[RFC,23/41] random: don't award entropy to non-SP800-90B arch RNGs in FIPS mode

From: Nicolai Stange <nstange@suse.de>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: linux-crypto@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>, Arnd
	Bergmann <arnd@arndb.de>, Greg Kroah-Hartman
	<gregkh@linuxfoundation.org>, "Eric W. Biederman"
	<ebiederm@xmission.com>, "Alexander E. Patrakov" <patrakov@gmail.com>,
	"Ahmed S. Darwish" <darwish.07@gmail.com>, 
	Willy Tarreau <w@1wt.eu>, Matthew Garrett <mjg59@srcf.ucam.org>, 
	Vito Caputo <vcaputo@pengaru.com>, Andreas Dilger
	<adilger.kernel@dilger.ca>, Jan Kara <jack@suse.cz>,
	Ray Strode <rstrode@redhat.com>, William Jon McCann <mccann@jhu.edu>,
	zhangjs <zachary@baishancloud.com>, Andy Lutomirski <luto@kernel.org>,
	Florian Weimer <fweimer@redhat.com>, Lennart Poettering
	<mzxreary@0pointer.de>, Peter Matthias <matthias.peter@bsi.bund.de>,
	Marcelo Henrique Cerri <marcelo.cerri@canonical.com>, 
	Roman Drahtmueller <draht@schaltsekun.de>, Neil Horman
	<nhorman@redhat.com>,         Randy Dunlap <rdunlap@infradead.org>,
	Julia Lawall <julia.lawall@inria.fr>, 
	Dan Carpenter <dan.carpenter@oracle.com>,
	Andy Lavr <andy.lavr@gmail.com>, Eric Biggers <ebiggers@kernel.org>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>, =?utf-8?q?Stephan_M=C3=BCller?=
	<smueller@chronox.de>, Torsten Duwe <duwe@suse.de>,
	Petr Tesarik <ptesarik@suse.cz>, Nicolai Stange <nstange@suse.de>
Subject: [RFC PATCH 23/41] random: don't award entropy to non-SP800-90B arch
	RNGs in FIPS mode
Date: Mon, 21 Sep 2020 09:58:39 +0200
Message-Id: <20200921075857.4424-24-nstange@suse.de>
In-Reply-To: <20200921075857.4424-1-nstange@suse.de>
References: <20200921075857.4424-1-nstange@suse.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Message ID	20200921075857.4424-24-nstange@suse.de
State	New
Headers	show Return-Path: <SRS0=YoIG=C6=vger.kernel.org=linux-crypto-owner@kernel.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9301BC43464 for <linux-crypto@archiver.kernel.org>; Mon, 21 Sep 2020 08:00:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6BA8E214F1 for <linux-crypto@archiver.kernel.org>; Mon, 21 Sep 2020 08:00:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726628AbgIUH7u (ORCPT <rfc822;linux-crypto@archiver.kernel.org>); Mon, 21 Sep 2020 03:59:50 -0400 Received: from mx2.suse.de ([195.135.220.15]:56802 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726420AbgIUH71 (ORCPT <rfc822;linux-crypto@vger.kernel.org>); Mon, 21 Sep 2020 03:59:27 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 80FADB51D; Mon, 21 Sep 2020 08:00:02 +0000 (UTC) From: Nicolai Stange <nstange@suse.de> To: "Theodore Y. Ts'o" <tytso@mit.edu> Cc: linux-crypto@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>, Arnd Bergmann <arnd@arndb.de>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "Eric W. Biederman" <ebiederm@xmission.com>, "Alexander E. Patrakov" <patrakov@gmail.com>, "Ahmed S. Darwish" <darwish.07@gmail.com>, Willy Tarreau <w@1wt.eu>, Matthew Garrett <mjg59@srcf.ucam.org>, Vito Caputo <vcaputo@pengaru.com>, Andreas Dilger <adilger.kernel@dilger.ca>, Jan Kara <jack@suse.cz>, Ray Strode <rstrode@redhat.com>, William Jon McCann <mccann@jhu.edu>, zhangjs <zachary@baishancloud.com>, Andy Lutomirski <luto@kernel.org>, Florian Weimer <fweimer@redhat.com>, Lennart Poettering <mzxreary@0pointer.de>, Peter Matthias <matthias.peter@bsi.bund.de>, Marcelo Henrique Cerri <marcelo.cerri@canonical.com>, Roman Drahtmueller <draht@schaltsekun.de>, Neil Horman <nhorman@redhat.com>, Randy Dunlap <rdunlap@infradead.org>, Julia Lawall <julia.lawall@inria.fr>, Dan Carpenter <dan.carpenter@oracle.com>, Andy Lavr <andy.lavr@gmail.com>, Eric Biggers <ebiggers@kernel.org>, "Jason A. Donenfeld" <Jason@zx2c4.com>, =?utf-8?q?Stephan_M=C3=BCller?= <smueller@chronox.de>, Torsten Duwe <duwe@suse.de>, Petr Tesarik <ptesarik@suse.cz>, Nicolai Stange <nstange@suse.de> Subject: [RFC PATCH 23/41] random: don't award entropy to non-SP800-90B arch RNGs in FIPS mode Date: Mon, 21 Sep 2020 09:58:39 +0200 Message-Id: <20200921075857.4424-24-nstange@suse.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200921075857.4424-1-nstange@suse.de> References: <20200921075857.4424-1-nstange@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: <linux-crypto.vger.kernel.org> X-Mailing-List: linux-crypto@vger.kernel.org
Series	[RFC,01/41] random: remove dead code in credit_entropy_bits() \| expand [RFC,01/41] random: remove dead code in credit_entropy_bits() [RFC,02/41] random: remove dead code for nbits < 0 in credit_entropy_bits() [RFC,05/41] random: don't reset entropy to zero on overflow [RFC,08/41] random: introduce __credit_entropy_bits_fast() for hot paths [RFC,09/41] random: protect ->entropy_count with the pool spinlock [RFC,11/41] random: convert add_timer_randomness() to queued_entropy API [RFC,13/41] random: convert try_to_generate_entropy() to queued_entropy API [RFC,15/41] random: convert add_hwgenerator_randomness() to queued_entropy API [RFC,17/41] random: drop credit_entropy_bits() and credit_entropy_bits_safe() [RFC,19/41] random: reintroduce arch_has_random() + arch_has_random_seed() [RFC,21/41] random: don't invoke arch_get_random_long() from add_interrupt_randomness() [RFC,23/41] random: don't award entropy to non-SP800-90B arch RNGs in FIPS mode [RFC,27/41] random: increase per-IRQ event entropy estimate if in FIPS mode [RFC,31/41] random: introduce struct health_test + health_test_reset() placeholders [RFC,33/41] random: make health_test_process() maintain the get_cycles() delta [RFC,35/41] random: improve the APT's statistical power [RFC,37/41] random: implement the "Repetition Count" NIST SP800-90B health test [RFC,39/41] random: make the startup tests include muliple APT invocations [RFC,40/41] random: trigger startup health test on any failure of the health tests [RFC,41/41] random: lower per-IRQ entropy estimate upon health test failure [v36,07/13] LRNG - add SP800-90A DRBG extension

[RFC,23/41] random: don't award entropy to non-SP800-90B arch RNGs in FIPS mode

Commit Message

Patch