On Mon, Jan 22, 2024 at 5:19 PM Daniel P. Berrangé
wrote:
>
> If the DRBG is required for FIPS compliance, and QEMU hardcoded
> the system RNG, then QEMU can't be used in a FIPS environment.
>
No, the library overrides this choice.. the DRBG has higher priority.
On Mon, Jan 22, 2024 at 11:48 AM Daniel P. Berrangé
wrote:
> On Fri, Jan 19, 2024 at 05:39:40PM -0300, Cristian Rodríguez wrote:
> > gcrypt by default uses an userspace RNG, which cannot know
> > when it is time to discard/invalidate its buffer
> > (suspend, resume, vm fork
st be done before the first call to gcry_check_version()
Signed-off-by: Cristian Rodríguez
---
crypto/init.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/init.c b/crypto/init.c
index fb7f1bff10..0c3fe6a841 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -60,6 +60,7 @@ int qcrypto_