diff options
Diffstat (limited to 'sys-apps/rng-tools/files')
7 files changed, 154 insertions, 193 deletions
diff --git a/sys-apps/rng-tools/files/rng-tools-6.1-fix-nistbeacon-validation-on-x86.patch b/sys-apps/rng-tools/files/rng-tools-6.1-fix-nistbeacon-validation-on-x86.patch deleted file mode 100644 index 1872444bc4a8..000000000000 --- a/sys-apps/rng-tools/files/rng-tools-6.1-fix-nistbeacon-validation-on-x86.patch +++ /dev/null @@ -1,45 +0,0 @@ -From e8d7ea04e39f1209a79c003f3b62c9f1761dec0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org> -Date: Thu, 19 Apr 2018 05:29:01 -0400 -Subject: [PATCH] rngd_nistbeacon: fix the size of frequency and timestamp on - x86_32 - -The members "frequency" and "timestamp" of struct nist_data_block are -defined as int and long, respectively. On x86_64, their sizes -correctly correspond to 4 and 8 bytes. However, on 32-bit x86 -architectures, both int and long are defined as 4 bytes, causing the -digest verification to fail. Fix it by using uint32_t and uint64_t -explicitly. ---- - rngd_nistbeacon.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/rngd_nistbeacon.c b/rngd_nistbeacon.c -index fbebc53..eadde39 100644 ---- a/rngd_nistbeacon.c -+++ b/rngd_nistbeacon.c -@@ -97,8 +97,8 @@ BIO *bfp; - - struct nist_data_block { - char *version; -- int frequency; -- long timestamp; -+ uint32_t frequency; -+ uint64_t timestamp; - char *seedvalue; - size_t seedvaluelen; - char *previoushash; -@@ -355,8 +355,8 @@ static int validate_nist_block() - - - EVP_VerifyUpdate(mdctx, block.version, strlen(block.version)); -- EVP_VerifyUpdate(mdctx, &block.frequency, sizeof(int)); -- EVP_VerifyUpdate(mdctx, &block.timestamp, sizeof(long)); -+ EVP_VerifyUpdate(mdctx, &block.frequency, sizeof(uint32_t)); -+ EVP_VerifyUpdate(mdctx, &block.timestamp, sizeof(uint64_t)); - EVP_VerifyUpdate(mdctx, block.seedvalue, block.seedvaluelen); - EVP_VerifyUpdate(mdctx, block.previoushash, block.previoushashlen); - EVP_VerifyUpdate(mdctx, &block.errorcode, block.errorcodelen); --- -2.13.6 - diff --git a/sys-apps/rng-tools/files/rng-tools-6.3-jitterentropy-linking-fix.patch b/sys-apps/rng-tools/files/rng-tools-6.3-jitterentropy-linking-fix.patch deleted file mode 100644 index f7b87c88715d..000000000000 --- a/sys-apps/rng-tools/files/rng-tools-6.3-jitterentropy-linking-fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c9f795da2dbeb0e85025f6264321aef1ba12059e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org> -Date: Fri, 6 Jul 2018 17:20:28 -0400 -Subject: [PATCH] Makefile.am: use the libjitterentropy available on the system - ---- - Makefile.am | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index b80e9a0..5d33aaf 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -2,9 +2,7 @@ - ## Toplevel Makefile.am for rng-tools - ## - if JITTER -- JSUBDIR = jitterentropy-library -- JSUBLIB = ./jitterentropy-library/libjitterentropy.a -- AM_CPPFLAGS = -I./jitterentropy-library -+ jitterentropy_LIBS = -ljitterentropy - endif - - SUBDIRS = contrib tests $(JSUBDIR) -@@ -33,7 +31,7 @@ if JITTER - rngd_SOURCES += rngd_jitter.c - endif - --rngd_LDADD = librngd.a -lsysfs $(JSUBLIB) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} -+rngd_LDADD = librngd.a -lsysfs $(jitterentropy_LIBS) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} - - rngd_CFLAGS = ${libxml2_CFLAGS} ${openssl_CFLAGS} - --- -2.17.0 - diff --git a/sys-apps/rng-tools/files/rng-tools-6.4-jitterentropy-linking-fix.patch b/sys-apps/rng-tools/files/rng-tools-6.4-jitterentropy-linking-fix.patch deleted file mode 100644 index e6cf95d13f32..000000000000 --- a/sys-apps/rng-tools/files/rng-tools-6.4-jitterentropy-linking-fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ac00de69665a14bc1884be90ec83f8e8bc4d69f0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org> -Date: Wed, 19 Sep 2018 16:45:37 -0400 -Subject: [PATCH] Makefile.am: use the libjitterentropy available on the system - ---- - Makefile.am | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index fa8ecca..abc759a 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -2,9 +2,7 @@ - ## Toplevel Makefile.am for rng-tools - ## - if JITTER -- JSUBDIR = jitterentropy-library -- JSUBLIB = ./jitterentropy-library/libjitterentropy.a -- AM_CPPFLAGS = -I./jitterentropy-library -+ jitterentropy_LIBS = -ljitterentropy - endif - - SUBDIRS = contrib tests $(JSUBDIR) -@@ -33,7 +31,7 @@ if JITTER - rngd_SOURCES += rngd_jitter.c - endif - --rngd_LDADD = librngd.a -lsysfs $(JSUBLIB) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS) -+rngd_LDADD = librngd.a -lsysfs $(jitterentropy_LIBS) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS) - - rngd_CFLAGS = ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) - rngd_LDFLAGS = $(PTHREAD_CFLAGS) --- -2.19.0 - diff --git a/sys-apps/rng-tools/files/rng-tools-6.5-jitterentropy-automagic-detection-fix.patch b/sys-apps/rng-tools/files/rng-tools-6.5-jitterentropy-automagic-detection-fix.patch deleted file mode 100644 index b03960180ed9..000000000000 --- a/sys-apps/rng-tools/files/rng-tools-6.5-jitterentropy-automagic-detection-fix.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 76cfc06afb69019dcf0bbd9938f6378168e37411 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org> -Date: Wed, 26 Sep 2018 13:32:39 -0400 -Subject: [PATCH] configure.ac: control jitterentropy support using - --with-jitter - -Replace automagic detection of jitterentropy DSO with an AC_ARG_WITH -macro so that rngd can be compiled without jitter support even when -the jitterentropy library is available on the system. ---- - configure.ac | 26 +++++++++++++++++++------- - 1 file changed, 19 insertions(+), 7 deletions(-) - -diff --git a/configure.ac b/configure.ac -index b1544d9..1e58184 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -40,6 +40,13 @@ AC_ARG_WITH([nistbeacon], - [with_nistbeacon=check] - ) - -+AC_ARG_WITH([jitter], -+ AS_HELP_STRING([--without-jitter], -+ [Disable jitter entropy library support. ]), -+ [], -+ [with_jitter=check] -+) -+ - dnl Make sure anyone changing configure.ac/Makefile.am has a clue - AM_MAINTAINER_MODE - AM_PROG_AS -@@ -61,13 +68,18 @@ AS_IF([test $target_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])] - - AM_CONDITIONAL([JITTER], [false]) - AM_CONDITIONAL([JITTER_DSO], [false]) --AS_IF([test -f jitterentropy-library/Makefile], -- [AM_CONDITIONAL([JITTER], [true]) -- AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])], -- [AC_SEARCH_LIBS(jent_version,jitterentropy, -- [AM_CONDITIONAL([JITTER_DSO], [true]) -- AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])], -- [AC_MSG_NOTICE([Disabling JITTER entropy source])])]) -+AS_IF( -+ [ test "x$with_jitter" != "xno" ], -+ [ -+ AS_IF([test -f jitterentropy-library/Makefile], -+ [AM_CONDITIONAL([JITTER], [true]) -+ AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])], -+ [AC_SEARCH_LIBS(jent_version,jitterentropy, -+ [AM_CONDITIONAL([JITTER_DSO], [true]) -+ AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])], -+ [AC_MSG_NOTICE([Disabling JITTER entropy source])])]) -+ ] -+) - - #AM_CONDITIONAL([JITTER], [test -f jitterentropy-library/Makefile]) - #AS_IF([test -f jitterentropy-library/Makefile], [AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])],[AC_MSG_NOTICE([Disabling JITTER entropy source])]) --- -2.19.0 - diff --git a/sys-apps/rng-tools/files/rngd-confd-6.7 b/sys-apps/rng-tools/files/rngd-confd-6.7 new file mode 100644 index 000000000000..20aa3281d535 --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-confd-6.7 @@ -0,0 +1,90 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# /etc/conf.d/rngd +# Please see "/usr/sbin/rngd --help" and "man rngd" for more information + +# Space-delimited list of entropy sources to enable +# Note that some of the entropy sources may require certain USE flags +# to be enabled or require hardware support to function properly +# Entropy sources not specified here (or in the exclude list below) +# will be enabled/disabled based on rngd default behavior +# +# Choose from the list: +# hwrng: Hardware RNG Device +# tpm: TPM RNG Device (Deprecated) +# rdrand: Intel RDRAND Instruction RNG +# darn: Power9 DARN Instruction RNG +# nist: NIST Network Entropy Beacon +# (UNSAFE for cryptographic operations) +# jitter: JITTER Entropy Generator +# pkcs11: PKCS11 Entropy Generator +# +#INCLUDE_ENTROPY_SOURCES="hwrng tpm rdrand darn nist jitter pkcs11" + + +# Space-delimited list of entropy sources to disable +# This is useful for disabling certain entropy sources even +# when they are supported on the system +# +#EXCLUDE_ENTROPY_SOURCES="nist tpm" + + +# Entropy source specific options: +# +# +# hwrng device used for random number input: +# +#HWRNG_DEVICE="/dev/hwrng" +# +# +# rdrand options: +# use_aes:(BOOLEAN) +# +#RDRAND_OPTIONS="use_aes:1" +# +# +# darn options: +# use_aes:(BOOLEAN) +# +#DARN_OPTIONS="use_aes:1" +# +# +# jitter options: +# thread_count:(INTEGER) +# buffer_size:(INTEGER) +# refill_thresh:(INTEGER) +# retry_count:(INTEGER) +# retry_delay:(INTEGER) +# use_aes:(BOOLEAN) +# +#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535" +#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1" +# +# +# pkcs11 options: +# engine_path:(STRING) +# chunk_size:(INTEGER) +# +#PKCS11_OPTIONS="engine_path:/usr/lib64/opensc-pkcs11.so chunk_size:1" + + +# Kernel device used for random number output +# +#RANDOM_DEVICE="/dev/random" + + +# Random step (Number of bytes written to random-device at a time): +# +#STEP=64 + + +# Fill watermark +# 0 <= n <= `sysctl kernel.random.poolsize` +# +#WATERMARK=2048 + + +# Any extra arguments for rngd +# +#EXTRA_ARGS="" diff --git a/sys-apps/rng-tools/files/rngd-initd-6 b/sys-apps/rng-tools/files/rngd-initd-6 deleted file mode 100644 index c3b48bf22099..000000000000 --- a/sys-apps/rng-tools/files/rngd-initd-6 +++ /dev/null @@ -1,16 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - need localmount - after urandom - provide entropy -} - -command=/usr/sbin/rngd -pidfile="/var/run/${SVCNAME}.pid" -command_args="--pid-file ${pidfile} --background --random-step ${STEP:-64} ${NO_TPM:+-x 1} \ - ${NO_DRNG:+-x 2} --fill-watermark ${WATERMARK} ${DEVICE:+--rng-device ${DEVICE}}" -start_stop_daemon_args="--wait 1000" -retry="SIGKILL/5000" diff --git a/sys-apps/rng-tools/files/rngd-initd-6.7 b/sys-apps/rng-tools/files/rngd-initd-6.7 new file mode 100644 index 000000000000..e85581ba6cb4 --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-initd-6.7 @@ -0,0 +1,64 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need localmount + after urandom + provide entropy +} + +command="/usr/sbin/rngd" +description="Check and feed random data from hardware device to kernel entropy pool." +pidfile="/var/run/${RC_SVCNAME}.pid" +command_args="" +command_args_background="--pid-file ${pidfile} --background" +start_stop_daemon_args="--wait 1000" +retry="SIGKILL/5000" + + +# Parse rngd confd file for extra command line arguments +start_pre() { + for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -n ${entsrc}" + done + + for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -x ${entsrc}" + done + + if [ "x${HWRNG_DEVICE}" != "x" ]; then + command_args="${command_args} --rng-device=${HWRNG_DEVICE}" + fi + + for entsrc_opt in ${RDRAND_OPTIONS}; do + command_args="${command_args} -O rdrand:${entsrc_opt}" + done + + for entsrc_opt in ${DARN_OPTIONS}; do + command_args="${command_args} -O darn:${entsrc_opt}" + done + + for entsrc_opt in ${JITTER_OPTIONS}; do + command_args="${command_args} -O jitter:${entsrc_opt}" + done + + for entsrc_opt in ${PKCS11_OPTIONS}; do + command_args="${command_args} -O pkcs11:${entsrc_opt}" + done + + if [ "x${RANDOM_DEVICE}" != "x" ]; then + command_args="${command_args} --random-device=${RANDOM_DEVICE}" + fi + + if [ "x${STEP}" != "x" ]; then + command_args="${command_args} --random-step=${STEP}" + fi + + if [ "x${WATERMARK}" != "x" ]; then + command_args="${command_args} --fill-watermark=${WATERMARK}" + fi + + command_args="${command_args} ${EXTRA_ARGS}" + return 0 +} |