Bug 2124596
| Summary: | [RHEL-9.2] update jitterentropy to 3.4.1@4544e113 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Vladis Dronov <vdronov> |
| Component: | jitterentropy | Assignee: | Vladis Dronov <vdronov> |
| Status: | CLOSED ERRATA | QA Contact: | Vilém Maršík <vmarsik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9.2 | CC: | vmarsik |
| Target Milestone: | rc | Keywords: | Rebase, Triaged |
| Target Release: | 9.2 | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | jitterentropy-3.4.1-1.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-09 08:15:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Vladis Dronov
2022-09-06 15:05:12 UTC
[CI] [GATING] [DONE] jitterentropy-3.4.1-1.el9 passed gating because all required tests passed jitterlib 9.2 koji: https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=1491585 rng-tools 9.2 koji: https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=1491578 jitterlib 9.2 brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=48143076 rng-tools 9.2 brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=48143066 jitterlib 9.2 osci: https://dashboard.osci.redhat.com/#/artifact/brew-build/aid/48143076 rng-tools 9.2 osci: https://dashboard.osci.redhat.com/#/artifact/brew-build/aid/48143066 for a testing plan please see bz2124605#c2. both jitterentropy (lib) and rng-tools (app) are tested together. alternatively, please see and action plan from bz2075978#c9: # rpm -q jitterentropy # rngd -l # time rngd -x tpm -x nist -x hwrng -x rdrand -n jitter -f -o /dev/stdout > /tmp/entropy # ls -lh /tmp/entropy # cat /tmp/entropy | rngtest Thanks for the test plan. What is your question? No question. As we've agreed on a latest meeting we track bugzilla progress in a bugzilla itself. So I set needinfo to you when my part is done and I handover a bugzilla to you for testing or verification or when any further actions are needed from your side. Looks okay on RHEL-9.2.0-20221006.d.0 with kernel 5.14.0-170.kpq1.el9.x86_64+debug : # rpm -e rng-tools jitterentropy Removed "/etc/systemd/system/multi-user.target.wants/rngd.service". # userdel -r rngd userdel: user 'rngd' does not exist # rm -f /etc/sysconfig/rngd* # rpm -i http://download.eng.bos.redhat.com/brewroot/vol/rhel-9/packages/rng-tools/6.15/2.el9/x86_64/rng-tools-6.15-2.el9.x86_64.rpm http://download.eng.bos.redhat.com/brewroot/vol/rhel-9/packages/jitterentropy/3.4.1/1.el9/x86_64/jitterentropy-3.4.1-1.el9.x86_64.rpm Created symlink /etc/systemd/system/multi-user.target.wants/rngd.service → /usr/lib/systemd/system/rngd.service. # grep udevadm /usr/lib/systemd/system/rngd.service # grep -- '-x qrypt' /etc/sysconfig/rngd RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon" # pwck # systemctl start rngd # systemctl status rngd (...) Active: active (running) since Thu 2022-10-06 15:55:59 EDT; 4s ago (...) └─10752 /usr/sbin/rngd -f --fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon (...) Oct 06 15:56:00 intel-eaglestream-spr-07.khw1.lab.eng.bos.redhat.com rngd[10752]: Process privileges have been dropped to 2:2 # ./rngtestjitter.sh ; echo $? Disabling 0: Hardware RNG Device (hwrng) Disabling 2: Intel RDRAND Instruction RNG (rdrand) Disabling 1: TPM RNG Device (tpm) Initializing available sources [jitter]: JITTER timeout set to 5 sec [jitter]: Initializing AES buffer [jitter]: Enabling JITTER rng support [jitter]: Initialized rngtest: bits received from input: 2000064 rngtest: bits sent to output: 2000000 rngtest: FIPS 140-2 successes: 100 rngtest: FIPS 140-2 failures: 0 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 0 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=250.967; avg=307.092; max=515.500)Mibits/s rngtest: FIPS tests speed: (min=157.632; avg=198.352; max=202.909)Mibits/s rngtest: output channel speed: (min=10000000000.000; avg=52631578947.368; max=0.000)bits/s rngtest: Program run time: 1592761 microseconds killing 0 # ./rngtesturandom.sh ; echo $? rngtest: bits received from input: 2000064 rngtest: bits sent to output: 2000000 rngtest: FIPS 140-2 successes: 100 rngtest: FIPS 140-2 failures: 0 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 0 rngtest: FIPS 140-2(2001-10-10) Long run: 0 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=4.657; avg=6.652; max=18.626)Gibits/s rngtest: FIPS tests speed: (min=183.399; avg=198.434; max=202.909)Mibits/s rngtest: output channel speed: (min=20000000000.000; avg=74074074074.074; max=0.000)bits/s rngtest: Program run time: 10766 microseconds 0 # ./rngtestzero.sh ; echo $? rngtest: bits received from input: 2000064 rngtest: bits sent to output: 0 rngtest: FIPS 140-2 successes: 0 rngtest: FIPS 140-2 failures: 100 rngtest: FIPS 140-2(2001-10-10) Monobit: 100 rngtest: FIPS 140-2(2001-10-10) Poker: 100 rngtest: FIPS 140-2(2001-10-10) Runs: 100 rngtest: FIPS 140-2(2001-10-10) Long run: 100 rngtest: FIPS 140-2(2001-10-10) Continuous run: 100 rngtest: input channel speed: (min=4.657; avg=7.421; max=9.313)Gibits/s rngtest: FIPS tests speed: (min=1003.868; avg=1467.191; max=1589.457)Mibits/s rngtest: output channel speed: (min=0.000; avg=0.000; max=0.000)bits/s rngtest: Program run time: 2330 microseconds 0 Thanks for a testing, Vilem, most appreciated. Looks good:
DISTRO=RHEL-9.2.0-20221013.0
kernel 5.14.0-175.el9.x86_64+debug
# rpm -q rng-tools
package rng-tools is not installed
# rpm -q jitterentropy
package jitterentropy is not installed
# userdel -r rngd
userdel: user 'rngd' does not exist
# rm -f /etc/sysconfig/rngd*
# dnf install rng-tools jitterentropy
(...)
Installed:
jitterentropy-3.4.1-1.el9.x86_64 rng-tools-6.15-2.el9.x86_64
# grep udevadm /usr/lib/systemd/system/rngd.service
# grep -- '-x qrypt' /etc/sysconfig/rngd
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon"
# pwck
# systemctl start rngd
# systemctl status rngd
(...)
Active: active (running) since Thu 2022-10-20 18:17:42 EDT; 4s ago
(...)
└─60094 /usr/sbin/rngd -f --fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon
(...)
Oct 20 18:17:44 intel-eaglestream-spr-07.khw1.lab.eng.bos.redhat.com rngd[60094]: Process privileges have been dropped to 2:2
# ./rngtestjitter.sh ; echo $?
Disabling 0: Hardware RNG Device (hwrng)
Disabling 2: Intel RDRAND Instruction RNG (rdrand)
Disabling 1: TPM RNG Device (tpm)
Initializing available sources
[jitter]: JITTER timeout set to 5 sec
[jitter]: Initializing AES buffer
[jitter]: Enabling JITTER rng support
[jitter]: Initialized
rngtest: bits received from input: 2000064
rngtest: bits sent to output: 2000000
rngtest: FIPS 140-2 successes: 100
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=272.478; avg=322.460; max=381.470)Mibits/s
rngtest: FIPS tests speed: (min=178.257; avg=198.744; max=202.909)Mibits/s
rngtest: output channel speed: (min=20000000000.000; avg=68965517241.379; max=0.000)bits/s
rngtest: Program run time: 1593021 microseconds
killing
0
# ./rngtesturandom.sh ; echo $?
rngtest: bits received from input: 2000064
rngtest: bits sent to output: 2000000
rngtest: FIPS 140-2 successes: 100
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=4.657; avg=7.276; max=18.626)Gibits/s
rngtest: FIPS tests speed: (min=188.846; avg=198.910; max=202.909)Mibits/s
rngtest: output channel speed: (min=20000000000.000; avg=62500000000.000; max=0.000)bits/s
rngtest: Program run time: 10637 microseconds
0
# ./rngtestzero.sh ; echo $?
rngtest: bits received from input: 2000064
rngtest: bits sent to output: 0
rngtest: FIPS 140-2 successes: 0
rngtest: FIPS 140-2 failures: 100
rngtest: FIPS 140-2(2001-10-10) Monobit: 100
rngtest: FIPS 140-2(2001-10-10) Poker: 100
rngtest: FIPS 140-2(2001-10-10) Runs: 100
rngtest: FIPS 140-2(2001-10-10) Long run: 100
rngtest: FIPS 140-2(2001-10-10) Continuous run: 100
rngtest: input channel speed: (min=2.070; avg=7.164; max=9.313)Gibits/s
rngtest: FIPS tests speed: (min=1.242; avg=1.418; max=1.552)Gibits/s
rngtest: output channel speed: (min=0.000; avg=0.000; max=0.000)bits/s
rngtest: Program run time: 2527 microseconds
0
unfortunately we would need another important update in 8.8/9.2 due to a crash: bz2140043, bz2141379. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (jitterentropy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2472 |