rpms/rng-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import rng-tools-6.13-1.git.d207e0b6.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-11-09 05:06:24 -05:00 committed by Stepan Oksanichenko
parent 3a7a2cb26b
commit 8d8404b277
15 changed files with 225 additions and 485 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/jitterentropy-library-2.1.2.tar.gz
SOURCES/rng-tools-6.8.tar.gz
SOURCES/jitterentropy-library-3.0.2.tar.gz
SOURCES/rng-tools-6.13.tar.gz

4
.rng-tools.metadata
View File

@ -1,2 +1,2 @@
2fed101132b55f9d5008ed22fde54ef9e4cfc75d SOURCES/jitterentropy-library-2.1.2.tar.gz
25a20dfc818f3d95d3c63145feb7c102c1572540 SOURCES/rng-tools-6.8.tar.gz
4515a148eb1bec043c12135b867afd47cd512fe7 SOURCES/jitterentropy-library-3.0.2.tar.gz
378735271b930a745c97b92be8dd61eefc0d79bc SOURCES/rng-tools-6.13.tar.gz

56
SOURCES/1-je-rh-makefile.patch Normal file
View File

@ -0,0 +1,56 @@
diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
+++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
@@ -3,7 +3,7 @@
CC ?= gcc
#Hardening
CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
-CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
+CFLAGS +=-Wp,-U_FORTIFY_SOURCE -Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
GCCVERSIONFORMAT := $(shell echo `$(CC) -dumpversion | sed 's/\./\n/g' | wc -l`)
@@ -28,7 +28,7 @@ LIBDIR := lib
INCDIR := include
SRCDIR := src
-INSTALL_STRIP ?= install -s
+INSTALL ?= install
NAME := jitterentropy
LIBMAJOR=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}')
@@ -73,25 +73,25 @@ cppcheck:
install: install-man install-shared install-includes
install-man:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
+ $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
install-shared:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
+ $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
$(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
install-includes:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
+ $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
+ $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
install-static:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- install -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
+ $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
clean:
@- $(RM) $(NAME)

33
SOURCES/2-je-remove-install.patch Normal file
View File

@ -0,0 +1,33 @@
diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
+++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
@@ -70,29 +70,6 @@ scan: $(analyze_plists)
cppcheck:
cppcheck --force -q --enable=performance --enable=warning --enable=portability *.h *.c
-install: install-man install-shared install-includes
-
-install-man:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
- gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-
-install-shared:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-
-install-includes:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
- $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
-
-install-static:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
-
clean:
@- $(RM) $(NAME)
@- $(RM) $(OBJS)

54
SOURCES/3-rt-use-jitter-static.patch Normal file
View File

@ -0,0 +1,54 @@
diff -up ./Makefile.am.orig ./Makefile.am
--- ./Makefile.am 2021-07-03 22:22:27.000000000 +0200
+++ ./Makefile.am 2021-08-06 12:18:48.498612099 +0200
@@ -1,7 +1,7 @@
##
## Toplevel Makefile.am for rng-tools
##
-SUBDIRS = contrib tests
+SUBDIRS = contrib tests jitterentropy-library
sbin_PROGRAMS = rngd
bin_PROGRAMS = rngtest
@@ -14,7 +14,7 @@ rngd_SOURCES = rngd.h rngd.c rngd_entsou
if NISTBEACON
rngd_SOURCES += rngd_nistbeacon.c
endif
-
+
if RDRAND
rngd_SOURCES += rngd_rdrand.c rdrand_asm.S
endif
@@ -27,29 +27,16 @@ if RNDR
rngd_SOURCES += rngd_rndr.c
endif
-if JITTER
rngd_SOURCES += rngd_jitter.c
-endif
-
-if RTLSDR
-rngd_SOURCES += rngd_rtlsdr.c
-endif
-rngd_LDADD = librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
+rngd_LDADD = librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
-if PKCS11
-rngd_SOURCES += rngd_pkcs11.c
-pkcs11_ENGINE = -DDEFAULT_PKCS11_ENGINE=\"$(PKCS11_ENGINE)\"
-endif
-
-rngd_CFLAGS = ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
-rngd_LDFLAGS = $(PTHREAD_CFLAGS)
+rngd_CFLAGS = ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
+rngd_LDFLAGS = $(PTHREAD_CFLAGS)
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
rngtest_LDADD = librngd.a
librngd_a_SOURCES = fips.h fips.c
-
EXTRA_DIST = autogen.sh
-

28
SOURCES/4-rt-add-missing-test.patch Normal file
View File

@ -0,0 +1,28 @@
From 800d7c6e23f0a04bd893ee748a74b622657017a9 Mon Sep 17 00:00:00 2001
From: David Seifert <soap@gentoo.org>
Date: Sun, 1 Aug 2021 13:16:16 +0200
Subject: [PATCH] configure.ac: Add missing `test`
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0fe06fc..7c8e327 100644
--- a/configure.ac
+++ b/configure.ac
@@ -68,8 +68,8 @@ AC_PROG_GCC_TRADITIONAL
AX_PTHREAD
-AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || $host_cpu = i686])
-AS_IF([test $host_cpu = x86_64 || $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
+AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || test $host_cpu = i686])
+AS_IF([test $host_cpu = x86_64 || test $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le])
AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
--
2.26.3

60
SOURCES/Add-reserved-option-value-to-not-change-write_wakeup.patch
View File

@ -1,60 +0,0 @@
From 02b720e951160f652b0744f679d57623b81b1d8f Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@tuxdriver.com>
Date: Mon, 2 Dec 2019 11:35:16 -0500
Subject: [PATCH 2/2] Add reserved option value to not change
write_wakeup_threshold
several distributions use a separate single shot service to set the
write_wakeup_threashold, which allows for non-root users to run rngd. This
results in a warning however, when rngd attempts to write the
write_wakeup_threshold. Avoid this by allowing a reserved value, 0 for the
fill-watermark option that causes rngd to just not touch the
write_wakeup_threshold
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
---
rngd.8.in | 4 +++-
rngd_linux.c | 5 ++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/rngd.8.in b/rngd.8.in
index 181f35d..16a359a 100644
--- a/rngd.8.in
+++ b/rngd.8.in
@@ -106,7 +106,9 @@ if the entropy pool size couldn't be determined.
Setting this too high will cause \fIrngd\fR to dominate the contents of the
entropy pool. Low values will hurt system performance during entropy
starves. Do not set \fIfill-watermark\fR above the size of the
-entropy pool (usually 4096 bits).
+entropy pool (usually 4096 bits). A value of 0 to this option will cause no
+watermark to be set.
+
.TP
\fB\-q\fR, \fB\-\-quiet\fR
Suppress all messages
diff --git a/rngd_linux.c b/rngd_linux.c
index 51c38ac..9e60088 100644
--- a/rngd_linux.c
+++ b/rngd_linux.c
@@ -94,6 +94,9 @@ void init_kernel_rng(const char* randomdev)
randomdev, strerror(errno));
exit(EXIT_USAGE);
}
+ /* Don't set the watermark if the watermark is zero */
+ if (!arguments->fill_watermark)
+ return;
f = fopen("/proc/sys/kernel/random/write_wakeup_threshold", "w");
if (!f) {
@@ -105,7 +108,7 @@ void init_kernel_rng(const char* randomdev)
}
if (err) {
message(LOG_DAEMON|LOG_WARNING,
- "unable to adjust write_wakeup_threshold: %s",
+ "unable to adjust write_wakeup_threshold: %s\n",
strerror(errno));
}
--
2.21.0

21
SOURCES/Fix-message-log-on-error-in-thread_entropy_task.patch
View File

@ -1,21 +0,0 @@
diff -up ./rngd_jitter.c.message ./rngd_jitter.c
--- ./rngd_jitter.c.message 2019-12-02 11:41:40.456723553 -0500
+++ ./rngd_jitter.c 2019-12-02 11:43:09.331427470 -0500
@@ -302,15 +302,11 @@ static void *thread_entropy_task(void *d
while(written != me->buf_sz) {
message(LOG_DAEMON|LOG_DEBUG, "Writing to pipe\n");
ret = write(me->pipe_fd, &tmpbuf[written], me->buf_sz - written);
+ if ((ret < 0) && (errno != EBADF))
+ message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
if (first)
me->active = 1;
- /*
- * suppress EBADF errors, as those indicate the pipe is
- * closed and we are exiting
- */
- if ((ret < 0) && (errno != EBADF))
- message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
if (!first && !me->active)
break;
first = 0;

29
SOURCES/jitter-rdtsc.patch
View File

@ -1,29 +0,0 @@
diff -up ./jitterentropy-library/jitterentropy.h.rdtsc ./jitterentropy-library/jitterentropy.h
--- ./jitterentropy-library/jitterentropy.h.rdtsc 2018-09-06 15:01:40.000000000 -0400
+++ ./jitterentropy-library/jitterentropy.h 2020-02-18 12:47:10.465684582 -0500
@@ -44,8 +44,12 @@
#ifdef __KERNEL__
#include "jitterentropy-base-kernel.h"
+#else /* __KERNEL__ */
+#ifdef __x86_64__
+#include "arch/jitterentropy-base-x86.h"
#else
#include "jitterentropy-base-user.h"
+#endif /* __x86_64__ */
#endif /* __KERNEL__ */
/* The entropy pool */
diff -up ./rngd_jitter.c.rdtsc ./rngd_jitter.c
--- ./rngd_jitter.c.rdtsc 2020-02-18 12:47:22.490646896 -0500
+++ ./rngd_jitter.c 2020-02-18 12:46:40.650778022 -0500
@@ -27,6 +27,9 @@
#include <unistd.h>
#include <signal.h>
#include <setjmp.h>
+#include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
#include "rng-tools-config.h"
#include <jitterentropy.h>

118
SOURCES/jitter-setjmp.patch
View File

@ -1,118 +0,0 @@
commit 3e47faae108df4824531bf9c003cc1c65b7b2842
Author: Neil Horman <nhorman@tuxdriver.com>
Date: Fri Jun 7 08:51:02 2019 -0400
Allow jitter threads to exit faster
Even with the recent pipe adjustments, it can take a long time for
jitterentropy to exit. This is because the call to jent_read_entropy
can take a long time to complete, and termination signal delivery won't
cause it to return early, like a syscall.
Mitigate this by using sigsetjmp/siglongjmp. We set a return point at
the top of the loop for each thread, and register a signal handler to
execute a siglongjmp back to that point so that we can recheck the
active flag and break the loop as soon as a signal is delivered.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
diff --git a/rngd_jitter.c b/rngd_jitter.c
index 54070ae..7f01ee9 100644
--- a/rngd_jitter.c
+++ b/rngd_jitter.c
@@ -26,6 +26,7 @@
#include <time.h>
#include <unistd.h>
#include <signal.h>
+#include <setjmp.h>
#include "rng-tools-config.h"
#include <jitterentropy.h>
@@ -48,6 +49,7 @@ struct thread_data {
int active;
int done;
struct timespec slptm;
+ sigjmp_buf jmpbuf;
};
static struct thread_data *tdata;
@@ -228,6 +230,16 @@ static inline void update_sleep_time(struct thread_data *me,
me->slptm.tv_nsec /= 2;
}
+void jitter_thread_exit_signal(int signum)
+{
+ pthread_t self = pthread_self();
+ int i;
+ for(i=0;i<num_threads;i++) {
+ if (threads[i] == self)
+ siglongjmp(tdata[i].jmpbuf, 1);
+ }
+}
+
static void *thread_entropy_task(void *data)
{
cpu_set_t cpuset;
@@ -263,6 +275,13 @@ static void *thread_entropy_task(void *data)
goto out;
}
+ /*
+ * Use setjmp here to allow us to return early from
+ * jent_read_entropy, as it can run for a long time
+ */
+ if (sigsetjmp(me->jmpbuf, 1))
+ goto out_interrupt;
+
/* Now go to sleep until there is more work to do */
do {
message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id);
@@ -286,7 +305,11 @@ static void *thread_entropy_task(void *data)
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
if (first)
me->active = 1;
- if (ret < 0)
+ /*
+ * suppress EBADF errors, as those indicate the pipe is
+ * closed and we are exiting
+ */
+ if ((ret < 0) && (errno != EBADF))
message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
if (!first && !me->active)
break;
@@ -296,6 +319,7 @@ static void *thread_entropy_task(void *data)
} while (me->active);
+out_interrupt:
free(tmpbuf);
out:
me->done = 1;
@@ -335,6 +359,7 @@ int validate_jitter_options(struct rng *ent_src)
return 0;
}
+
/*
* Init JITTER
*/
@@ -349,6 +374,9 @@ int init_jitter_entropy_source(struct rng *ent_src)
#ifdef HAVE_LIBGCRYPT
char key[AES_BLOCK];
#endif
+
+ signal(SIGUSR1, jitter_thread_exit_signal);
+
int ret = jent_entropy_init();
if(ret) {
message(LOG_DAEMON|LOG_WARNING, "JITTER rng fails with code %d\n", ret);
@@ -474,8 +502,8 @@ void close_jitter_entropy_source(struct rng *ent_src)
/* And wait for completion of each thread */
for (i=0; i < num_threads; i++) {
message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
+ pthread_kill(threads[i], SIGUSR1);
while (!tdata[i].done)
- pthread_kill(threads[i], SIGINT);
if(tdata[i].done) {
message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
pthread_join(threads[i], NULL);

161
SOURCES/jitter-use-proper-state-locking.patch
View File

@ -1,161 +0,0 @@
From: Neil Horman <nhorman@tuxdriver.com>
Date: Tue, 10 Dec 2019 09:57:36 -0500
Subject: Move jitter to use proper state locking/thread signaling
The existing state communication between the main process and jitter threads was
pretty rickety, leading to lots of potential races. Replace it with proper
thread mutex locking and condition signaling. This will improve our ability to
properly shutdown the jitterentropy threads
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
rngd_jitter.c | 70 ++++++++++++++++++++++++++++++---------------------
1 file changed, 41 insertions(+), 29 deletions(-)
diff --git a/rngd_jitter.c b/rngd_jitter.c
index d0b12a4..32bac53 100644
--- a/rngd_jitter.c
+++ b/rngd_jitter.c
@@ -49,7 +49,10 @@ struct thread_data {
struct rand_data *ec;
size_t buf_sz;
int slpmode;
- int active;
+ /* mutex/condition to guard done variable */
+ pthread_cond_t statecond;
+ pthread_mutex_t statemtx;
+ /* done states -1 : init, 0 : ready, 1 : complete */
int done;
struct timespec slptm;
sigjmp_buf jmpbuf;
@@ -252,10 +255,8 @@ static void *thread_entropy_task(void *data)
char *tmpbuf;
struct timespec start, end;
int written;
- int first = 1;
/* STARTUP */
- me->done = 0;
/*
* Set our timeout value
* -1 means adaptive, i.e. sleep for the last
@@ -279,14 +280,19 @@ static void *thread_entropy_task(void *data)
}
/*
- * Use setjmp here to allow us to return early from
- * jent_read_entropy, as it can run for a long time
+ * A signal will call siglongjmp and return us here when we exit
*/
if (sigsetjmp(me->jmpbuf, 1))
goto out_interrupt;
+ /* Indicate we are ready */
+ pthread_mutex_lock(&me->statemtx);
+ me->done = 0;
+ pthread_cond_signal(&me->statecond);
+ pthread_mutex_unlock(&me->statemtx);
+
/* Now go to sleep until there is more work to do */
- do {
+ for(;;) {
message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id);
/* We are awake because we need to refil the buffer */
@@ -308,20 +314,18 @@ static void *thread_entropy_task(void *data)
if ((ret < 0) && (errno != EBADF))
message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
- if (first)
- me->active = 1;
- if (!first && !me->active)
- break;
- first = 0;
written += ret;
}
- } while (me->active);
+ }
out_interrupt:
free(tmpbuf);
out:
+ pthread_mutex_lock(&me->statemtx);
me->done = 1;
+ pthread_cond_signal(&me->statecond);
+ pthread_mutex_unlock(&me->statemtx);
pthread_exit(NULL);
}
@@ -434,8 +438,9 @@ int init_jitter_entropy_source(struct rng *ent_src)
core_id++;
tdata[i].core_id = core_id;
tdata[i].pipe_fd = pipefds[1];
- tdata[i].active = 0;
- tdata[i].done = 0;
+ pthread_cond_init(&tdata[i].statecond, NULL);
+ pthread_mutex_init(&tdata[i].statemtx, NULL);
+ tdata[i].done = -1;
core_id++;
tdata[i].buf_sz = ent_src->rng_options[JITTER_OPT_BUF_SZ].int_val;
tdata[i].ec = jent_entropy_collector_alloc(1, 0);
@@ -448,9 +453,16 @@ int init_jitter_entropy_source(struct rng *ent_src)
/* Make sure all our threads are doing their jobs */
for (i=0; i < num_threads; i++) {
- while (tdata[i].active == 0)
- sched_yield();
- message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i);
+ /* wait until the done state transitions from negative to zero or more */
+ pthread_mutex_lock(&tdata[i].statemtx);
+ if (tdata[i].done < 0)
+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx);
+ if (tdata[i].done == 1)
+ /* we failed during startup */
+ message(LOG_DAEMON|LOG_DEBUG, "CPU thread %d failed\n", i);
+ else
+ message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i);
+ pthread_mutex_unlock(&tdata[i].statemtx);
}
flags = fcntl(pipefds[0], F_GETFL, 0);
@@ -492,23 +504,23 @@ void close_jitter_entropy_source(struct rng *ent_src)
char tmpbuf[1024];
int flags;
- /* Flag all the threads so they exit */
- for (i=0; i < num_threads; i++)
- tdata[i].active = 0;
-
+ /* Close the pipes to prevent further writing */
close(pipefds[1]);
/* And wait for completion of each thread */
for (i=0; i < num_threads; i++) {
- message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
+ /* Signal the threads to exit */
pthread_kill(threads[i], SIGUSR1);
- while (!tdata[i].done)
- if(tdata[i].done) {
- message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
- pthread_join(threads[i], NULL);
- jent_entropy_collector_free(tdata[i].ec);
- } else
- sched_yield();
+ /* and wait for them to shutdown */
+ pthread_mutex_lock(&tdata[i].statemtx);
+ if (!tdata[i].done) {
+ message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx);
+ }
+ pthread_mutex_unlock(&tdata[i].statemtx);
+ message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
+ pthread_join(threads[i], NULL);
+ jent_entropy_collector_free(tdata[i].ec);
}
close(pipefds[0]);
--
2.26.3

36
SOURCES/jitterentropy-build-static.patch
View File

@ -1,36 +0,0 @@
diff -up ./Makefile.am.static ./Makefile.am
--- ./Makefile.am.static 2019-11-07 14:20:39.000000000 -0500
+++ ./Makefile.am 2019-11-15 10:08:31.554914291 -0500
@@ -1,7 +1,7 @@
##
## Toplevel Makefile.am for rng-tools
##
-SUBDIRS = contrib tests
+SUBDIRS = contrib tests jitterentropy-library
sbin_PROGRAMS = rngd
bin_PROGRAMS = rngtest
@@ -23,19 +23,17 @@ if DARN
rngd_SOURCES += rngd_darn.c
endif
-if JITTER
rngd_SOURCES += rngd_jitter.c
-endif
-rngd_LDADD = librngd.a -lsysfs $(LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
+rngd_LDADD = librngd.a -lsysfs $(LIBS) jitterentropy-library/libjitterentropy.a ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
+
+rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
+rngd_LDFLAGS = $(PTHREAD_CFLAGS)
if PKCS11
rngd_SOURCES += rngd_pkcs11.c
endif
-rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
-rngd_LDFLAGS = $(PTHREAD_CFLAGS)
-
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
rngtest_LDADD = librngd.a

22
SOURCES/jitterentropy-remove-install.patch
View File

@ -1,22 +0,0 @@
diff -up ./jitterentropy-library/Makefile.remove ./jitterentropy-library/Makefile
--- ./jitterentropy-library/Makefile.remove 2018-11-20 10:34:18.350397594 -0500
+++ ./jitterentropy-library/Makefile 2018-11-20 10:35:27.023144673 -0500
@@ -46,18 +46,6 @@ $(NAME): $(OBJS)
scan: $(OBJS)
scan-build --use-analyzer=/usr/bin/clang $(CC) -shared -Wl,-soname,lib$(NAME).so.$(LIBMAJOR) -o lib$(NAME).so.$(LIBVERSION) $(OBJS) $(LDFLAGS)
-install:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
- gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -s lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-
clean:
@- $(RM) $(NAME)
@- $(RM) $(OBJS)

1
SOURCES/rngd-wake-threshold.service
View File

@ -1,5 +1,6 @@
[Unit]
Description=Hardware RNG Entropy Gatherer Wake threshold service
ConditionVirtualization=!container
Before=rngd.service
[Service]

83
SPECS/rng-tools.spec
View File

@ -2,55 +2,55 @@
Summary: Random number generator related utilities
Name: rng-tools
Version: 6.8
Release: 4%{?dist}
Version: 6.13
Release: 1.git.d207e0b6%{?dist}
Group: System Environment/Base
License: GPLv2+
URL: https://github.com/nhorman/rng-tools
Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: rngd.service
Source2: jitterentropy-library-2.1.2.tar.gz
Source3: rngd-wake-threshold.service
Source4: 60-hwrng.rules
Source2: rngd-wake-threshold.service
Source3: 60-hwrng.rules
Source4: jitterentropy-library-3.0.2.tar.gz
Patch0: jitterentropy-remove-install.patch
Patch1: jitterentropy-build-static.patch
Patch2: jitter-setjmp.patch
Patch3: Fix-message-log-on-error-in-thread_entropy_task.patch
Patch4: Add-reserved-option-value-to-not-change-write_wakeup.patch
Patch5: jitter-rdtsc.patch
Patch6: jitter-use-proper-state-locking.patch
Patch0: 1-je-rh-makefile.patch
Patch1: 2-je-remove-install.patch
Patch2: 3-rt-use-jitter-static.patch
Patch3: 4-rt-add-missing-test.patch
BuildRequires: gcc make
BuildRequires: gettext
BuildRequires: systemd-units
BuildRequires: libgcrypt-devel
#BuildRequires: systemd-units
BuildRequires: systemd systemd-rpm-macros
BuildRequires: autoconf automake
BuildRequires: libsysfs-devel libcurl-devel
BuildRequires: libgcrypt-devel libcurl-devel
BuildRequires: libsysfs-devel jansson-devel
BuildRequires: libxml2-devel openssl-devel
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires: libgcrypt libsysfs
Requires: openssl libxml2 libcurl
#Requires(post): systemd-units
#Requires(preun): systemd-units
#Requires(postun): systemd-units
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires: jansson openssl
%description
Hardware random number generation tools.
This is a random number generator daemon and its tools. It monitors
a set of entropy sources present on a system (like /dev/hwrng, RDRAND,
TPM, jitter) and supplies entropy from them to a kernel entropy pool.
%prep
%setup
tar xvf %{SOURCE2}
mv jitterentropy-library-2.1.2 jitterentropy-library
%setup -q
tar xf %{SOURCE4}
mv jitterentropy-library-3.0.2 jitterentropy-library
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%build
./autogen.sh
%configure --without-pkcs11
%configure --without-pkcs11 --without-rtlsdr
%make_build
%install
@ -58,15 +58,15 @@ mv jitterentropy-library-2.1.2 jitterentropy-library
# install systemd unit file and udev rules
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE3}
install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE4}
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3}
%pre
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
%post
%systemd_post rngd.service rngd-wake-threshold.service
udevadm trigger --sysname-match=hw_random --settle
/usr/bin/systemctl start rngd-wake-threshold.service || :
%preun
%systemd_preun rngd.service rngd-wake-threshold.service
@ -77,7 +77,7 @@ udevadm trigger --sysname-match=hw_random --settle
%files
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc AUTHORS NEWS README
%doc AUTHORS README
%{_bindir}/rngtest
%{_sbindir}/rngd
%{_mandir}/man1/rngtest.1.*
@ -87,8 +87,23 @@ udevadm trigger --sysname-match=hw_random --settle
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
%changelog
* Thu Jul 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-1.git.d207e0b6
- Update to the upstream v6.13 + tip of origin/master + onecpu
branch + revert of 2ce93190
- Rebuild rng-tools against the latest jitterentropy library
3.0.2-2.git.409828cf with fixes for an important issue
- Fix a number of issues (bz 1974103, bz 1980421, bz 1859154)
* Mon Jul 05 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-6
- Adjust rngd-wake-threshold.service and post section so udevadm is not
run in a container (bz 1975554)
* Thu May 27 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-5
- Fix /dev/hwrng permissions issue at boot time (bz 1955522)
* Mon May 24 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-4
- There is no need to hardcode _sbindir anymore, also the old value is incorrect
- There is no need to hardcode _sbindir anymore, also the old value is
incorrect
- Update the rngd.service file
- Fix a busyloop bug (bz 1956248)
- Fix /dev/hwrng permission issue (bz 1955522)