From 8d6b73f8ff5c33695c5462f3019ea1c4684e3107 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Oct 18 2016 15:05:42 +0000 Subject: If device is not found exit immediately --- diff --git a/0001-If-device-is-not-found-exit-immediately.patch b/0001-If-device-is-not-found-exit-immediately.patch new file mode 100644 index 0000000..51dd2d9 --- /dev/null +++ b/0001-If-device-is-not-found-exit-immediately.patch @@ -0,0 +1,151 @@ +From 74f1926a81b80ce8719c92b688737c51ece2cb4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 18 Oct 2016 10:50:42 -0400 +Subject: [PATCH] If device is not found, exit immediately + +This avoids stupid warnings in the logs: +rng[961]: read error +rng[961]: read error +... + +https://bugzilla.redhat.com/show_bug.cgi?id=892178 +--- + rngd.c | 4 +--- + rngd_entsource.c | 38 +++++++++++++++++++++++++++----------- + 2 files changed, 28 insertions(+), 14 deletions(-) + +diff --git a/rngd.c b/rngd.c +index cd5bc8a40b..7755651f1c 100644 +--- a/rngd.c ++++ b/rngd.c +@@ -315,9 +315,7 @@ int main(int argc, char **argv) + if (rc_rng && rc_drng && rc_tpm) { + if (!arguments->quiet) { + message(LOG_DAEMON|LOG_ERR, +- "can't open any entropy source"); +- message(LOG_DAEMON|LOG_ERR, +- "Maybe RNG device modules are not loaded\n"); ++ "No entropy sources found, exiting"); + } + return 66; + } +diff --git a/rngd_entsource.c b/rngd_entsource.c +index f0e219d7af..468ad1cfc6 100644 +--- a/rngd_entsource.c ++++ b/rngd_entsource.c +@@ -63,8 +63,13 @@ int xread(void *buf, size_t size, struct rng *ent_src) + size -= r; + } + ++ if (errno == ENODEV) { ++ message(LOG_DAEMON|LOG_ERR, "%s: %m", ent_src->rng_name); ++ return -ENODEV; ++ } ++ + if (size) { +- message(LOG_DAEMON|LOG_ERR, "read error\n"); ++ message(LOG_DAEMON|LOG_ERR, "%s: %m", ent_src->rng_name); + return -1; + } + return 0; +@@ -89,14 +94,14 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src) + + ent_src->rng_fd = open(ent_src->rng_name, O_RDWR); + if (ent_src->rng_fd == -1) { +- message(LOG_ERR|LOG_INFO,"Unable to open file: %s",ent_src->rng_name); ++ message(LOG_ERR|LOG_INFO,"%s: %m",ent_src->rng_name); + return -1; + } + + temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD); + memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD)); + if (temp_buf == NULL) { +- message(LOG_ERR|LOG_INFO,"No memory"); ++ message(LOG_ERR|LOG_INFO,"%m"); + close(ent_src->rng_fd); + return -1; + } +@@ -114,7 +119,7 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src) + sizeof(rng_cmd) - r); + if (retval < 0) { + message(LOG_ERR|LOG_INFO, +- "Error writing %s\n", ++ "Error writing %s", + ent_src->rng_name); + retval = -1; + goto error_out; +@@ -123,7 +128,7 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src) + } + if (r < sizeof(rng_cmd)) { + message(LOG_ERR|LOG_INFO, +- "Error writing %s\n", ent_src->rng_name); ++ "Error writing %s", ent_src->rng_name); + retval = -1; + goto error_out; + } +@@ -152,22 +157,27 @@ error_out: + } + + /* Initialize entropy source */ +-static int discard_initial_data(struct rng *ent_src) ++static int discard_initial_data(struct rng *ent_src, int *data) + { + /* Trash 32 bits of what is probably stale (non-random) +- * initial state from the RNG. For Intel's, 8 bits would ++ * initial state from the RNG. For Intel's, 8 bits would + * be enough, but since AMD's generates 32 bits at a time... + * + * The kernel drivers should be doing this at device powerup, + * but at least up to 2.4.24, it doesn't. */ + unsigned char tempbuf[4]; +- xread(tempbuf, sizeof(tempbuf), ent_src); ++ int r; ++ ++ r = xread(tempbuf, sizeof(tempbuf), ent_src); ++ if (r < 0) ++ return r; + + /* Return 32 bits of bootstrap data */ + xread(tempbuf, sizeof(tempbuf), ent_src); + +- return tempbuf[0] | (tempbuf[1] << 8) | ++ *data = tempbuf[0] | (tempbuf[1] << 8) | + (tempbuf[2] << 16) | (tempbuf[3] << 24); ++ return 0; + } + + /* +@@ -175,14 +185,20 @@ static int discard_initial_data(struct rng *ent_src) + */ + int init_entropy_source(struct rng *ent_src) + { ++ int data; ++ + ent_src->rng_fd = open(ent_src->rng_name, O_RDONLY); + if (ent_src->rng_fd == -1) { + return 1; + } ++ if (discard_initial_data(ent_src, &data)) { ++ return 1; ++ } ++ + src_list_add(ent_src); + /* Bootstrap FIPS tests */ + ent_src->fipsctx = malloc(sizeof(fips_ctx_t)); +- fips_init(ent_src->fipsctx, discard_initial_data(ent_src)); ++ fips_init(ent_src->fipsctx, data); + return 0; + } + +@@ -193,7 +209,7 @@ int init_tpm_entropy_source(struct rng *ent_src) + { + ent_src->rng_fd = open(ent_src->rng_name, O_RDWR); + if (ent_src->rng_fd == -1) { +- message(LOG_ERR|LOG_INFO,"Unable to open file: %s",ent_src->rng_name); ++ message(LOG_ERR|LOG_INFO,"%s: %m",ent_src->rng_name); + return 1; + } + src_list_add(ent_src); +-- +2.9.0 + diff --git a/rng-tools.spec b/rng-tools.spec index d5990b7..e152898 100644 --- a/rng-tools.spec +++ b/rng-tools.spec @@ -4,7 +4,7 @@ Summary: Random number generator related utilities Name: rng-tools Version: 5 -Release: 7%{?dist} +Release: 8%{?dist} Group: System Environment/Base License: GPLv2+ URL: http://sourceforge.net/projects/gkernel/ @@ -12,6 +12,7 @@ Source0: http://downloads.sourceforge.net/project/gkernel/rng-tools/4/rng Source1: rngd.service # https://sourceforge.net/p/gkernel/patches/111/ Patch0: rngd-exit-code.patch +Patch1: 0001-If-device-is-not-found-exit-immediately.patch BuildRequires: gettext BuildRequires: systemd-units @@ -23,19 +24,17 @@ Requires(postun): systemd-units Hardware random number generation tools. %prep -%setup -q -%patch0 -p1 +%autosetup %build %configure -make %{?_smp_mflags} +%make_build %install -make DESTDIR=%{buildroot} install +%make_install # install systemd unit file -mkdir -p %{buildroot}%{_unitdir} -install -m 644 %{SOURCE1} %{buildroot}%{_unitdir} +install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} %post %systemd_post rngd.service @@ -57,6 +56,9 @@ install -m 644 %{SOURCE1} %{buildroot}%{_unitdir} %attr(0644,root,root) %{_unitdir}/rngd.service %changelog +* Tue Oct 18 2016 Zbigniew Jędrzejewski-Szmek - 5-8 +- If device is not found exit immediately (#892178) + * Sun Mar 6 2016 Peter Robinson 5-7 - Use %%license