Bug 1952844
| Summary: | Crash in openssl when /dev/urandom is inaccessible and getrandom fails with EAGAIN | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Alicja Kario <hkario> |
| Component: | openssl | Assignee: | Dmitry Belyavskiy <dbelyavs> |
| Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9.0 | CC: | dbelyavs, omoris, sahana |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openssl-3.0.0-2.el9 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-17 15:36:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Alicja Kario
2021-04-23 11:08:22 UTC
OpenSSL stack trace:
#0 0x00007f6d1c1aa9e5 in raise () from /lib64/libc.so.6
#1 0x00007f6d1c1938a4 in abort () from /lib64/libc.so.6
#2 0x00007f6d1c1ed007 in __libc_message () from /lib64/libc.so.6
#3 0x00007f6d1c1f4cdc in malloc_printerr () from /lib64/libc.so.6
#4 0x00007f6d1c1f67ac in _int_free () from /lib64/libc.so.6
#5 0x00007f6d1c698820 in cleanup_entropy (outlen=0, out=0xa30490 "\020\017\243", drbg=0x9d32f0) at providers/implementations/rands/drbg.c:259
#6 cleanup_entropy (outlen=0, out=0xa30490 "\020\017\243", drbg=0x9d32f0) at providers/implementations/rands/drbg.c:248
#7 ossl_prov_drbg_instantiate (drbg=0x9d32f0, strength=<optimized out>, prediction_resistance=<optimized out>, pers=<optimized out>, perslen=<optimized out>) at providers/implementations/rands/drbg.c:473
#8 0x00007f6d1c5640a4 in evp_rand_instantiate_locked (params=0x7ffd52b3bcb0, pstr_len=<optimized out>, pstr=0x0, prediction_resistance=0, strength=0, ctx=0x9b9da0) at crypto/evp/evp_rand.c:505
#9 EVP_RAND_instantiate (ctx=ctx@entry=0x9b9da0, strength=strength@entry=0, prediction_resistance=prediction_resistance@entry=0, pstr=pstr@entry=0x0, pstr_len=pstr_len@entry=0, params=params@entry=0x7ffd52b3bcb0)
at crypto/evp/evp_rand.c:518
#10 0x00007f6d1c5c5d60 in rand_new_drbg (libctx=libctx@entry=0x0, parent=<optimized out>, reseed_interval=<optimized out>, reseed_interval@entry=256, reseed_time_interval=<optimized out>, reseed_time_interval@entry=3600,
use_df=<optimized out>, use_df@entry=1) at crypto/rand/rand_lib.c:599
#11 0x00007f6d1c5c685e in RAND_get0_primary (ctx=ctx@entry=0x0) at crypto/rand/rand_lib.c:646
#12 0x00007f6d1c5c6bd8 in RAND_get0_public (ctx=ctx@entry=0x0) at crypto/rand/rand_lib.c:677
#13 0x00007f6d1c5c6c80 in RAND_bytes_ex (ctx=0x0, buf=0x7ffd52b3bee0 "P\003", num=1024, strength=0) at crypto/rand/rand_lib.c:362
#14 0x000000000044d634 in rand_main (argc=<optimized out>, argv=<optimized out>) at apps/rand.c:123
#15 0x0000000000445078 in do_cmd (prog=prog@entry=0x9b0850, argc=argc@entry=4, argv=argv@entry=0x7ffd52b3d0d0) at apps/openssl.c:414
#16 0x0000000000422507 in main (argc=4, argv=0x7ffd52b3d0d0) at apps/openssl.c:295
Reproduced against upstream and without LD_PRELOAD Presumably fixed by https://github.com/openssl/openssl/pull/16636 Presumably fixed by https://github.com/openssl/openssl/pull/16636 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: openssl), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:3900 |