[PATCH 6.12.y 0/2] crypto: rng - FIPS 140-3 compliance for random number generation
From: Jay Wang
Date: Sat Jun 28 2025 - 00:29:54 EST
This patch series implements FIPS 140-3 compliance requirements for random
number generation in the Linux kernel 6.12. The changes ensure that when the
kernel is operating in FIPS mode, FIPS-compliant random number
generators are used instead of the default /dev/random implementation.
IMPORTANT: These two patches must be applied together as a series. Applying
only the first patch without the second will cause a deadlock during boot
in FIPS-enabled environments. The second patch fixes a critical timing issue
introduced by the first patch where the crypto RNG attempts to override the
drivers/char/random interface before the default RNG becomes available.
The series consists of two patches:
1. Initial implementation to override drivers/char/random in FIPS mode
2. Refinement to ensure override only occurs after FIPS-mode RNGs are available
These 2 patches are required for FIPS 140-3 certification
and compliance in government and enterprise environments.
Herbert Xu (1):
crypto: rng - Override drivers/char/random in FIPS mode
Jay Wang (1):
Override drivers/char/random only after FIPS-mode RNGs become
available
crypto/rng.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 92 insertions(+)
--
2.47.1