1973157 – update jitterentropy and add -devel to crb

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1973157 - update jitterentropy and add -devel to crb

Summary: update jitterentropy and add -devel to crb

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	jitterentropy
Sub Component:
Version:	9.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	beta
Target Release:	9.0 Beta
Assignee:	Vladis Dronov
QA Contact:	Vilém Maršík
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-06-17 10:53 UTC by Vladis Dronov
Modified:	2021-12-07 21:22 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-12-07 21:20:54 UTC
Type:	Bug
Target Upstream Version:	jitterentropy-3.0.2
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Vladis Dronov 2021-06-17 10:53:42 UTC

a v3.0.2 update is needed since it introduces important NIST SP 800-90B fixes which in turn is needed for the later fips certification.

also we need jitterentropy-devel in crb repo, the product listing is not correct as of now.

upstream: https://github.com/smuellerDD/jitterentropy-library
fedora: https://src.fedoraproject.org/rpms/jitterentropy/

Comment 1 Vladis Dronov 2021-06-18 13:51:48 UTC

c9s comps.xml update to add jitterentropy-devel to CRB:
https://gitlab.com/redhat/centos-stream/release-engineering/comps/-/merge_requests/56

Comment 3 Vilém Maršík 2021-06-23 00:04:33 UTC

Ack, expecting a package jitterentropy-devel to be included in 9.0

Comment 5 Vladis Dronov 2021-07-29 12:31:54 UTC

hello, Vilem,

could you please provide Verified:Tested for this bz, so i can proceed with its errata?
the test plan for both jitterentropy library and rngd daemon is the following:

1) grab the packages from brew:

# wget http://download.devel.redhat.com/brewroot/work/tasks/2274/38422274/jitterentropy-3.0.2-2.git.409828cf.el9.x86_64.rpm http://download.devel.redhat.com/brewroot/work/tasks/6815/38436815/rng-tools-6.13-5.git.d207e0b6.el9.x86_64.rpm

2) install and disable rngd service:

# dnf -y install jitterentropy*rpm rng-tools*rpm && systemctl stop rngd && systemctl disable rngd

3) gather random data more that 4 Mb. for this wait ~10 seconds after the "[jitter]: Initialized"
line and press Ctrl-C.

# /usr/sbin/rngd -f -o /dev/stdout > /tmp/rngfile
Initializing available sources
[hwrng ]: Initialized
[rdrand]: Enabling RDRAND rng support
[rdrand]: Initialized
[jitter]: Initializing AES buffer
[jitter]: Enabling JITTER rng support
[jitter]: Initialized
< wait 5-10 seconds >
^C
[hwrng ]: Shutting down
[rdrand]: Shutting down
[jitter]: Shutting down

4) check that /tmp/rngfile is more that 4 Mb: 

# ls -lh /tmp/rngfile
-rw-r--r-- 1 root root 51M Jul 29 14:16 /tmp/rngfile

5) run the FIPS test for the random data gathered:

# cat /tmp/rngfile | /usr/bin/rngtest -c 1000
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=397.364; avg=7515.164; max=19073.486)Mibits/s
rngtest: FIPS tests speed: (min=37.919; avg=138.251; max=161.640)Mibits/s
rngtest: Program run time: 141251 microseconds

some "FIPS 140-2 failures" are fine here, they should not be more than "FIPS 140-2 successes".

6) clean up

# rm -f /tmp/rngfile
# dnf -y erase jitterentropy rng-tools

thank you.

Comment 8 Vilém Maršík 2021-08-05 23:58:30 UTC

Verified, thanks for the very detailed testing instructions.

-------------

# wget http://download.devel.redhat.com/brewroot/work/tasks/2274/38422274/jitterentropy-3.0.2-2.git.409828cf.el9.x86_64.rpm http://download.devel.redhat.com/brewroot/work/tasks/6815/38436815/rng-tools-6.13-5.git.d207e0b6.el9.x86_64.rpm
(...)
Downloaded: 2 files, 93K in 0.003s (32.8 MB/s)
# dnf -y install jitterentropy*rpm rng-tools*rpm && systemctl stop rngd && systemctl disable rngd
(...)
Installed:
  jitterentropy-3.0.2-2.git.409828cf.el9.x86_64                                        rng-tools-6.13-5.git.d207e0b6.el9.x86_64
Complete!
Removed /etc/systemd/system/multi-user.target.wants/rngd.service.
# /usr/sbin/rngd -f -o /dev/stdout > /tmp/rngfile
Initializing available sources
[hwrng ]: Initialization Failed
[rdrand]: Enabling RDRAND rng support
[rdrand]: Initialized
[jitter]: Initializing AES buffer
[jitter]: Enabling JITTER rng support
[jitter]: Initialized
^C[rdrand]: Shutting down
[jitter]: Shutting down
# ls -lh /tmp/rngfile
-rw-r--r--. 1 root root 252M Aug  5 19:53 /tmp/rngfile
# cat /tmp/rngfile | /usr/bin/rngtest -c 1000
rngtest 6.13
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=6.209; avg=16.735; max=18.626)Gibits/s
rngtest: FIPS tests speed: (min=164.427; avg=211.514; max=214.309)Mibits/s
rngtest: Program run time: 91681 microseconds
# rm -f /tmp/rngfile
# dnf -y erase jitterentropy rng-tools

Note You need to log in before you can comment on or make changes to this bug.