Bug 1161528 - RHEV-H always persist the config info of "Strong Random Number Generator" after disable AES-NI options
Summary: RHEV-H always persist the config info of "Strong Random Number Generator" aft...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-node
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-3.6.0-rc
: 3.6.0
Assignee: Ryan Barry
QA Contact: cshao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-07 10:02 UTC by cshao
Modified: 2016-03-09 14:17 UTC (History)
9 users (show)

Fixed In Version: ovirt-node-3.3.0-0.4.20150906git14a6024.el7ev
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-09 14:17:02 UTC
oVirt Team: Node
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0378 normal SHIPPED_LIVE ovirt-node bug fix and enhancement update for RHEV 3.6 2016-03-09 19:06:36 UTC
oVirt gerrit 34952 master MERGED Clear RNG bytes from /etc/profile if disable_aes_ni is set Never

Description cshao 2014-11-07 10:02:14 UTC
Description of problem:
RHEV-H always persist the config info of "Strong Random Number Generator" after disable AES-NI options.

Version-Release number of selected component (if applicable):
rhev-hypervisor6-6.6-20141106.1
ovirt-node-3.0.1-19.el6.22.noarch

How reproducible:
100%

Steps to Reproduce:
1. Install RHEV-H
2. Enter Security menu, enable AES-NI and input Bytes Used(e.g. 123)
3. Save and check /etc/profile
4. Disable AES-NI
5. Save and check /etc/profile again.

Actual results:
RHEV-H always persist the config info of "Strong Random Number Generator" after disable AES-NI options.
1. step 3: export SSH_USE_STRONG_RNG=123
2. step 5: export OPENSSL_DISABLE_AES_NI=1
export SSH_USE_STRONG_RNG=123

Expected results:
RHEV-H should remove the config info of "Strong Random Number Generator" after disable AES-NI options.

Additional info:

Comment 2 cshao 2015-11-26 05:50:17 UTC
Test version:
rhev-hypervisor7-7.2-20151112.1
ovirt-node-3.6.0-0.20.20151103git3d3779a.el7ev.noarch

Test steps:
1. Install RHEV-H
2. Enter Security menu, enable AES-NI and input Bytes Used(e.g. 123)
3. Save and check /etc/profile
4. Disable AES-NI
5. Save and check /etc/profile again.


Test result:
RHEV-H can remove the config info of "Strong Random Number Generator" after disable AES-NI options.

#grep "export" /etc/profile
    export HISTCONTROL=ignoreboth
    export HISTCONTROL=ignoredups
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
export OPENSSL_DISABLE_AES_NI=1

So the bug is fixed, change bug status to VERIFIED.

Comment 4 errata-xmlrpc 2016-03-09 14:17:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0378.html


Note You need to log in before you can comment on or make changes to this bug.