update for 6.17]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Linus Torvalds

Date: Mon Oct 06 2025 - 12:19:39 EST

On Mon, 6 Oct 2025 at 04:53, Vegard Nossum <vegard.nossum@xxxxxxxxxx> wrote:
>
> I'm pretty sure the use of SHA-1/HMAC inside IPv6 segment routing counts
> as a "security function" (as it is used for message authentication) and
> thus should be subject to FIPS requirements when booting with fips=1.

I think the other way of writing that is "fips=1 is and will remain
irrelevant in the real world as long as it's that black-and-white".

Linus