1161528 – RHEV-H always persist the config info of "Strong Random Number Generator" after disable AES-NI options

Bug 1161528 - RHEV-H always persist the config info of "Strong Random Number Generator" after disable AES-NI options

Summary: RHEV-H always persist the config info of "Strong Random Number Generator" aft...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-node
Sub Component:
Version:	3.6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	ovirt-3.6.0-rc
Target Release:	3.6.0
Assignee:	Ryan Barry
QA Contact:	cshao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-07 10:02 UTC by cshao
Modified:	2016-03-09 14:17 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ovirt-node-3.3.0-0.4.20150906git14a6024.el7ev
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-03-09 14:17:02 UTC
oVirt Team:	Node
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0378	0	normal	SHIPPED_LIVE	ovirt-node bug fix and enhancement update for RHEV 3.6	2016-03-09 19:06:36 UTC
oVirt gerrit	34952	0	master	MERGED	Clear RNG bytes from /etc/profile if disable_aes_ni is set	Never

Description cshao 2014-11-07 10:02:14 UTC

Description of problem:
RHEV-H always persist the config info of "Strong Random Number Generator" after disable AES-NI options.

Version-Release number of selected component (if applicable):
rhev-hypervisor6-6.6-20141106.1
ovirt-node-3.0.1-19.el6.22.noarch

How reproducible:
100%

Steps to Reproduce:
1. Install RHEV-H
2. Enter Security menu, enable AES-NI and input Bytes Used(e.g. 123)
3. Save and check /etc/profile
4. Disable AES-NI
5. Save and check /etc/profile again.

Actual results:
RHEV-H always persist the config info of "Strong Random Number Generator" after disable AES-NI options.
1. step 3: export SSH_USE_STRONG_RNG=123
2. step 5: export OPENSSL_DISABLE_AES_NI=1
export SSH_USE_STRONG_RNG=123

Expected results:
RHEV-H should remove the config info of "Strong Random Number Generator" after disable AES-NI options.

Additional info:

Comment 2 cshao 2015-11-26 05:50:17 UTC

Test version:
rhev-hypervisor7-7.2-20151112.1
ovirt-node-3.6.0-0.20.20151103git3d3779a.el7ev.noarch

Test steps:
1. Install RHEV-H
2. Enter Security menu, enable AES-NI and input Bytes Used(e.g. 123)
3. Save and check /etc/profile
4. Disable AES-NI
5. Save and check /etc/profile again.


Test result:
RHEV-H can remove the config info of "Strong Random Number Generator" after disable AES-NI options.

#grep "export" /etc/profile
    export HISTCONTROL=ignoreboth
    export HISTCONTROL=ignoredups
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
export OPENSSL_DISABLE_AES_NI=1

So the bug is fixed, change bug status to VERIFIED.

Comment 4 errata-xmlrpc 2016-03-09 14:17:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0378.html

Note You need to log in before you can comment on or make changes to this bug.