From 8d8404b2772bba053989e35b1ae8f88481f7e773 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 05:06:24 -0500 Subject: [PATCH] import rng-tools-6.13-1.git.d207e0b6.el8 --- .gitignore | 4 +- .rng-tools.metadata | 4 +- SOURCES/1-je-rh-makefile.patch | 56 ++++++ SOURCES/2-je-remove-install.patch | 33 ++++ SOURCES/3-rt-use-jitter-static.patch | 54 ++++++ SOURCES/4-rt-add-missing-test.patch | 28 +++ ...ion-value-to-not-change-write_wakeup.patch | 60 ------- ...-log-on-error-in-thread_entropy_task.patch | 21 --- SOURCES/jitter-rdtsc.patch | 29 ---- SOURCES/jitter-setjmp.patch | 118 ------------- SOURCES/jitter-use-proper-state-locking.patch | 161 ------------------ SOURCES/jitterentropy-build-static.patch | 36 ---- SOURCES/jitterentropy-remove-install.patch | 22 --- SOURCES/rngd-wake-threshold.service | 1 + SPECS/rng-tools.spec | 83 +++++---- 15 files changed, 225 insertions(+), 485 deletions(-) create mode 100644 SOURCES/1-je-rh-makefile.patch create mode 100644 SOURCES/2-je-remove-install.patch create mode 100644 SOURCES/3-rt-use-jitter-static.patch create mode 100644 SOURCES/4-rt-add-missing-test.patch delete mode 100644 SOURCES/Add-reserved-option-value-to-not-change-write_wakeup.patch delete mode 100644 SOURCES/Fix-message-log-on-error-in-thread_entropy_task.patch delete mode 100644 SOURCES/jitter-rdtsc.patch delete mode 100644 SOURCES/jitter-setjmp.patch delete mode 100644 SOURCES/jitter-use-proper-state-locking.patch delete mode 100644 SOURCES/jitterentropy-build-static.patch delete mode 100644 SOURCES/jitterentropy-remove-install.patch diff --git a/.gitignore b/.gitignore index 3cea87c..95189a1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/jitterentropy-library-2.1.2.tar.gz -SOURCES/rng-tools-6.8.tar.gz +SOURCES/jitterentropy-library-3.0.2.tar.gz +SOURCES/rng-tools-6.13.tar.gz diff --git a/.rng-tools.metadata b/.rng-tools.metadata index c0b7098..c0f7896 100644 --- a/.rng-tools.metadata +++ b/.rng-tools.metadata @@ -1,2 +1,2 @@ -2fed101132b55f9d5008ed22fde54ef9e4cfc75d SOURCES/jitterentropy-library-2.1.2.tar.gz -25a20dfc818f3d95d3c63145feb7c102c1572540 SOURCES/rng-tools-6.8.tar.gz +4515a148eb1bec043c12135b867afd47cd512fe7 SOURCES/jitterentropy-library-3.0.2.tar.gz +378735271b930a745c97b92be8dd61eefc0d79bc SOURCES/rng-tools-6.13.tar.gz diff --git a/SOURCES/1-je-rh-makefile.patch b/SOURCES/1-je-rh-makefile.patch new file mode 100644 index 0000000..7560779 --- /dev/null +++ b/SOURCES/1-je-rh-makefile.patch @@ -0,0 +1,56 @@ +diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile +--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200 ++++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200 +@@ -3,7 +3,7 @@ + CC ?= gcc + #Hardening + CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum +-CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion ++CFLAGS +=-Wp,-U_FORTIFY_SOURCE -Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion + LDFLAGS +=-Wl,-z,relro,-z,now -lpthread + + GCCVERSIONFORMAT := $(shell echo `$(CC) -dumpversion | sed 's/\./\n/g' | wc -l`) +@@ -28,7 +28,7 @@ LIBDIR := lib + INCDIR := include + SRCDIR := src + +-INSTALL_STRIP ?= install -s ++INSTALL ?= install + + NAME := jitterentropy + LIBMAJOR=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}') +@@ -73,25 +73,25 @@ cppcheck: + install: install-man install-shared install-includes + + install-man: +- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3 +- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/ ++ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3 ++ $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/ + gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3 + + install-shared: +- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) +- $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/ ++ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) ++ $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/ + $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) + ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) + ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so + + install-includes: +- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR) +- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ +- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ ++ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR) ++ $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ ++ $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ + + install-static: +- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) +- install -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/ ++ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) ++ $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/ + + clean: + @- $(RM) $(NAME) diff --git a/SOURCES/2-je-remove-install.patch b/SOURCES/2-je-remove-install.patch new file mode 100644 index 0000000..9f280b4 --- /dev/null +++ b/SOURCES/2-je-remove-install.patch @@ -0,0 +1,33 @@ +diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile +--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200 ++++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200 +@@ -70,29 +70,6 @@ scan: $(analyze_plists) + cppcheck: + cppcheck --force -q --enable=performance --enable=warning --enable=portability *.h *.c + +-install: install-man install-shared install-includes +- +-install-man: +- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3 +- $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/ +- gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3 +- +-install-shared: +- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) +- $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/ +- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) +- ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) +- ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so +- +-install-includes: +- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR) +- $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ +- $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ +- +-install-static: +- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) +- $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/ +- + clean: + @- $(RM) $(NAME) + @- $(RM) $(OBJS) diff --git a/SOURCES/3-rt-use-jitter-static.patch b/SOURCES/3-rt-use-jitter-static.patch new file mode 100644 index 0000000..7fa6ed4 --- /dev/null +++ b/SOURCES/3-rt-use-jitter-static.patch @@ -0,0 +1,54 @@ +diff -up ./Makefile.am.orig ./Makefile.am +--- ./Makefile.am 2021-07-03 22:22:27.000000000 +0200 ++++ ./Makefile.am 2021-08-06 12:18:48.498612099 +0200 +@@ -1,7 +1,7 @@ + ## + ## Toplevel Makefile.am for rng-tools + ## +-SUBDIRS = contrib tests ++SUBDIRS = contrib tests jitterentropy-library + + sbin_PROGRAMS = rngd + bin_PROGRAMS = rngtest +@@ -14,7 +14,7 @@ rngd_SOURCES = rngd.h rngd.c rngd_entsou + if NISTBEACON + rngd_SOURCES += rngd_nistbeacon.c + endif +- ++ + if RDRAND + rngd_SOURCES += rngd_rdrand.c rdrand_asm.S + endif +@@ -27,29 +27,16 @@ if RNDR + rngd_SOURCES += rngd_rndr.c + endif + +-if JITTER + rngd_SOURCES += rngd_jitter.c +-endif +- +-if RTLSDR +-rngd_SOURCES += rngd_rtlsdr.c +-endif + +-rngd_LDADD = librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS) ++rngd_LDADD = librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS) + +-if PKCS11 +-rngd_SOURCES += rngd_pkcs11.c +-pkcs11_ENGINE = -DDEFAULT_PKCS11_ENGINE=\"$(PKCS11_ENGINE)\" +-endif +- +-rngd_CFLAGS = ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) +-rngd_LDFLAGS = $(PTHREAD_CFLAGS) ++rngd_CFLAGS = ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/ ++rngd_LDFLAGS = $(PTHREAD_CFLAGS) + + rngtest_SOURCES = exits.h stats.h stats.c rngtest.c + rngtest_LDADD = librngd.a + + librngd_a_SOURCES = fips.h fips.c + +- + EXTRA_DIST = autogen.sh +- diff --git a/SOURCES/4-rt-add-missing-test.patch b/SOURCES/4-rt-add-missing-test.patch new file mode 100644 index 0000000..7f15d47 --- /dev/null +++ b/SOURCES/4-rt-add-missing-test.patch @@ -0,0 +1,28 @@ +From 800d7c6e23f0a04bd893ee748a74b622657017a9 Mon Sep 17 00:00:00 2001 +From: David Seifert +Date: Sun, 1 Aug 2021 13:16:16 +0200 +Subject: [PATCH] configure.ac: Add missing `test` + +Signed-off-by: Vladis Dronov +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0fe06fc..7c8e327 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -68,8 +68,8 @@ AC_PROG_GCC_TRADITIONAL + + AX_PTHREAD + +-AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || $host_cpu = i686]) +-AS_IF([test $host_cpu = x86_64 || $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[]) ++AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || test $host_cpu = i686]) ++AS_IF([test $host_cpu = x86_64 || test $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[]) + + AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le]) + AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[]) +-- +2.26.3 + diff --git a/SOURCES/Add-reserved-option-value-to-not-change-write_wakeup.patch b/SOURCES/Add-reserved-option-value-to-not-change-write_wakeup.patch deleted file mode 100644 index 99de056..0000000 --- a/SOURCES/Add-reserved-option-value-to-not-change-write_wakeup.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 02b720e951160f652b0744f679d57623b81b1d8f Mon Sep 17 00:00:00 2001 -From: Neil Horman -Date: Mon, 2 Dec 2019 11:35:16 -0500 -Subject: [PATCH 2/2] Add reserved option value to not change - write_wakeup_threshold - -several distributions use a separate single shot service to set the -write_wakeup_threashold, which allows for non-root users to run rngd. This -results in a warning however, when rngd attempts to write the -write_wakeup_threshold. Avoid this by allowing a reserved value, 0 for the -fill-watermark option that causes rngd to just not touch the -write_wakeup_threshold - -Signed-off-by: Neil Horman ---- - rngd.8.in | 4 +++- - rngd_linux.c | 5 ++++- - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/rngd.8.in b/rngd.8.in -index 181f35d..16a359a 100644 ---- a/rngd.8.in -+++ b/rngd.8.in -@@ -106,7 +106,9 @@ if the entropy pool size couldn't be determined. - Setting this too high will cause \fIrngd\fR to dominate the contents of the - entropy pool. Low values will hurt system performance during entropy - starves. Do not set \fIfill-watermark\fR above the size of the --entropy pool (usually 4096 bits). -+entropy pool (usually 4096 bits). A value of 0 to this option will cause no -+watermark to be set. -+ - .TP - \fB\-q\fR, \fB\-\-quiet\fR - Suppress all messages -diff --git a/rngd_linux.c b/rngd_linux.c -index 51c38ac..9e60088 100644 ---- a/rngd_linux.c -+++ b/rngd_linux.c -@@ -94,6 +94,9 @@ void init_kernel_rng(const char* randomdev) - randomdev, strerror(errno)); - exit(EXIT_USAGE); - } -+ /* Don't set the watermark if the watermark is zero */ -+ if (!arguments->fill_watermark) -+ return; - - f = fopen("/proc/sys/kernel/random/write_wakeup_threshold", "w"); - if (!f) { -@@ -105,7 +108,7 @@ void init_kernel_rng(const char* randomdev) - } - if (err) { - message(LOG_DAEMON|LOG_WARNING, -- "unable to adjust write_wakeup_threshold: %s", -+ "unable to adjust write_wakeup_threshold: %s\n", - strerror(errno)); - } - --- -2.21.0 - diff --git a/SOURCES/Fix-message-log-on-error-in-thread_entropy_task.patch b/SOURCES/Fix-message-log-on-error-in-thread_entropy_task.patch deleted file mode 100644 index c2c888f..0000000 --- a/SOURCES/Fix-message-log-on-error-in-thread_entropy_task.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up ./rngd_jitter.c.message ./rngd_jitter.c ---- ./rngd_jitter.c.message 2019-12-02 11:41:40.456723553 -0500 -+++ ./rngd_jitter.c 2019-12-02 11:43:09.331427470 -0500 -@@ -302,15 +302,11 @@ static void *thread_entropy_task(void *d - while(written != me->buf_sz) { - message(LOG_DAEMON|LOG_DEBUG, "Writing to pipe\n"); - ret = write(me->pipe_fd, &tmpbuf[written], me->buf_sz - written); -+ if ((ret < 0) && (errno != EBADF)) -+ message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno)); - message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret); - if (first) - me->active = 1; -- /* -- * suppress EBADF errors, as those indicate the pipe is -- * closed and we are exiting -- */ -- if ((ret < 0) && (errno != EBADF)) -- message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno)); - if (!first && !me->active) - break; - first = 0; diff --git a/SOURCES/jitter-rdtsc.patch b/SOURCES/jitter-rdtsc.patch deleted file mode 100644 index 0725255..0000000 --- a/SOURCES/jitter-rdtsc.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -up ./jitterentropy-library/jitterentropy.h.rdtsc ./jitterentropy-library/jitterentropy.h ---- ./jitterentropy-library/jitterentropy.h.rdtsc 2018-09-06 15:01:40.000000000 -0400 -+++ ./jitterentropy-library/jitterentropy.h 2020-02-18 12:47:10.465684582 -0500 -@@ -44,8 +44,12 @@ - - #ifdef __KERNEL__ - #include "jitterentropy-base-kernel.h" -+#else /* __KERNEL__ */ -+#ifdef __x86_64__ -+#include "arch/jitterentropy-base-x86.h" - #else - #include "jitterentropy-base-user.h" -+#endif /* __x86_64__ */ - #endif /* __KERNEL__ */ - - /* The entropy pool */ -diff -up ./rngd_jitter.c.rdtsc ./rngd_jitter.c ---- ./rngd_jitter.c.rdtsc 2020-02-18 12:47:22.490646896 -0500 -+++ ./rngd_jitter.c 2020-02-18 12:46:40.650778022 -0500 -@@ -27,6 +27,9 @@ - #include - #include - #include -+#include -+#include -+#include - #include "rng-tools-config.h" - - #include diff --git a/SOURCES/jitter-setjmp.patch b/SOURCES/jitter-setjmp.patch deleted file mode 100644 index f1c93f5..0000000 --- a/SOURCES/jitter-setjmp.patch +++ /dev/null @@ -1,118 +0,0 @@ -commit 3e47faae108df4824531bf9c003cc1c65b7b2842 -Author: Neil Horman -Date: Fri Jun 7 08:51:02 2019 -0400 - - Allow jitter threads to exit faster - - Even with the recent pipe adjustments, it can take a long time for - jitterentropy to exit. This is because the call to jent_read_entropy - can take a long time to complete, and termination signal delivery won't - cause it to return early, like a syscall. - - Mitigate this by using sigsetjmp/siglongjmp. We set a return point at - the top of the loop for each thread, and register a signal handler to - execute a siglongjmp back to that point so that we can recheck the - active flag and break the loop as soon as a signal is delivered. - - Signed-off-by: Neil Horman - -diff --git a/rngd_jitter.c b/rngd_jitter.c -index 54070ae..7f01ee9 100644 ---- a/rngd_jitter.c -+++ b/rngd_jitter.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - #include "rng-tools-config.h" - - #include -@@ -48,6 +49,7 @@ struct thread_data { - int active; - int done; - struct timespec slptm; -+ sigjmp_buf jmpbuf; - }; - - static struct thread_data *tdata; -@@ -228,6 +230,16 @@ static inline void update_sleep_time(struct thread_data *me, - me->slptm.tv_nsec /= 2; - } - -+void jitter_thread_exit_signal(int signum) -+{ -+ pthread_t self = pthread_self(); -+ int i; -+ for(i=0;ijmpbuf, 1)) -+ goto out_interrupt; -+ - /* Now go to sleep until there is more work to do */ - do { - message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id); -@@ -286,7 +305,11 @@ static void *thread_entropy_task(void *data) - message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret); - if (first) - me->active = 1; -- if (ret < 0) -+ /* -+ * suppress EBADF errors, as those indicate the pipe is -+ * closed and we are exiting -+ */ -+ if ((ret < 0) && (errno != EBADF)) - message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno)); - if (!first && !me->active) - break; -@@ -296,6 +319,7 @@ static void *thread_entropy_task(void *data) - - } while (me->active); - -+out_interrupt: - free(tmpbuf); - out: - me->done = 1; -@@ -335,6 +359,7 @@ int validate_jitter_options(struct rng *ent_src) - return 0; - } - -+ - /* - * Init JITTER - */ -@@ -349,6 +374,9 @@ int init_jitter_entropy_source(struct rng *ent_src) - #ifdef HAVE_LIBGCRYPT - char key[AES_BLOCK]; - #endif -+ -+ signal(SIGUSR1, jitter_thread_exit_signal); -+ - int ret = jent_entropy_init(); - if(ret) { - message(LOG_DAEMON|LOG_WARNING, "JITTER rng fails with code %d\n", ret); -@@ -474,8 +502,8 @@ void close_jitter_entropy_source(struct rng *ent_src) - /* And wait for completion of each thread */ - for (i=0; i < num_threads; i++) { - message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i); -+ pthread_kill(threads[i], SIGUSR1); - while (!tdata[i].done) -- pthread_kill(threads[i], SIGINT); - if(tdata[i].done) { - message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id); - pthread_join(threads[i], NULL); diff --git a/SOURCES/jitter-use-proper-state-locking.patch b/SOURCES/jitter-use-proper-state-locking.patch deleted file mode 100644 index 7381711..0000000 --- a/SOURCES/jitter-use-proper-state-locking.patch +++ /dev/null @@ -1,161 +0,0 @@ -From: Neil Horman -Date: Tue, 10 Dec 2019 09:57:36 -0500 -Subject: Move jitter to use proper state locking/thread signaling - -The existing state communication between the main process and jitter threads was -pretty rickety, leading to lots of potential races. Replace it with proper -thread mutex locking and condition signaling. This will improve our ability to -properly shutdown the jitterentropy threads - -Signed-off-by: Neil Horman -Signed-off-by: Vladis Dronov ---- - rngd_jitter.c | 70 ++++++++++++++++++++++++++++++--------------------- - 1 file changed, 41 insertions(+), 29 deletions(-) - -diff --git a/rngd_jitter.c b/rngd_jitter.c -index d0b12a4..32bac53 100644 ---- a/rngd_jitter.c -+++ b/rngd_jitter.c -@@ -49,7 +49,10 @@ struct thread_data { - struct rand_data *ec; - size_t buf_sz; - int slpmode; -- int active; -+ /* mutex/condition to guard done variable */ -+ pthread_cond_t statecond; -+ pthread_mutex_t statemtx; -+ /* done states -1 : init, 0 : ready, 1 : complete */ - int done; - struct timespec slptm; - sigjmp_buf jmpbuf; -@@ -252,10 +255,8 @@ static void *thread_entropy_task(void *data) - char *tmpbuf; - struct timespec start, end; - int written; -- int first = 1; - /* STARTUP */ - -- me->done = 0; - /* - * Set our timeout value - * -1 means adaptive, i.e. sleep for the last -@@ -279,14 +280,19 @@ static void *thread_entropy_task(void *data) - } - - /* -- * Use setjmp here to allow us to return early from -- * jent_read_entropy, as it can run for a long time -+ * A signal will call siglongjmp and return us here when we exit - */ - if (sigsetjmp(me->jmpbuf, 1)) - goto out_interrupt; - -+ /* Indicate we are ready */ -+ pthread_mutex_lock(&me->statemtx); -+ me->done = 0; -+ pthread_cond_signal(&me->statecond); -+ pthread_mutex_unlock(&me->statemtx); -+ - /* Now go to sleep until there is more work to do */ -- do { -+ for(;;) { - message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id); - - /* We are awake because we need to refil the buffer */ -@@ -308,20 +314,18 @@ static void *thread_entropy_task(void *data) - if ((ret < 0) && (errno != EBADF)) - message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno)); - message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret); -- if (first) -- me->active = 1; -- if (!first && !me->active) -- break; -- first = 0; - written += ret; - } - -- } while (me->active); -+ } - - out_interrupt: - free(tmpbuf); - out: -+ pthread_mutex_lock(&me->statemtx); - me->done = 1; -+ pthread_cond_signal(&me->statecond); -+ pthread_mutex_unlock(&me->statemtx); - pthread_exit(NULL); - } - -@@ -434,8 +438,9 @@ int init_jitter_entropy_source(struct rng *ent_src) - core_id++; - tdata[i].core_id = core_id; - tdata[i].pipe_fd = pipefds[1]; -- tdata[i].active = 0; -- tdata[i].done = 0; -+ pthread_cond_init(&tdata[i].statecond, NULL); -+ pthread_mutex_init(&tdata[i].statemtx, NULL); -+ tdata[i].done = -1; - core_id++; - tdata[i].buf_sz = ent_src->rng_options[JITTER_OPT_BUF_SZ].int_val; - tdata[i].ec = jent_entropy_collector_alloc(1, 0); -@@ -448,9 +453,16 @@ int init_jitter_entropy_source(struct rng *ent_src) - - /* Make sure all our threads are doing their jobs */ - for (i=0; i < num_threads; i++) { -- while (tdata[i].active == 0) -- sched_yield(); -- message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i); -+ /* wait until the done state transitions from negative to zero or more */ -+ pthread_mutex_lock(&tdata[i].statemtx); -+ if (tdata[i].done < 0) -+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx); -+ if (tdata[i].done == 1) -+ /* we failed during startup */ -+ message(LOG_DAEMON|LOG_DEBUG, "CPU thread %d failed\n", i); -+ else -+ message(LOG_DAEMON|LOG_DEBUG, "CPU Thread %d is ready\n", i); -+ pthread_mutex_unlock(&tdata[i].statemtx); - } - - flags = fcntl(pipefds[0], F_GETFL, 0); -@@ -492,23 +504,23 @@ void close_jitter_entropy_source(struct rng *ent_src) - char tmpbuf[1024]; - int flags; - -- /* Flag all the threads so they exit */ -- for (i=0; i < num_threads; i++) -- tdata[i].active = 0; -- -+ /* Close the pipes to prevent further writing */ - close(pipefds[1]); - - /* And wait for completion of each thread */ - for (i=0; i < num_threads; i++) { -- message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i); -+ /* Signal the threads to exit */ - pthread_kill(threads[i], SIGUSR1); -- while (!tdata[i].done) -- if(tdata[i].done) { -- message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id); -- pthread_join(threads[i], NULL); -- jent_entropy_collector_free(tdata[i].ec); -- } else -- sched_yield(); -+ /* and wait for them to shutdown */ -+ pthread_mutex_lock(&tdata[i].statemtx); -+ if (!tdata[i].done) { -+ message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i); -+ pthread_cond_wait(&tdata[i].statecond, &tdata[i].statemtx); -+ } -+ pthread_mutex_unlock(&tdata[i].statemtx); -+ message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id); -+ pthread_join(threads[i], NULL); -+ jent_entropy_collector_free(tdata[i].ec); - } - - close(pipefds[0]); --- -2.26.3 - diff --git a/SOURCES/jitterentropy-build-static.patch b/SOURCES/jitterentropy-build-static.patch deleted file mode 100644 index f6738de..0000000 --- a/SOURCES/jitterentropy-build-static.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up ./Makefile.am.static ./Makefile.am ---- ./Makefile.am.static 2019-11-07 14:20:39.000000000 -0500 -+++ ./Makefile.am 2019-11-15 10:08:31.554914291 -0500 -@@ -1,7 +1,7 @@ - ## - ## Toplevel Makefile.am for rng-tools - ## --SUBDIRS = contrib tests -+SUBDIRS = contrib tests jitterentropy-library - - sbin_PROGRAMS = rngd - bin_PROGRAMS = rngtest -@@ -23,19 +23,17 @@ if DARN - rngd_SOURCES += rngd_darn.c - endif - --if JITTER - rngd_SOURCES += rngd_jitter.c --endif - --rngd_LDADD = librngd.a -lsysfs $(LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS) -+rngd_LDADD = librngd.a -lsysfs $(LIBS) jitterentropy-library/libjitterentropy.a ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS) -+ -+rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/ -+rngd_LDFLAGS = $(PTHREAD_CFLAGS) - - if PKCS11 - rngd_SOURCES += rngd_pkcs11.c - endif - --rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) --rngd_LDFLAGS = $(PTHREAD_CFLAGS) -- - rngtest_SOURCES = exits.h stats.h stats.c rngtest.c - rngtest_LDADD = librngd.a - diff --git a/SOURCES/jitterentropy-remove-install.patch b/SOURCES/jitterentropy-remove-install.patch deleted file mode 100644 index cb840e1..0000000 --- a/SOURCES/jitterentropy-remove-install.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up ./jitterentropy-library/Makefile.remove ./jitterentropy-library/Makefile ---- ./jitterentropy-library/Makefile.remove 2018-11-20 10:34:18.350397594 -0500 -+++ ./jitterentropy-library/Makefile 2018-11-20 10:35:27.023144673 -0500 -@@ -46,18 +46,6 @@ $(NAME): $(OBJS) - scan: $(OBJS) - scan-build --use-analyzer=/usr/bin/clang $(CC) -shared -Wl,-soname,lib$(NAME).so.$(LIBMAJOR) -o lib$(NAME).so.$(LIBVERSION) $(OBJS) $(LDFLAGS) - --install: -- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3 -- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/ -- gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3 -- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR) -- install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/ -- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ -- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/ -- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) -- ln -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR) -- ln -s lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so -- - clean: - @- $(RM) $(NAME) - @- $(RM) $(OBJS) diff --git a/SOURCES/rngd-wake-threshold.service b/SOURCES/rngd-wake-threshold.service index 4b45da3..41ef172 100644 --- a/SOURCES/rngd-wake-threshold.service +++ b/SOURCES/rngd-wake-threshold.service @@ -1,5 +1,6 @@ [Unit] Description=Hardware RNG Entropy Gatherer Wake threshold service +ConditionVirtualization=!container Before=rngd.service [Service] diff --git a/SPECS/rng-tools.spec b/SPECS/rng-tools.spec index c2fdbfb..2bbd088 100644 --- a/SPECS/rng-tools.spec +++ b/SPECS/rng-tools.spec @@ -2,55 +2,55 @@ Summary: Random number generator related utilities Name: rng-tools -Version: 6.8 -Release: 4%{?dist} +Version: 6.13 +Release: 1.git.d207e0b6%{?dist} Group: System Environment/Base License: GPLv2+ URL: https://github.com/nhorman/rng-tools -Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source1: rngd.service -Source2: jitterentropy-library-2.1.2.tar.gz -Source3: rngd-wake-threshold.service -Source4: 60-hwrng.rules +Source2: rngd-wake-threshold.service +Source3: 60-hwrng.rules +Source4: jitterentropy-library-3.0.2.tar.gz -Patch0: jitterentropy-remove-install.patch -Patch1: jitterentropy-build-static.patch -Patch2: jitter-setjmp.patch -Patch3: Fix-message-log-on-error-in-thread_entropy_task.patch -Patch4: Add-reserved-option-value-to-not-change-write_wakeup.patch -Patch5: jitter-rdtsc.patch -Patch6: jitter-use-proper-state-locking.patch +Patch0: 1-je-rh-makefile.patch +Patch1: 2-je-remove-install.patch +Patch2: 3-rt-use-jitter-static.patch +Patch3: 4-rt-add-missing-test.patch +BuildRequires: gcc make BuildRequires: gettext -BuildRequires: systemd-units -BuildRequires: libgcrypt-devel +#BuildRequires: systemd-units +BuildRequires: systemd systemd-rpm-macros BuildRequires: autoconf automake -BuildRequires: libsysfs-devel libcurl-devel +BuildRequires: libgcrypt-devel libcurl-devel +BuildRequires: libsysfs-devel jansson-devel BuildRequires: libxml2-devel openssl-devel -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units -Requires: libgcrypt libsysfs -Requires: openssl libxml2 libcurl +#Requires(post): systemd-units +#Requires(preun): systemd-units +#Requires(postun): systemd-units +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires: jansson openssl %description -Hardware random number generation tools. +This is a random number generator daemon and its tools. It monitors +a set of entropy sources present on a system (like /dev/hwrng, RDRAND, +TPM, jitter) and supplies entropy from them to a kernel entropy pool. %prep -%setup -tar xvf %{SOURCE2} -mv jitterentropy-library-2.1.2 jitterentropy-library +%setup -q +tar xf %{SOURCE4} +mv jitterentropy-library-3.0.2 jitterentropy-library %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 %build ./autogen.sh -%configure --without-pkcs11 +%configure --without-pkcs11 --without-rtlsdr %make_build %install @@ -58,15 +58,15 @@ mv jitterentropy-library-2.1.2 jitterentropy-library # install systemd unit file and udev rules install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} -install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE3} -install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE4} +install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2} +install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3} %pre getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd %post %systemd_post rngd.service rngd-wake-threshold.service -udevadm trigger --sysname-match=hw_random --settle +/usr/bin/systemctl start rngd-wake-threshold.service || : %preun %systemd_preun rngd.service rngd-wake-threshold.service @@ -77,7 +77,7 @@ udevadm trigger --sysname-match=hw_random --settle %files %{!?_licensedir:%global license %%doc} %license COPYING -%doc AUTHORS NEWS README +%doc AUTHORS README %{_bindir}/rngtest %{_sbindir}/rngd %{_mandir}/man1/rngtest.1.* @@ -87,8 +87,23 @@ udevadm trigger --sysname-match=hw_random --settle %attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules %changelog +* Thu Jul 22 2021 Vladis Dronov - 6.13-1.git.d207e0b6 +- Update to the upstream v6.13 + tip of origin/master + onecpu + branch + revert of 2ce93190 +- Rebuild rng-tools against the latest jitterentropy library + 3.0.2-2.git.409828cf with fixes for an important issue +- Fix a number of issues (bz 1974103, bz 1980421, bz 1859154) + +* Mon Jul 05 2021 Vladis Dronov - 6.8-6 +- Adjust rngd-wake-threshold.service and post section so udevadm is not + run in a container (bz 1975554) + +* Thu May 27 2021 Vladis Dronov - 6.8-5 +- Fix /dev/hwrng permissions issue at boot time (bz 1955522) + * Mon May 24 2021 Vladis Dronov - 6.8-4 -- There is no need to hardcode _sbindir anymore, also the old value is incorrect +- There is no need to hardcode _sbindir anymore, also the old value is + incorrect - Update the rngd.service file - Fix a busyloop bug (bz 1956248) - Fix /dev/hwrng permission issue (bz 1955522)