Fix an internal soft-timer issue and one CPU case
- Update to the upstream v6.13 + tip of origin/master + onecpu branch + revert of 2ce93190 - Rebuild rng-tools against the latest jitterentropy library 3.0.2.git.d18d5863 with fixes for an important issue: https://github.com/nhorman/rng-tools/pull/123 https://github.com/smuellerDD/jitterentropy-library/issues/37 - Add important upstream fixes for the one CPU case (bz 1974132) - Revert introducing a new but mostly useless randstat binary - A couple of minor code and test fixes Signed-off-by: Vladis Dronov <vdronov@redhat.com>
This commit is contained in:
parent
000f0d8092
commit
65d2e53f7c
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
/rng-tools-6.13.tar.gz
|
||||
/rng-tools-6.13.git.d207e0b6.tar.gz
|
||||
|
||||
@ -1,45 +0,0 @@
|
||||
From 16b728f9a5bb138386fa770de817ec244a158be5 Mon Sep 17 00:00:00 2001
|
||||
From: David Seifert <soap@gentoo.org>
|
||||
Date: Sat, 12 Jun 2021 22:15:06 +0200
|
||||
Subject: Use `AM_PROG_AR` over `AC_CHECK_TOOLS`
|
||||
|
||||
* `AM_PROG_AR` is the canonical way to detect the archiver
|
||||
and includes workarounds for Cygwin.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
.gitignore | 1 +
|
||||
configure.ac | 3 +--
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/.gitignore b/.gitignore
|
||||
index 0df9347..5dc334d 100644
|
||||
--- a/.gitignore
|
||||
+++ b/.gitignore
|
||||
@@ -2,6 +2,7 @@
|
||||
*.o
|
||||
/.deps/
|
||||
/aclocal.m4
|
||||
+/ar-lib
|
||||
/autom4te.cache/
|
||||
/compile
|
||||
/config.guess
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 5b4f2cb..1cb7fd7 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -62,10 +62,9 @@ AM_PROG_AS
|
||||
dnl Checks for programs
|
||||
AC_PROG_CC
|
||||
AC_PROG_RANLIB
|
||||
+AM_PROG_AR
|
||||
AC_PROG_GCC_TRADITIONAL
|
||||
|
||||
-AC_CHECK_TOOLS([AR], [ar gar], :)
|
||||
-
|
||||
AX_PTHREAD
|
||||
|
||||
AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686])
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
From 3adf2613e262efbda0a3455e59c8cb3390271563 Mon Sep 17 00:00:00 2001
|
||||
From: David Seifert <soap@gentoo.org>
|
||||
Date: Sat, 12 Jun 2021 22:15:12 +0200
|
||||
Subject: `AC_CANONICAL_TARGET` -> `AC_CANONICAL_HOST`
|
||||
|
||||
* `AC_CANONICAL_TARGET` is the type of system for which code
|
||||
will be produced, not on which it will run. This is a common
|
||||
confusion with Autoconf's target triplet.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
configure.ac | 15 ++++++++-------
|
||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 1cb7fd7..0fe06fc 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -20,7 +20,8 @@ dnl Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA
|
||||
AC_INIT(rng-tools, 6.13, [Neil Horman <nhorman@tuxdriver.com>])
|
||||
AC_PREREQ(2.52)
|
||||
AC_CONFIG_SRCDIR([rngd.c])
|
||||
-AC_CANONICAL_TARGET
|
||||
+AC_CANONICAL_HOST
|
||||
+AC_CANONICAL_TARGET dnl required for broken AX_PTHREAD
|
||||
AM_INIT_AUTOMAKE([foreign])
|
||||
AC_CONFIG_HEADERS([rng-tools-config.h])
|
||||
AC_CONFIG_MACRO_DIRS([m4])
|
||||
@@ -67,14 +68,14 @@ AC_PROG_GCC_TRADITIONAL
|
||||
|
||||
AX_PTHREAD
|
||||
|
||||
-AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686])
|
||||
-AS_IF([test $target_cpu = x86_64 -o $target_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
|
||||
+AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || $host_cpu = i686])
|
||||
+AS_IF([test $host_cpu = x86_64 || $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
|
||||
|
||||
-AM_CONDITIONAL([DARN], [test $target_cpu = powerpc64le])
|
||||
-AS_IF([test $target_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
|
||||
+AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le])
|
||||
+AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
|
||||
|
||||
-AM_CONDITIONAL([RNDR], [test $target_cpu = aarch64])
|
||||
-AS_IF([test $target_cpu = aarch64], [AC_DEFINE([HAVE_RNDR],1,[Enable RNDR])],[])
|
||||
+AM_CONDITIONAL([RNDR], [test $host_cpu = aarch64])
|
||||
+AS_IF([test $host_cpu = aarch64], [AC_DEFINE([HAVE_RNDR],1,[Enable RNDR])],[])
|
||||
AM_CONDITIONAL([JITTER], [false])
|
||||
|
||||
AC_ARG_ENABLE(jitterentropy,
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,69 +0,0 @@
|
||||
From 73e81dc78ddb6f1bc0d8750c1a9e19e6cc123d48 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Sat, 12 Jun 2021 09:16:25 +0200
|
||||
Subject: Fix logic in ossl_aes_random_key()
|
||||
|
||||
- Using sizeof is correct for arr[], but is not correct for *ptr. read() here
|
||||
makes a 8-bytes read (on 64-bit arch). It should read AES_BLOCK bytes instead,
|
||||
as callers of ossl_aes_random_key() imply.
|
||||
|
||||
Covscan emits the following warning:
|
||||
|
||||
Error: SIZEOF_MISMATCH (CWE-398): [#def1]
|
||||
rng-tools-6.12/ossl_helpers.c:51: suspicious_sizeof: Passing argument "key" of
|
||||
type "unsigned char *" and argument "8UL /* sizeof (key) */" to function "read"
|
||||
is suspicious.
|
||||
51|-> int r = read(fd, key, sizeof key);
|
||||
|
||||
- According to the following warning, mark r as not used explicitly:
|
||||
|
||||
Error: CLANG_WARNING: [#def2]
|
||||
rng-tools-6.12/ossl_helpers.c:51:7: warning[deadcode.DeadStores]: Value stored
|
||||
to 'r' during its initialization is never read
|
||||
51|-> int r = read(fd, key, sizeof key);
|
||||
|
||||
- Add volatile to stack_junk to avoid possible compiler optimization. This does
|
||||
not silence "Uninitialized variable: stack_junk" covscan warning.
|
||||
|
||||
- Remove a check for pepper == NULL where it is not needed.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
ossl_helpers.c | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/ossl_helpers.c b/ossl_helpers.c
|
||||
index c3c1fbb..9569b74 100644
|
||||
--- a/ossl_helpers.c
|
||||
+++ b/ossl_helpers.c
|
||||
@@ -42,22 +42,23 @@ void ossl_aes_random_key(unsigned char *key, const unsigned char *pepper)
|
||||
0x00,0x10,0x20,0x30,0x40,0x50,0x60,0x70,
|
||||
0x80,0x90,0xa0,0xb0,0xc0,0xd0,0xe0,0xf0
|
||||
}; /* AES data reduction key */
|
||||
- unsigned char stack_junk[AES_BLOCK];
|
||||
+ volatile unsigned char stack_junk[AES_BLOCK];
|
||||
int fd, i;
|
||||
|
||||
/* Try getting some randomness from the kernel */
|
||||
fd = open("/dev/urandom", O_RDONLY);
|
||||
if (fd >= 0) {
|
||||
- int r = read(fd, key, sizeof key);
|
||||
+ int r __attribute__((unused));
|
||||
+ r = read(fd, key, AES_BLOCK);
|
||||
close(fd);
|
||||
}
|
||||
|
||||
/* Mix in our default key */
|
||||
- for (i = 0; i < AES_BLOCK && pepper; i++)
|
||||
+ for (i = 0; i < AES_BLOCK; i++)
|
||||
key[i] ^= default_key[i];
|
||||
|
||||
/* Mix in stack junk */
|
||||
- for (i = 0; i < AES_BLOCK && pepper; i++)
|
||||
+ for (i = 0; i < AES_BLOCK; i++)
|
||||
key[i] ^= stack_junk[i];
|
||||
|
||||
/* Spice it up if we can */
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,44 +0,0 @@
|
||||
From 8659477ea65b1617332efee6da4c533137870577 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Sat, 12 Jun 2021 09:00:42 +0200
|
||||
Subject: Fix a read() returning zero case in init_entropy_source()
|
||||
|
||||
Covscan warns about this with:
|
||||
|
||||
Error: CHECKED_RETURN (CWE-252): [#def3]
|
||||
rng-tools-6.12/rngd_entsource.c:185: check_return: "read(int, void *,
|
||||
size_t)" returns the number of bytes read, but it is ignored.
|
||||
185|-> if (read(rngavail_fd, buf, sizeof(buf)) < 0) {
|
||||
|
||||
Add a check for a zero return. While this should not happen, lets just
|
||||
handle the case, also to silence covscan.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
rngd_entsource.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/rngd_entsource.c b/rngd_entsource.c
|
||||
index f54ee40..e5b7d43 100644
|
||||
--- a/rngd_entsource.c
|
||||
+++ b/rngd_entsource.c
|
||||
@@ -182,13 +182,14 @@ int init_entropy_source(struct rng *ent_src)
|
||||
return 1;
|
||||
}
|
||||
|
||||
- if (read(rngavail_fd, buf, sizeof(buf)) < 0) {
|
||||
+ int ret = read(rngavail_fd, buf, sizeof(buf));
|
||||
+ if (ret < 0) {
|
||||
message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "Error reading sysfs file: %s\n", RNG_AVAIL);
|
||||
close(rngavail_fd);
|
||||
return 1;
|
||||
}
|
||||
|
||||
- if (strncmp(buf, "\n", 1) == 0) {
|
||||
+ if (ret == 0 || strncmp(buf, "\n", 1) == 0) {
|
||||
message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "No available rng device\n");
|
||||
close(rngavail_fd);
|
||||
return 1;
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,78 +0,0 @@
|
||||
From e4a94ad5d4ea8e5663f1e5d71669317b16105945 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Sat, 12 Jun 2021 13:11:19 +0200
|
||||
Subject: Fix minor possibilities of using a NULL pointer
|
||||
|
||||
Fix the following covscan warnings by performing a check for a NULL:
|
||||
|
||||
1) Add a check for NULL to message_entsrc macro:
|
||||
|
||||
Error: GCC_ANALYZER_WARNING (CWE-688):
|
||||
rng-tools-6.12/rngd_rdrand.c: scope_hint: In function 'init_drng_entropy_source'
|
||||
rng-tools-6.12/rngd.h:186:9: warning[-Wanalyzer-possible-null-argument]: use of
|
||||
possibly-NULL '____buf' where non-null expected
|
||||
/usr/include/stdio.h:334:12: note: argument 1 of 'sprintf' must be non-null
|
||||
184| size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
|
||||
185| char *____buf = malloc(____neededpfx + ____neededmsg); \
|
||||
186|-> sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
|
||||
|
||||
2) Move memset() in xread_tpm() to a proper place:
|
||||
|
||||
Error: NULL_RETURNS (CWE-476): [#def3]
|
||||
rng-tools-6.12/rngd_entsource.c:96: returned_null: "malloc" returns "NULL"
|
||||
(checked 89 out of 95 times).
|
||||
rng-tools-6.12/rngd_entsource.c:96: var_assigned: Assigning: "temp_buf" =
|
||||
"NULL" return value from "malloc".
|
||||
rng-tools-6.12/rngd_entsource.c:97: dereference: Dereferencing a pointer
|
||||
that might be "NULL" "temp_buf" when calling "memset".
|
||||
96| temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
|
||||
97|-> memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
|
||||
98| if (temp_buf == NULL) {
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
rngd.h | 8 +++++---
|
||||
rngd_entsource.c | 3 ++-
|
||||
2 files changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/rngd.h b/rngd.h
|
||||
index 6208b95..7d65f3c 100644
|
||||
--- a/rngd.h
|
||||
+++ b/rngd.h
|
||||
@@ -184,9 +184,11 @@ extern bool quiet;
|
||||
size_t ____neededpfx = snprintf(NULL, 0, "[%-6s]: ", src->rng_sname); \
|
||||
size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
|
||||
char *____buf = malloc(____neededpfx + ____neededmsg); \
|
||||
- sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
|
||||
- message(priority, "%s", ____buf); \
|
||||
- free(____buf); \
|
||||
+ if (____buf) { \
|
||||
+ sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
|
||||
+ message(priority, "%s", ____buf); \
|
||||
+ free(____buf); \
|
||||
+ } \
|
||||
} while (0)
|
||||
|
||||
extern bool do_reseed;
|
||||
diff --git a/rngd_entsource.c b/rngd_entsource.c
|
||||
index e5b7d43..b7ebd15 100644
|
||||
--- a/rngd_entsource.c
|
||||
+++ b/rngd_entsource.c
|
||||
@@ -94,12 +94,13 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
|
||||
}
|
||||
|
||||
temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
|
||||
- memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
|
||||
if (temp_buf == NULL) {
|
||||
message_entsrc(ent_src,LOG_ERR|LOG_INFO,"No memory for TPM buffer\n");
|
||||
close(ent_src->rng_fd);
|
||||
return -1;
|
||||
}
|
||||
+ memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
|
||||
+
|
||||
/* 32 bits has been reserved for random byte size */
|
||||
rng_cmd[13] = (unsigned char)(size & 0xFF);
|
||||
rng_cmd[12] = (unsigned char)((size >> 8) & 0xFF);
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,185 +0,0 @@
|
||||
From 2d244c6b5aea8f1a8e70307540d9d95b8111a242 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Mon, 14 Jun 2021 14:04:27 +0200
|
||||
Subject: Small bug and warning fixes per covscan report
|
||||
|
||||
- Fix a strncpy() bug.
|
||||
|
||||
- Remove unused variables.
|
||||
|
||||
- A small formatting fix.
|
||||
|
||||
- Fix signedness warnings.
|
||||
|
||||
- Add parenthesis to definitions of CHUNK_SIZE.
|
||||
|
||||
- Adjust default_watermark() so wm is set to a default value in all cases.
|
||||
Also add logging the same way it was done in init_kernel_rng().
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
rngd_darn.c | 4 ++--
|
||||
rngd_jitter.c | 3 +--
|
||||
rngd_linux.c | 31 ++++++++++++++++++++++---------
|
||||
rngd_rdrand.c | 2 --
|
||||
rngd_rndr.c | 2 +-
|
||||
rngd_rtlsdr.c | 6 +++---
|
||||
stats.c | 2 +-
|
||||
7 files changed, 30 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/rngd_darn.c b/rngd_darn.c
|
||||
index bc8edec..5254195 100644
|
||||
--- a/rngd_darn.c
|
||||
+++ b/rngd_darn.c
|
||||
@@ -46,9 +46,9 @@ static uint64_t get_darn();
|
||||
static int refill_rand(struct rng *ent_src, bool allow_reinit);
|
||||
static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t copied);
|
||||
|
||||
-#define CHUNK_SIZE AES_BLOCK * 8
|
||||
+#define CHUNK_SIZE (AES_BLOCK*8)
|
||||
#define RDRAND_ROUNDS 512 /* 512:1 data reduction */
|
||||
-#define THRESH_BITS 14
|
||||
+#define THRESH_BITS 14
|
||||
|
||||
/* ossl AES context */
|
||||
static struct ossl_aes_ctx *ossl_ctx;
|
||||
diff --git a/rngd_jitter.c b/rngd_jitter.c
|
||||
index b68c791..7403c02 100644
|
||||
--- a/rngd_jitter.c
|
||||
+++ b/rngd_jitter.c
|
||||
@@ -128,7 +128,7 @@ int pipefds[2];
|
||||
|
||||
unsigned char *aes_buf;
|
||||
|
||||
-static char key[AES_BLOCK];
|
||||
+static unsigned char key[AES_BLOCK];
|
||||
static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
|
||||
static struct ossl_aes_ctx *ossl_ctx;
|
||||
|
||||
@@ -322,7 +322,6 @@ int validate_jitter_options(struct rng *ent_src)
|
||||
int delay = ent_src->rng_options[JITTER_OPT_RETRY_DELAY].int_val;
|
||||
int rcount = ent_src->rng_options[JITTER_OPT_RETRY_COUNT].int_val;
|
||||
int soft_timer = ent_src->rng_options[JITTER_OPT_FORCE_INT_TIMER].int_val;
|
||||
- int num_threads = ent_src->rng_options[JITTER_OPT_THREADS].int_val;
|
||||
|
||||
/* Need at least one thread to do this work */
|
||||
if (!threads) {
|
||||
diff --git a/rngd_linux.c b/rngd_linux.c
|
||||
index cf4fcdf..c52c62d 100644
|
||||
--- a/rngd_linux.c
|
||||
+++ b/rngd_linux.c
|
||||
@@ -56,22 +56,35 @@ extern int kent_pool_size;
|
||||
/*
|
||||
* Get the default watermark
|
||||
*/
|
||||
+
|
||||
+#define DEFAULT_WATERMARK_GUESS 4096
|
||||
+
|
||||
int default_watermark(void)
|
||||
{
|
||||
FILE *f;
|
||||
- unsigned int wm; /* Default guess */
|
||||
+ unsigned int wm;
|
||||
|
||||
f = fopen("/proc/sys/kernel/random/poolsize", "r");
|
||||
- if (!f)
|
||||
+ if (!f) {
|
||||
+ wm = DEFAULT_WATERMARK_GUESS;
|
||||
+ message(LOG_DAEMON|LOG_ERR, "can't open /proc/sys/kernel/random/poolsize: %s",
|
||||
+ strerror(errno));
|
||||
goto err;
|
||||
- /*
|
||||
- * Default to 4096 if fscanf fails
|
||||
- */
|
||||
- if(fscanf(f,"%u", &wm) < 1)
|
||||
- wm = 4096;
|
||||
+ }
|
||||
+
|
||||
+ /* Use DEFAULT_WATERMARK_GUESS if fscanf fails */
|
||||
+ if(fscanf(f,"%u", &wm) < 1) {
|
||||
+ wm = DEFAULT_WATERMARK_GUESS;
|
||||
+ message(LOG_DAEMON|LOG_ERR, "can't read /proc/sys/kernel/random/poolsize: %s",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
+err:
|
||||
kent_pool_size = wm;
|
||||
wm = wm*3/4;
|
||||
-err:
|
||||
+ message(LOG_DAEMON|LOG_ERR, "kernel entropy pool size: %d pool watermark: %d",
|
||||
+ kent_pool_size, wm);
|
||||
+
|
||||
if (f)
|
||||
fclose(f);
|
||||
return wm;
|
||||
@@ -153,7 +166,7 @@ int random_add_entropy(void *buf, size_t size)
|
||||
} else
|
||||
write(random_fd, buf, size);
|
||||
|
||||
- return ent->ent_count;
|
||||
+ return ent->ent_count;
|
||||
|
||||
}
|
||||
|
||||
diff --git a/rngd_rdrand.c b/rngd_rdrand.c
|
||||
index cba27a9..caa9d05 100644
|
||||
--- a/rngd_rdrand.c
|
||||
+++ b/rngd_rdrand.c
|
||||
@@ -243,8 +243,6 @@ int init_drng_entropy_source(struct rng *ent_src)
|
||||
const uint32_t features_ebx7_rdseed = 1 << 18;
|
||||
uint32_t max_cpuid_leaf;
|
||||
unsigned char xkey[AES_BLOCK]; /* Material to XOR into the key */
|
||||
- int fd;
|
||||
- int i;
|
||||
|
||||
if (!x86_has_cpuid())
|
||||
return 1; /* No CPUID instruction */
|
||||
diff --git a/rngd_rndr.c b/rngd_rndr.c
|
||||
index 176ce90..79bf2ce 100644
|
||||
--- a/rngd_rndr.c
|
||||
+++ b/rngd_rndr.c
|
||||
@@ -47,7 +47,7 @@ static struct ossl_aes_ctx *ossl_ctx;
|
||||
static unsigned char key[AES_BLOCK];
|
||||
static unsigned char iv_buf[AES_BLOCK];
|
||||
|
||||
-#define CHUNK_SIZE AES_BLOCK * 8
|
||||
+#define CHUNK_SIZE (AES_BLOCK*8)
|
||||
static unsigned char aes_buf[CHUNK_SIZE];
|
||||
static size_t aes_buf_pos;
|
||||
#define REKEY_BITS 8
|
||||
diff --git a/rngd_rtlsdr.c b/rngd_rtlsdr.c
|
||||
index 949c8b0..5371905 100644
|
||||
--- a/rngd_rtlsdr.c
|
||||
+++ b/rngd_rtlsdr.c
|
||||
@@ -21,12 +21,12 @@
|
||||
#include "rngd.h"
|
||||
#include "ossl_helpers.h"
|
||||
|
||||
-#define RAW_BUF_SZ 4096
|
||||
+#define RAW_BUF_SZ 4096
|
||||
|
||||
-#define CHUNK_SIZE (AES_BLOCK*8) /* 8 parallel streams */
|
||||
+#define CHUNK_SIZE (AES_BLOCK*8) /* 8 parallel streams */
|
||||
|
||||
static rtlsdr_dev_t *radio = NULL;
|
||||
-static char raw_buffera[RAW_BUF_SZ];
|
||||
+static unsigned char raw_buffera[RAW_BUF_SZ];
|
||||
static int freq_min;
|
||||
static int freq_max;
|
||||
static int sample_min;
|
||||
diff --git a/stats.c b/stats.c
|
||||
index 5c4036a..a172a35 100644
|
||||
--- a/stats.c
|
||||
+++ b/stats.c
|
||||
@@ -65,7 +65,7 @@ static void scale_mult_unit(char *unit, int unitsize,
|
||||
if (mult)
|
||||
snprintf(unit, unitsize, "%ci%s", multchar[mult-1], baseunit);
|
||||
else
|
||||
- strncpy(unit, baseunit, unitsize);
|
||||
+ strncpy(unit, baseunit, unitsize-1);
|
||||
}
|
||||
|
||||
/* Computes elapsed time in microseconds */
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,54 +0,0 @@
|
||||
From 05505f04b9146e3f1225c182d3fdfc2fb51a633f Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Sat, 12 Jun 2021 09:35:21 +0200
|
||||
Subject: Fix a minor memory leak in rngd_jitter.c
|
||||
|
||||
While a leak is short-lived until a process memory is freed, fix it anyway.
|
||||
|
||||
Error: GCC_ANALYZER_WARNING (CWE-401):
|
||||
rng-tools-6.12/rngd_jitter.c:396:66: warning[-Wanalyzer-malloc-leak]:
|
||||
leak of 'aes_buf'
|
||||
rng-tools-6.12/rngd_jitter.c:35: included_from: Included from here.
|
||||
rng-tools-6.12/rngd_jitter.c:394:17: note: in expansion of macro 'message_entsrc'
|
||||
|
||||
Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
|
||||
rng-tools-6.12/rngd_jitter.c: scope_hint: In function 'init_jitter_entropy_source'
|
||||
rng-tools-6.12/rngd_jitter.c:396:66: warning[-Wanalyzer-malloc-leak]: leak of 'aes_buf'
|
||||
rng-tools-6.12/rngd_jitter.c:394:17: note: in expansion of macro 'message_entsrc'
|
||||
394| message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Initializing AES buffer\n");
|
||||
395| aes_buf = malloc(tdata[0].buf_sz);
|
||||
396|-> ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
|
||||
397| if (xread_jitter(key, AES_BLOCK, ent_src)) {
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
rngd_jitter.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/rngd_jitter.c b/rngd_jitter.c
|
||||
index 7403c02..ea29436 100644
|
||||
--- a/rngd_jitter.c
|
||||
+++ b/rngd_jitter.c
|
||||
@@ -126,7 +126,7 @@ static struct thread_data *tdata;
|
||||
static pthread_t *threads;
|
||||
int pipefds[2];
|
||||
|
||||
-unsigned char *aes_buf;
|
||||
+unsigned char *aes_buf = NULL;
|
||||
|
||||
static unsigned char key[AES_BLOCK];
|
||||
static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
|
||||
@@ -533,9 +533,9 @@ void close_jitter_entropy_source(struct rng *ent_src)
|
||||
close(pipefds[0]);
|
||||
free(tdata);
|
||||
free(threads);
|
||||
+ free(aes_buf);
|
||||
if (ossl_ctx) {
|
||||
ossl_aes_exit(ossl_ctx);
|
||||
ossl_ctx = NULL;
|
||||
}
|
||||
}
|
||||
-
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,233 +0,0 @@
|
||||
From c87d4f8616c42a921cec37e8758e71f5651c727f Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Mon, 14 Jun 2021 14:37:28 +0200
|
||||
Subject: Brush up rngd_nistbeacon.c
|
||||
|
||||
1) Fix a possile NULL dereference in get_nist_record() and update_active_cert().
|
||||
It may happen in an unlikely case when curl_easy_setopt(CURLOPT_WRITEFUNCTION)
|
||||
fails but curl_easy_perform() succeeds.
|
||||
|
||||
Also adjust error handling and logging. This way a libcurl instance is properly
|
||||
cleaned up in all cases.
|
||||
|
||||
This fixes code for the following warnings. NULL pointer warning still stays,
|
||||
as covscan does not recognize parse_nist_json_block() as a callback.
|
||||
|
||||
Error: CHECKED_RETURN (CWE-252): [#def13]
|
||||
rng-tools-6.12/rngd_nistbeacon.c:582: check_return: Calling "curl_easy_setopt(curl,
|
||||
_curl_opt, certurl)" without checking return value. This library function may fail
|
||||
and return an error code.
|
||||
581| certurl = strcat(certurl, block.certificateIdString);
|
||||
582|-> curl_easy_setopt(curl, CURLOPT_URL, certurl);
|
||||
|
||||
Error: CLANG_WARNING: [#def19]
|
||||
rng-tools-6.12/rngd_nistbeacon.c:622:32: warning[core.NonNullParamChecker]: Null
|
||||
pointer passed to 1st parameter expecting 'nonnull'
|
||||
622|-> activeCertId = strndup(block.certificateId, be32toh(block.certificateIdLen));
|
||||
|
||||
2) Remove unused variables from parse_nist_json_block().
|
||||
|
||||
3) Fix a signedness warning for nist_rand_buf and block.signatureValue.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
rngd_nistbeacon.c | 109 +++++++++++++++++++++++++++++++---------------
|
||||
1 file changed, 74 insertions(+), 35 deletions(-)
|
||||
|
||||
diff --git a/rngd_nistbeacon.c b/rngd_nistbeacon.c
|
||||
index 5d51d44..51e3458 100644
|
||||
--- a/rngd_nistbeacon.c
|
||||
+++ b/rngd_nistbeacon.c
|
||||
@@ -74,7 +74,7 @@ static int get_nist_record(struct rng *ent_src);
|
||||
|
||||
static size_t nist_buf_avail = 0;
|
||||
static size_t nist_buf_ptr = 0;
|
||||
-static char nist_rand_buf[NIST_BUF_SIZE];
|
||||
+static unsigned char nist_rand_buf[NIST_BUF_SIZE];
|
||||
static char errbuf[120];
|
||||
int cfp;
|
||||
|
||||
@@ -275,23 +275,18 @@ static void get_json_byte_array(json_t *parent, char *key, char **val, uint32_t
|
||||
}
|
||||
|
||||
/*
|
||||
- * Note, I'm making the assumption that the entire xml block gets returned
|
||||
+ * Note, I'm making the assumption that the entire xml block gets returned
|
||||
* in a single call here, which I should fix
|
||||
*/
|
||||
static size_t parse_nist_json_block(char *ptr, size_t size, size_t nemb, void *userdata)
|
||||
{
|
||||
size_t idx;
|
||||
json_t *jidx;
|
||||
- xmlTextReaderPtr reader;
|
||||
- int ret = 1;
|
||||
- const char *name;
|
||||
- size_t realsize = size * nemb;
|
||||
- char *xml = (char *)ptr;
|
||||
- json_t *json, *pulse, *values, *obj;
|
||||
+ size_t realsize = size * nemb;
|
||||
+ json_t *json, *pulse, *obj;
|
||||
json_error_t jsonerror;
|
||||
struct rng *ent_src = userdata;
|
||||
|
||||
-
|
||||
json = json_loads(ptr, size, &jsonerror);
|
||||
if (!json) {
|
||||
message_entsrc(ent_src,LOG_DAEMON|LOG_ERR, "Unparseable JSON\n");
|
||||
@@ -532,7 +527,8 @@ static int validate_nist_block(struct rng *ent_src)
|
||||
goto out;
|
||||
}
|
||||
|
||||
- if (EVP_VerifyFinal(mdctx, block.signatureValue, be32toh(block.signatureValueLen), pubkey) < 1) {
|
||||
+ if (EVP_VerifyFinal(mdctx, (unsigned char *)block.signatureValue,
|
||||
+ be32toh(block.signatureValueLen), pubkey) < 1) {
|
||||
unsigned long err;
|
||||
message_entsrc(ent_src,LOG_DAEMON| LOG_ERR, "Unable to validate signature on message\n");
|
||||
while( (err = ERR_get_error()) != 0 ) {
|
||||
@@ -566,7 +562,8 @@ static size_t copy_nist_certificate(char *ptr, size_t size, size_t nemb, void *u
|
||||
return size * nemb;
|
||||
}
|
||||
|
||||
-static void update_active_cert() {
|
||||
+static void update_active_cert(struct rng *ent_src)
|
||||
+{
|
||||
CURL *curl;
|
||||
CURLcode res;
|
||||
char *certurl;
|
||||
@@ -574,24 +571,46 @@ static void update_active_cert() {
|
||||
|
||||
free(activeCert);
|
||||
activeCert = NULL;
|
||||
-
|
||||
+
|
||||
curl = curl_easy_init();
|
||||
- if (!curl)
|
||||
+ if (!curl) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "update_active_cert(): curl_easy_init() failed\n");
|
||||
return;
|
||||
+ }
|
||||
|
||||
certurl = alloca(urlsize);
|
||||
- if (!certurl)
|
||||
- return;
|
||||
+ if (!certurl) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "update_active_cert(): alloca() failed\n");
|
||||
+ goto out_curl;
|
||||
+ }
|
||||
strcpy(certurl, NIST_CERT_BASE_URL);
|
||||
certurl = strcat(certurl, block.certificateIdString);
|
||||
- curl_easy_setopt(curl, CURLOPT_URL, certurl);
|
||||
- curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, copy_nist_certificate);
|
||||
+
|
||||
+ res = curl_easy_setopt(curl, CURLOPT_URL, certurl);
|
||||
+ if (res != CURLE_OK) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "update_active_cert(): curl_easy_setopt(URL) failed: %s\n",
|
||||
+ curl_easy_strerror(res));
|
||||
+ goto out_curl;
|
||||
+ }
|
||||
+ res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, copy_nist_certificate);
|
||||
+ if (res != CURLE_OK) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "update_active_cert(): curl_easy_setopt(WRITEFUNC) failed: %s\n",
|
||||
+ curl_easy_strerror(res));
|
||||
+ goto out_curl;
|
||||
+ }
|
||||
|
||||
res = curl_easy_perform(curl);
|
||||
- if (res != CURLE_OK) {
|
||||
- fprintf(stderr, "curl_easy_perform() failed in cert update: %s\n",
|
||||
- curl_easy_strerror(res));
|
||||
- }
|
||||
+ if (res != CURLE_OK) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "update_active_cert(): curl_easy_perform() failed: %s\n",
|
||||
+ curl_easy_strerror(res));
|
||||
+ }
|
||||
+
|
||||
+out_curl:
|
||||
curl_easy_cleanup(curl);
|
||||
return;
|
||||
}
|
||||
@@ -603,42 +622,62 @@ static int get_nist_record(struct rng *ent_src)
|
||||
int rc = 1;
|
||||
|
||||
curl = curl_easy_init();
|
||||
-
|
||||
- if (!curl)
|
||||
+ if (!curl) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "get_nist_record(): curl_easy_init() failed\n");
|
||||
goto out;
|
||||
+ }
|
||||
|
||||
- curl_easy_setopt(curl, CURLOPT_URL, NIST_RECORD_URL);
|
||||
- curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, parse_nist_json_block);
|
||||
- curl_easy_setopt(curl, CURLOPT_WRITEDATA, ent_src);
|
||||
+ res = curl_easy_setopt(curl, CURLOPT_URL, NIST_RECORD_URL);
|
||||
+ if (res != CURLE_OK) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "get_nist_record(): curl_easy_setopt(URL) failed: %s\n",
|
||||
+ curl_easy_strerror(res));
|
||||
+ goto out_curl;
|
||||
+ }
|
||||
+ res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, parse_nist_json_block);
|
||||
+ if (res != CURLE_OK) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "get_nist_record(): curl_easy_setopt(WRITEFUNC) failed: %s\n",
|
||||
+ curl_easy_strerror(res));
|
||||
+ goto out_curl;
|
||||
+ }
|
||||
+ res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, ent_src);
|
||||
+ if (res != CURLE_OK) {
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "get_nist_record(): curl_easy_setopt(WRITEDATA) failed: %s\n",
|
||||
+ curl_easy_strerror(res));
|
||||
+ goto out_curl;
|
||||
+ }
|
||||
|
||||
+ /* parse_nist_json_block() runs here as a callback */
|
||||
res = curl_easy_perform(curl);
|
||||
if (res != CURLE_OK) {
|
||||
- fprintf(stderr, "curl_easy_perform() failed: %s\n",
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
|
||||
+ "get_nist_record(): curl_easy_perform() failed: %s\n",
|
||||
curl_easy_strerror(res));
|
||||
- goto out;
|
||||
+ goto out_curl;
|
||||
}
|
||||
|
||||
- curl_easy_cleanup(curl);
|
||||
-
|
||||
lastpulse = block.pulseIndex;
|
||||
|
||||
if (!activeCertId || memcmp(activeCertId, block.certificateId, be32toh(block.certificateIdLen))) {
|
||||
free(activeCertId);
|
||||
activeCertId = strndup(block.certificateId, be32toh(block.certificateIdLen));
|
||||
- update_active_cert();
|
||||
+ update_active_cert(ent_src);
|
||||
}
|
||||
|
||||
if (validate_nist_block(ent_src)) {
|
||||
- message_entsrc(ent_src,LOG_DAEMON|LOG_ERR, "Received block failed validation\n");
|
||||
- goto out;
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_ERR, "Received block failed validation\n");
|
||||
+ goto out_curl;
|
||||
}
|
||||
|
||||
-
|
||||
rc = 0;
|
||||
|
||||
+out_curl:
|
||||
+ curl_easy_cleanup(curl);
|
||||
out:
|
||||
return rc;
|
||||
-
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -1,224 +0,0 @@
|
||||
From dbb1a83124140c83bc32c1af58bb22bcbfb86ab3 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Fri, 18 Jun 2021 17:16:13 +0200
|
||||
Subject: Rewrite init_kernel_rng() to ensure proper logging
|
||||
|
||||
We want to log errors in default_watermark(), so actually we should not
|
||||
call it before logging is initialized, i.e. before processing command
|
||||
line switches and setting am_daemon. With that, default_watermark() is
|
||||
less needed. Adjust the code by merging it into init_kernel_rng() which
|
||||
is called exactly after logging is initialized and "-l" case is handled.
|
||||
|
||||
Also use LOG_DEBUG priority for informational messages about entropy pool.
|
||||
Initialize arguments->fill_watermark with -1 so we can distinguish cases
|
||||
when watermark was or was not set by a command line switch.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
rngd.c | 14 +++++---------
|
||||
rngd_linux.c | 54 +++++++++++++++++++++++++++-------------------------
|
||||
rngd_linux.h | 4 ----
|
||||
3 files changed, 33 insertions(+), 39 deletions(-)
|
||||
|
||||
diff --git a/rngd.c b/rngd.c
|
||||
index e85e723..a358fc7 100644
|
||||
--- a/rngd.c
|
||||
+++ b/rngd.c
|
||||
@@ -62,7 +62,7 @@
|
||||
int kent_pool_size;
|
||||
|
||||
/* Background/daemon mode */
|
||||
-bool am_daemon; /* True if we went daemon */
|
||||
+bool am_daemon = false; /* True if we went daemon */
|
||||
bool msg_squash = false; /* True if we want no messages on the console */
|
||||
bool quiet = false; /* True if we want no console output at all */
|
||||
volatile bool server_running = true; /* set to false, to stop daemon */
|
||||
@@ -132,6 +132,7 @@ static struct arguments default_arguments = {
|
||||
.random_name = "/dev/random",
|
||||
.pid_file = "/var/run/rngd.pid",
|
||||
.random_step = 64,
|
||||
+ .fill_watermark = -1,
|
||||
.daemon = true,
|
||||
.test = false,
|
||||
.list = false,
|
||||
@@ -845,9 +846,6 @@ int main(int argc, char **argv)
|
||||
|
||||
openlog("rngd", 0, LOG_DAEMON);
|
||||
|
||||
- /* Get the default watermark level for this platform */
|
||||
- arguments->fill_watermark = default_watermark();
|
||||
-
|
||||
/* Parsing of commandline parameters */
|
||||
if (argp_parse(&argp, argc, argv, 0, 0, arguments) < 0)
|
||||
return 1;
|
||||
@@ -865,13 +863,12 @@ int main(int argc, char **argv)
|
||||
pid_fd = write_pid_file(arguments->pid_file);
|
||||
if (pid_fd < 0)
|
||||
return 1;
|
||||
-
|
||||
}
|
||||
|
||||
if (arguments->list) {
|
||||
int found = 0;
|
||||
message(LOG_CONS|LOG_INFO, "Entropy sources that are available but disabled\n");
|
||||
- for (i=0; i < ENT_MAX; i++)
|
||||
+ for (i=0; i < ENT_MAX; i++)
|
||||
if (entropy_sources[i].init && entropy_sources[i].disabled == true) {
|
||||
found = 1;
|
||||
message(LOG_CONS|LOG_INFO, "%d: %s (%s)\n", i,
|
||||
@@ -885,7 +882,6 @@ int main(int argc, char **argv)
|
||||
message(LOG_DAEMON|LOG_INFO, "Initializing available sources\n");
|
||||
|
||||
/* Init entropy sources */
|
||||
-
|
||||
for (i=0; i < ENT_MAX; i++) {
|
||||
ent_src = &entropy_sources[i];
|
||||
if (ent_src->init && ent_src->disabled == false) {
|
||||
@@ -907,14 +903,14 @@ int main(int argc, char **argv)
|
||||
int rc = 1;
|
||||
msg_squash = false;
|
||||
message(LOG_CONS|LOG_INFO, "Available and enabled entropy sources:\n");
|
||||
- for (i=0; i < ENT_MAX; i++)
|
||||
+ for (i=0; i < ENT_MAX; i++)
|
||||
if (entropy_sources[i].init && entropy_sources[i].disabled == false) {
|
||||
rc = 1;
|
||||
message(LOG_CONS|LOG_INFO, "%d: %s (%s)\n", i,
|
||||
entropy_sources[i].rng_name, entropy_sources[i].rng_sname);
|
||||
}
|
||||
message(LOG_CONS|LOG_INFO, "Available entropy sources that failed initalization:\n");
|
||||
- for (i=0; i < ENT_MAX; i++)
|
||||
+ for (i=0; i < ENT_MAX; i++)
|
||||
if (entropy_sources[i].init && entropy_sources[i].disabled == true && entropy_sources[i].failed_init == true) {
|
||||
rc = 1;
|
||||
message(LOG_CONS|LOG_INFO, "%d: %s (%s)\n", i,
|
||||
diff --git a/rngd_linux.c b/rngd_linux.c
|
||||
index c52c62d..873723c 100644
|
||||
--- a/rngd_linux.c
|
||||
+++ b/rngd_linux.c
|
||||
@@ -54,20 +54,26 @@ static int random_fd;
|
||||
extern int kent_pool_size;
|
||||
|
||||
/*
|
||||
- * Get the default watermark
|
||||
+ * Initialize the interface to the Linux Kernel
|
||||
+ * entropy pool (through /dev/random)
|
||||
+ *
|
||||
+ * randomdev is the path to the random device
|
||||
*/
|
||||
|
||||
#define DEFAULT_WATERMARK_GUESS 4096
|
||||
|
||||
-int default_watermark(void)
|
||||
+void init_kernel_rng(const char* randomdev)
|
||||
{
|
||||
FILE *f;
|
||||
+ int err;
|
||||
unsigned int wm;
|
||||
|
||||
+ /* Try to open and read poolsize sysfs file */
|
||||
f = fopen("/proc/sys/kernel/random/poolsize", "r");
|
||||
if (!f) {
|
||||
wm = DEFAULT_WATERMARK_GUESS;
|
||||
- message(LOG_DAEMON|LOG_ERR, "can't open /proc/sys/kernel/random/poolsize: %s",
|
||||
+ message(LOG_DAEMON|LOG_WARNING,
|
||||
+ "can't open /proc/sys/kernel/random/poolsize: %s\n",
|
||||
strerror(errno));
|
||||
goto err;
|
||||
}
|
||||
@@ -75,42 +81,36 @@ int default_watermark(void)
|
||||
/* Use DEFAULT_WATERMARK_GUESS if fscanf fails */
|
||||
if(fscanf(f,"%u", &wm) < 1) {
|
||||
wm = DEFAULT_WATERMARK_GUESS;
|
||||
- message(LOG_DAEMON|LOG_ERR, "can't read /proc/sys/kernel/random/poolsize: %s",
|
||||
+ message(LOG_DAEMON|LOG_WARNING,
|
||||
+ "can't read /proc/sys/kernel/random/poolsize: %s\n",
|
||||
strerror(errno));
|
||||
}
|
||||
+ fclose(f);
|
||||
|
||||
err:
|
||||
+ /* Set the fill_watermark to wm if it was not set on a command line */
|
||||
kent_pool_size = wm;
|
||||
wm = wm*3/4;
|
||||
- message(LOG_DAEMON|LOG_ERR, "kernel entropy pool size: %d pool watermark: %d",
|
||||
- kent_pool_size, wm);
|
||||
-
|
||||
- if (f)
|
||||
- fclose(f);
|
||||
- return wm;
|
||||
-}
|
||||
-
|
||||
-/*
|
||||
- * Initialize the interface to the Linux Kernel
|
||||
- * entropy pool (through /dev/random)
|
||||
- *
|
||||
- * randomdev is the path to the random device
|
||||
- */
|
||||
-void init_kernel_rng(const char* randomdev)
|
||||
-{
|
||||
- FILE *f;
|
||||
- int err;
|
||||
+ if (arguments->fill_watermark == -1)
|
||||
+ arguments->fill_watermark = wm;
|
||||
|
||||
+ /* Try to open randomdev file for writing */
|
||||
random_fd = open(randomdev, O_RDWR);
|
||||
if (random_fd == -1) {
|
||||
message(LOG_DAEMON|LOG_ERR, "can't open %s: %s",
|
||||
randomdev, strerror(errno));
|
||||
exit(EXIT_USAGE);
|
||||
}
|
||||
+
|
||||
/* Don't set the watermark if the watermark is zero */
|
||||
- if (!arguments->fill_watermark)
|
||||
+ if (!arguments->fill_watermark) {
|
||||
+ message(LOG_DAEMON|LOG_DEBUG,
|
||||
+ "Kernel entropy pool size %d, pool watermark is not set\n",
|
||||
+ kent_pool_size);
|
||||
return;
|
||||
+ }
|
||||
|
||||
+ /* Actually set entropy pool watermark */
|
||||
f = fopen("/proc/sys/kernel/random/write_wakeup_threshold", "w");
|
||||
if (!f) {
|
||||
err = 1;
|
||||
@@ -119,12 +119,14 @@ void init_kernel_rng(const char* randomdev)
|
||||
/* Note | not || here... we always want to close the file */
|
||||
err = ferror(f) | fclose(f);
|
||||
}
|
||||
- if (err) {
|
||||
+ if (err)
|
||||
message(LOG_DAEMON|LOG_WARNING,
|
||||
"unable to adjust write_wakeup_threshold: %s\n",
|
||||
strerror(errno));
|
||||
- }
|
||||
-
|
||||
+ else
|
||||
+ message(LOG_DAEMON|LOG_DEBUG,
|
||||
+ "Kernel entropy pool size %d, pool watermark %d\n",
|
||||
+ kent_pool_size, arguments->fill_watermark);
|
||||
}
|
||||
|
||||
struct entropy {
|
||||
diff --git a/rngd_linux.h b/rngd_linux.h
|
||||
index 4cb2a4a..a485383 100644
|
||||
--- a/rngd_linux.h
|
||||
+++ b/rngd_linux.h
|
||||
@@ -26,9 +26,6 @@
|
||||
#include <unistd.h>
|
||||
#include <stdint.h>
|
||||
|
||||
-/* The default watermark level for this platform */
|
||||
-extern int default_watermark(void);
|
||||
-
|
||||
/*
|
||||
* Initialize the interface to the Linux Kernel
|
||||
* entropy pool (through /dev/random)
|
||||
@@ -44,4 +41,3 @@ extern int random_add_entropy(void *buf, size_t size);
|
||||
extern void random_sleep(void);
|
||||
|
||||
#endif /* RNGD_LINUX__H */
|
||||
-
|
||||
--
|
||||
2.26.3
|
||||
|
||||
@ -10,8 +10,8 @@
|
||||
|
||||
Summary: Random number generator related utilities
|
||||
Name: rng-tools
|
||||
Version: 6.13
|
||||
Release: 2%{?dist}
|
||||
Version: 6.13.git.d207e0b6
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
URL: https://github.com/nhorman/rng-tools
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
@ -36,15 +36,7 @@ Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
|
||||
Patch1: 0001-Use-AM_PROG_AR-over-AC_CHECK_TOOLS.patch
|
||||
Patch2: 0002-AC_CANONICAL_TARGET-AC_CANONICAL_HOST.patch
|
||||
Patch3: 0003-Fix-logic-in-ossl_aes_random_key.patch
|
||||
Patch4: 0004-Fix-a-read-returning-zero-case-in-init_entropy_sourc.patch
|
||||
Patch5: 0005-Fix-minor-possibilities-of-using-a-NULL-pointer.patch
|
||||
Patch6: 0006-Small-bug-and-warning-fixes-per-covscan-report.patch
|
||||
Patch7: 0007-Fix-a-minor-memory-leak-in-rngd_jitter.c.patch
|
||||
Patch8: 0008-Brush-up-rngd_nistbeacon.c.patch
|
||||
Patch9: 0009-Rewrite-init_kernel_rng.patch
|
||||
Patch0: rngd-jitter-var-i.patch
|
||||
|
||||
%description
|
||||
Hardware random number generation tools.
|
||||
@ -82,7 +74,7 @@ install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||
%files
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%doc AUTHORS NEWS README
|
||||
%doc AUTHORS README
|
||||
%{_bindir}/rngtest
|
||||
%{_sbindir}/rngd
|
||||
%{_mandir}/man1/rngtest.1.*
|
||||
@ -90,6 +82,17 @@ install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||
|
||||
%changelog
|
||||
* Tue Jul 06 2021 Vladis Dronov <vdronov@redhat.com> - 6.13.git.d207e0b6-1
|
||||
- Update to the upstream v6.13 + tip of origin/master + onecpu
|
||||
branch + revert of 2ce93190
|
||||
- Rebuild rng-tools against the latest jitterentropy library
|
||||
3.0.2.git.d18d5863 with fixes for an important issue:
|
||||
https://github.com/nhorman/rng-tools/pull/123
|
||||
https://github.com/smuellerDD/jitterentropy-library/issues/37
|
||||
- Add important upstream fixes for the one CPU case (bz 1974132)
|
||||
- Revert introducing a new but mostly useless randstat binary
|
||||
- A couple of minor code and test fixes
|
||||
|
||||
* Fri Jun 18 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-2
|
||||
- Rewrite init_kernel_rng() to ensure proper logging
|
||||
- Adjust Source0 to a more proper one
|
||||
@ -120,7 +123,7 @@ install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 6.11-2
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
See https://pagure.io/fesco/issue/2583
|
||||
|
||||
* Fri Jan 29 2021 Dan Horák <dan[at]danny.cz> - 6.11-1
|
||||
- Update to 6.11
|
||||
|
||||
74
rngd-jitter-var-i.patch
Normal file
74
rngd-jitter-var-i.patch
Normal file
@ -0,0 +1,74 @@
|
||||
--- rngd_jitter.c.orig 2021-07-06 20:41:50.098688096 +0000
|
||||
+++ rngd_jitter.c 2021-07-06 20:46:17.598182912 +0000
|
||||
@@ -46,7 +46,7 @@ static int rngd_notime_start(void *ctx,
|
||||
{
|
||||
struct jent_notime_ctx *thread_ctx = (struct jent_notime_ctx *)ctx;
|
||||
int ret;
|
||||
- int i;
|
||||
+ long i;
|
||||
cpu_set_t *cpus;
|
||||
size_t cpusize;
|
||||
|
||||
@@ -64,8 +64,8 @@ static int rngd_notime_start(void *ctx,
|
||||
cpus = CPU_ALLOC(i);
|
||||
cpusize = CPU_ALLOC_SIZE(i);
|
||||
CPU_ZERO_S(cpusize, cpus);
|
||||
- for(i=i-1;i>=0;i--) {
|
||||
- CPU_SET(i,cpus);
|
||||
+ for(i=i-1; i>=0; i--) {
|
||||
+ CPU_SET(i, cpus);
|
||||
}
|
||||
pthread_attr_setaffinity_np(&thread_ctx->notime_pthread_attr, cpusize, cpus);
|
||||
|
||||
@@ -88,10 +88,9 @@ static void rngd_notime_stop(void *ctx)
|
||||
|
||||
static int rngd_notime_init(void **ctx)
|
||||
{
|
||||
-
|
||||
// Don't allow for software thread if there is only a single cpu
|
||||
- i = sysconf(_SC_NPROCESSORS_ONLN);
|
||||
- if (i = 1)
|
||||
+ long i = sysconf(_SC_NPROCESSORS_ONLN);
|
||||
+ if (i == 1)
|
||||
return -ENOSYS;
|
||||
using_soft_timer = true;
|
||||
return jent_notime_init(ctx);
|
||||
@@ -367,7 +366,7 @@ int init_jitter_entropy_source(struct rn
|
||||
{
|
||||
cpu_set_t *cpus;
|
||||
size_t cpusize;
|
||||
- int i;
|
||||
+ long i;
|
||||
int size;
|
||||
int flags;
|
||||
int entflags = 0;
|
||||
@@ -391,7 +390,7 @@ int init_jitter_entropy_source(struct rn
|
||||
#endif
|
||||
|
||||
ret = jent_entropy_init();
|
||||
- if(ret) {
|
||||
+ if (ret) {
|
||||
message_entsrc(ent_src,LOG_DAEMON|LOG_WARNING, "JITTER rng fails with code %d\n", ret);
|
||||
return 1;
|
||||
}
|
||||
@@ -412,7 +411,7 @@ int init_jitter_entropy_source(struct rn
|
||||
CPU_ZERO_S(cpusize, cpus);
|
||||
if (sched_getaffinity(0, cpusize, cpus) < 0) {
|
||||
message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "Can not determine affinity of process, defaulting to 1 thread\n");
|
||||
- CPU_SET(0,cpus);
|
||||
+ CPU_SET(0, cpus);
|
||||
}
|
||||
|
||||
num_threads = CPU_COUNT_S(cpusize, cpus);
|
||||
@@ -467,9 +466,9 @@ int init_jitter_entropy_source(struct rn
|
||||
pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx);
|
||||
if (tdata[i].done == 1)
|
||||
/* we failed during startup */
|
||||
- message_entsrc(ent_src, LOG_DAEMON|LOG_DEBUG, "CPU thread %d failed\n", i);
|
||||
+ message_entsrc(ent_src, LOG_DAEMON|LOG_DEBUG, "CPU thread %ld failed\n", i);
|
||||
else
|
||||
- message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i);
|
||||
+ message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "CPU Thread %ld is ready\n", i);
|
||||
pthread_mutex_unlock(&tdata[i].statemtx);
|
||||
if (using_soft_timer == true) {
|
||||
num_threads = 1;
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (rng-tools-6.13.tar.gz) = def5f2dcdd1771e8fe5af9476de866ff89a225065416672165af6019cbb166f874fae936b3705221aa47dc13ae99fa63d054d7d49b612f3151cd922a0a129490
|
||||
SHA512 (rng-tools-6.13.git.d207e0b6.tar.gz) = 56737b26ecbf7fa14c2c80b52b707c3f77016981f9167ac7ea7a9331bd7cba7b8168875aa2bc637575340939ca06ae295cce93aa9a76213e98a7a1132fa87f0e
|
||||
|
||||
Loading…
Reference in New Issue
Block a user