On Fri, Apr 09, 2021 at 12:29:42PM -0600, Jason A. Donenfeld wrote: > On Fri, Apr 9, 2021 at 2:08 AM Hangbin Liu <liuhang...@gmail.com> wrote: > > After offline discussion with Herbert, here is > > what he said: > > > > """ > > This is not a problem in RHEL8 because the Crypto API RNG replaces > > /dev/random > > in FIPS mode. > > """ > > So far as I can see, this isn't the case in the kernel sources I'm > reading? Maybe you're doing some userspace hack with CUSE? But at > least get_random_bytes doesn't behave this way...
> > I'm not familiar with this code, not sure how upstream handle this. Hi Jason, As I said, I'm not familiar with this part of code. If upstream does not handle this correctly, sure this is an issue and need to be fixed. And as Simo said, he is also working on this part. I will talk with him and Herbert and see if we can have a more proper fix. Feel free to drop this patch. Thanks Hangbin
