** Changed in: openssl (Ubuntu)
Status: New => Invalid
** Changed in: openssl (Ubuntu Bionic)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835464
Title:
@Dietmar May (dietmar.may)
All the kernel config options mentioned are enabled, at least in the Ubuntu
19.10 kernel. And i would have expected them to be on in previous releases too,
but didn't check.
I do wonder if ubuntu-drivers-common should detect that hw rng device is
available and offer
@seth this was only added very recently
https://github.com/systemd/systemd/commit/26ded55709947d936634f1de0f43dcf88f594621
Not on by default, and services need to order After=systemd-random-
seed.service to guarantee initialized random pool.
Low entropy is an issue, Excessive entropy usage is
** Tags added: bionic-openssl-1.1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835464
Title:
nginx service fails after libssl update due to low entropy at boot
To manage notifications about this
I read through Bionic's systemd-random-seed.service source (src/random-
seed/random-seed.c) and didn't see any references to RNDADDTOENTCNT or
RNDADDENTROPY, the ioctl(2)s that are used to indicate to the kernel
that added entropy should be used for the random(4) device. Maybe
they're hidden
@racb
I'm not sure that I would consider it normal or expected, though, for
system services to suddenly stop working due to regular updates, and for
a server to suddenly become unreachable and unresponsive just because it
was updated.
On the other hand, it's certainly not desirable for a system
** Changed in: nginx (Ubuntu)
Status: Incomplete => Opinion
** Changed in: nginx (Ubuntu Bionic)
Status: Incomplete => Opinion
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835464
I think understand the problem here, but it isn't clear to me that it's
a bug in the openssl update either. It is surely normal and expected
that regular updates (including security updates) might result in a
greater entropy requirement.
It would be nice if we could arrange things to block for
@teward
No, I'm not sure whether it's an nginx bug.
openssl packages were updated; nginx package is at the same version.
Basically, it looks like an openssl call that previously succeeded (and
probably gave questionable responses) now has become a blocking call
that doesn't return until
@xnox
In my case, this is on a TI AM3352 processor. The key config item is:
CONFIG_HW_RANDOM_OMAP=m
TI's docs indicate that the following is important:
CONFIG_CRYPTO_DEV_OMAP_SHAM=y
And these may be related:
CONFIG_CRYPTO_DEV_OMAP_AES=y
CONFIG_CRYPTO_SHA256_ARM=y
CONFIG_CRYPTO_SHA512_ARM=y
** Also affects: openssl (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: nginx (Ubuntu Bionic)
Status: New => Incomplete
--
You received this bug notification because you are a
Tagging regression-update since the claim here is it was as a
consequence of the OpenSSL SRU (regardless of where we determine the bug
actually is, it still got exposed by that update).
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
** Changed in: nginx (Ubuntu)
Status: New => Incomplete
** Also affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835464
Are we 100% certain this is an NGINX bug and not a kernel or OpenSSL
bug? If these issues are entirely OpenSSL Entropy based, nginx isnt
necessarily going to be where this fix needs to be...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
@dietmar.may yes, having entropy is needed. I understand you are not
using ubuntu kernel, but can we double check that the Ubuntu kernel
configs do build the driver for random number generator that you need?
What is the config option for it?
(such that you could, in theory, switch to an Ubuntu
** Package changed: ubuntu => nginx (Ubuntu)
** Tags added: bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835464
Title:
nginx service fails after libssl update due to low entropy at boot
Thank you for taking the time to report this bug and helping to make
Ubuntu better. It seems that your bug report is not filed about a
specific source package though, rather it is just filed against Ubuntu
in general. It is important that bug reports be filed about source
packages so that people
This appears to be due to openssl requests blocking or failing until
sufficient entropy is available for random number generation.
The target device is based on the TI AM335X (Sitara) ARM Cortex A8 SOC.
The SOC (system on a chip) has a hardware random number generator, which
requires a kernel
18 matches
Mail list logo