Bug 1211406

Summary: rngd assume all entropy to be 8-bit
Product: Red Hat Enterprise Linux 7 Reporter: Yi Hao <leongyihao>
Component: rng-toolsAssignee: Neil Horman <nhorman>
Status: CLOSED ERRATA QA Contact: Vilém Maršík <vmarsik>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.1CC: emcnabb, leongyihao, nhorman
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://sourceforge.net/p/gkernel/bugs/138/
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 03:30:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1254223    
Attachments:
Description Flags
patch to add entropy count option
none
stap probe none

Description Yi Hao 2015-04-13 23:10:02 UTC 
Description of problem:
random_add_entropy() hardcoded entropy count as 8 bit per byte. There is no known hardware entropy generator in the market that has 8 bit per byte of entropy.

Version-Release number of selected component (if applicable):
rng-tools-5-2.el7

How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
It would be better to use safer value such as 7 instead of 8. Alternatively, allow user to specify the entropy as command line parameter
Comment 2 Neil Horman 2015-04-14 13:48:04 UTC 
Created attachment 1014318 [details]
patch to add entropy count option

Untested, please let me know if this works for you.  Thanks.
Comment 3 Yi Hao 2015-04-14 16:17:14 UTC 
Hi,
Thanks for the patch.

if ((sscanf(arg,"%i", &e) == 0) || (e < 0) || (e > 8))
Actually should be (e < 1)
Missing manpage entry.

Other than that looks fine.
Comment 5 Vilém Maršík 2015-08-11 16:39:32 UTC 
I cannot see the new switch documented in the man page (see Comment #3). Did it get lost during the process?
Comment 6 Neil Horman 2015-08-11 18:53:42 UTC 
didn't add it to the documentation, I'll do that in a separate patch
Comment 7 Vilém Maršík 2015-08-18 15:53:38 UTC 
Used a Systemtap probe to see what data are sent. From what I know about the entropy pool, it rather looks correct - kernel entropy count is increased by (number of data added) * (number you specified by '-e' option) :

rngd -f -e 1:
Tue Aug 18 15:13:03 2015 :: rngd
  ioctl("/dev/random", RNDADDENTROPY, {entropy_count = 64, buf_size= 64})
...

rngd -f -e 8:
Tue Aug 18 15:13:12 2015 :: rngd
  ioctl("/dev/random", RNDADDENTROPY, {entropy_count = 512, buf_size= 64})
...
Comment 8 Vilém Maršík 2015-08-18 15:54:54 UTC 
Created attachment 1064370 [details]
stap probe

thanks to Jeffrey Bastian and Will Cohen
Comment 10 errata-xmlrpc 2015-11-19 03:30:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2179.html