Description of problem: After updating Fedora 21 x86_64 with new libgcrypt, messages like the following now appear. libgcrypt selftest: pubkey RSA (1): mismatch (encrypt) libgcrypt selftest: pubkey RSA (1): Selftest failed Version-Release number of selected component (if applicable): libgcrypt-1.6.3-1.fc21.x86_64 libgcrypt-1.6.3-1.fc21.i686 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Do you have dracut-fips package present on the system? Does the message appear when you run gpg2 --search-keys ? For example. Can you also paste cat /proc/cpuinfo output here? As I cannot reproduce the problem it might be cpu feature dependant.
*** Bug 1204418 has been marked as a duplicate of this bug. ***
fc21-bash 4.3 ~# gpg2 --search-keys libgcrypt selftest: binary (0): Selftest failed (/usr/lib64/.libgcrypt.so.20.hmac) note: random_seed file not updated fc21-bash 4.3 ~# gpg2 --search-keys '?' libgcrypt selftest: binary (0): Selftest failed (/usr/lib64/.libgcrypt.so.20.hmac) gpg: searching for "?" from hkp server keys.gnupg.net gpg: key "?" not found on keyserver note: random_seed file not updated fc21-bash 4.3 ~# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1193.757 cache size : 6144 KB physical id : 0 siblings : 8 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1246.437 cache size : 6144 KB physical id : 0 siblings : 8 core id : 1 cpu cores : 4 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1109.023 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 4 apicid : 4 initial apicid : 4 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1231.914 cache size : 6144 KB physical id : 0 siblings : 8 core id : 3 cpu cores : 4 apicid : 6 initial apicid : 6 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 4 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1341.312 cache size : 6144 KB physical id : 0 siblings : 8 core id : 0 cpu cores : 4 apicid : 1 initial apicid : 1 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 5 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1105.671 cache size : 6144 KB physical id : 0 siblings : 8 core id : 1 cpu cores : 4 apicid : 3 initial apicid : 3 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 6 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1218.593 cache size : 6144 KB physical id : 0 siblings : 8 core id : 2 cpu cores : 4 apicid : 5 initial apicid : 5 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping : 7 microcode : 0x29 cpu MHz : 1109.281 cache size : 6144 KB physical id : 0 siblings : 8 core id : 3 cpu cores : 4 apicid : 7 initial apicid : 7 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid xsaveopt bugs : bogomips : 4390.17 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management:
fc21-bash 4.3 ~# rpm -q dracut-fips dracut-fips-038-32.git20141216.fc21.x86_64
(In reply to George R. Goffe from comment #3) > fc21-bash 4.3 ~# gpg2 --search-keys > libgcrypt selftest: binary (0): Selftest failed > (/usr/lib64/.libgcrypt.so.20.hmac) But this is a different selftest failure - do you have prelink installed? Basically prelinking conflicts with the /etc/system-fips being present. If you undo prelink (prelink -ua and uninstall the prelink package) is the selftest failure still the same?
1) Uninstalled dracut-fips and dracut-fips-aesni with: $yum erase dracut-fips-* --remove-leaves --setopt=clean_requirements_on_remove=1 2) Installed prelink (I didn't have it pre-installed) with: $yum install prelink 3) Done: $prelink -ua 4) Reinstalled unhide: $rpm -evh unhide $yum install unhide 5) Launched: $unhide sys $rkhunter --check --sk --noappend-log $cat /var/log/rkhunter/rkhunter.log | grep -i "warn\|crypt" and didn't recieved any libgcrypt warnings. `$gpg2 --search-keys' provides nothing. `$cat /proc/cpuinfo' output: processor : 0 vendor_id : AuthenticAMD cpu family : 16 model : 2 model name : AMD Athlon(tm) 7750 Dual-Core Processor stepping : 3 microcode : 0x1000095 cpu MHz : 1350.000 cache size : 512 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 5 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc extd_apicid pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs hw_pstate npt lbrv svm_lock vmmcall bugs : tlb_mmatch apic_c1e fxsave_leak bogomips : 5429.58 TLB size : 1024 4K pages clflush size : 64 cache_alignment : 64 address sizes : 48 bits physical, 48 bits virtual power management: ts ttp tm stc 100mhzsteps hwpstate processor : 1 vendor_id : AuthenticAMD cpu family : 16 model : 2 model name : AMD Athlon(tm) 7750 Dual-Core Processor stepping : 3 microcode : 0x1000095 cpu MHz : 1350.000 cache size : 512 KB physical id : 0 siblings : 2 core id : 1 cpu cores : 2 apicid : 1 initial apicid : 1 fpu : yes fpu_exception : yes cpuid level : 5 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc extd_apicid pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs hw_pstate npt lbrv svm_lock vmmcall bugs : tlb_mmatch apic_c1e fxsave_leak bogomips : 5429.58 TLB size : 1024 4K pages clflush size : 64 cache_alignment : 64 address sizes : 48 bits physical, 48 bits virtual power management: ts ttp tm stc 100mhzsteps hwpstate
It's expectable that you did not receive any warnings with dracut-fips uninstalled. I am still interested about results with dracut-fips installed.
It looks like there is a real regression in the libgcrypt modular exponentiation routine. Unfortunately reverting the implementation to libgcrypt-1.6.2 will also unfix the side channel security issue that was fixed by this change.
Tomas, Removed prelink... then ran my test again... NO MESSAGES. dracut-fips still installed. NO other changes. I think prelink came with the distribution. THANKS! George...
Tomas, yum -y downgrade libgcrypt'*' also removed the messages. I did that before removing prelink which also removed: ghc-rpm-macros.x86_64 0:1.2.19-1.fc21 ghc-rpm-macros-extra.x86_64 0:1.2.19-1.fc21
I reported bug 1205105 against ghc-rpm-macros so it does not pull prelink into system.
I run `$prelink -ua' then uninstalled it `$rpm -evh prelink'; installed dracut-fips, and when I've launched `$unhide sys' this warnings was displayed again. `$gpg2 --search-keys' now prints: note: random_seed file not updated
I would like to provide additional info, if this is helpfull. When I tried to do `$modprobe tcrypt', I've got some messages from dmesg: [ 218.500556] AVX instructions are not detected. [ 218.572550] AVX instructions are not detected. [ 218.584724] AVX instructions are not detected. [ 218.689727] sha512_ssse3: Neither AVX nor SSSE3 is available/usable. [ 218.732023] AVX instructions are not detected. [ 218.789297] AVX instructions are not detected. [ 218.961033] AVX or AES-NI instructions are not detected. [ 218.977066] AVX or AES-NI instructions are not detected. [ 219.177221] PCLMULQDQ-NI instructions are not detected. [ 219.193359] alg: No test for crc32 (crc32-table) [ 219.198450] alg: hash: Failed to load transform for hmac(crc32): -2 [ 219.214908] alg: No test for fips(ansi_cprng) (fips_ansi_cprng) [ 219.312229] tcrypt: one or more tests failed! [ 279.581364] alg: hash: Failed to load transform for hmac(crc32): -2 [ 279.592754] tcrypt: one or more tests failed! [ 298.739599] alg: hash: Failed to load transform for hmac(crc32): -2 [ 298.750753] tcrypt: one or more tests failed! I found those lines: info "Self testing crypto algorithms" modprobe tcrypt || return 1 rmmod tcrypt in /usr/lib/dracut/modules.d/01fips/fips.sh inside a subroutine `do_fips()'. `yum whatprovides dracut-fips' shows that package provides shell script files in folder /usr/lib/dracut/modules.d/01fips
I have already all the info I need, thank you.
libgcrypt-1.6.3-4.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/libgcrypt-1.6.3-4.fc21
libgcrypt-1.6.3-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/libgcrypt-1.6.3-4.fc22
Package libgcrypt-1.6.3-4.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing libgcrypt-1.6.3-4.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-5542/libgcrypt-1.6.3-4.fc22 then log in and leave karma (feedback).
I have reinstalled unhide, dracut-fips and installed libgcrypt-1.6.3-4.fc21 from updates-testing repo. `$unhide sys' works fine for me now, no new warning messages.
The package libgcrypt-1.6.3-4.fc22 works as well as *.fc21
libgcrypt-1.6.3-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
libgcrypt-1.6.3-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.