This patch series implements FIPS 140-3 compliance requirements for random
number generation in the Linux kernel 6.12 stable. The changes ensure that
when the kernel is operating in FIPS mode, FIPS-compliant random number
generators from the Crypto API are used to override the default
/dev/random implementation.

The series consists of two patches:

1. "random: Add hook to override device reads and getrandom(2)" - This patch
   introduces the infrastructure to allow external RNGs to override the
   default random number generation. Originally authored by Herbert Xu, this has
   been adapted for kernel 6.12.

2. "crypto: rng - Override drivers/char/random only after FIPS RNGs available" -
   This patch implements the actual FIPS mode override using a workqueue-based
   approach to ensure proper initialization timing. It addresses timing issues
   in a previous commit "crypto: rng - Override drivers/char/random only after
   FIPS RNGs available" where the crypto RNG would attempt to override before
   dependencies were ready, preventing potential boot failures.

These patches are required for FIPS 140-3 certification and compliance in
government and enterprise environments where cryptographic standards must
be strictly enforced.

Herbert Xu (1):
  random: Add hook to override device reads and getrandom(2)

Jay Wang (1):
  crypto: rng - Override drivers/char/random only after FIPS RNGs
    available

 crypto/rng.c           |  92 +++++++++++++++++++++++++++++++++
 drivers/char/random.c  | 114 +++++++++++++++++++++++++++++++++++++++++
 include/linux/random.h |   7 +++
 3 files changed, 213 insertions(+)

--
2.47.1