-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.1
-
None
-
No
-
Low
-
rhel-security-crypto-clubs
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
When fips-provider-next seeds from getrandom we have:
:: [ 15:24:06 ] :: [ BEGIN ] :: Running 'cat split-calls.child_1.0' 'getrandom("\\x2d\\x02\\x87\\xdc\\x26\\x36\\xa5\\x66\\x32\\xa7\\x3d\\xec\\x49\\xd8\\xf8\\xd3\\x90\\x67\\x0a\\xc8\\x2e\\x5d\\xb5\\x10\\xc5\\xd9\\xdc\\xa6\\x61\\xa8\\x0b\\x58"..., 40, GRND_RANDOM) = 40\r\r' ... :: [ 15:24:06 ] :: [ PASS ] :: Command 'cat split-calls.child_1.0' (Expected 0, got 0) :: [ 15:24:06 ] :: [ BEGIN ] :: Running 'cat split-calls.parent.0' 'getrandom("\\x61\\x63\\xe9\\x5a\\xb0\\x6a\\xee\\x8a", 8, GRND_NONBLOCK) = 8\r\r' ... :: [ 15:24:06 ] :: [ PASS ] :: Command 'cat split-calls.parent.0' (Expected 0, got 0) :: [ 15:24:06 ] :: [ BEGIN ] :: Running 'cat split-calls.parent.1' 'getrandom("\\x14\\x02\\x33\\xbc\\x5a\\xfb\\x27\\xf1\\x0b\\x75\\x34\\x62\\x1d\\xec\\xda\\x5a\\x7c\\x38\\xdf\\xca\\xe3\\x0b\\xba\\x3e\\x61\\xac\\x47\\xf5\\xc4\\x46\\xe0\\x83"..., 56, GRND_RANDOM) = 56\r\r' ...
but openssl-fips-provider is doing:
:: [ 15:24:25 ] :: [ BEGIN ] :: Running 'cat split-calls.child_1.0' 'getrandom("\\x9b\\xfa\\x6d\\xb1\\xff\\xf1\\x9b\\x3f\\x18\\x3f\\xba\\x52\\x4e\\xe0\\xe9\\x07\\x17\\x97\\x85\\xc5\\x28\\xf1\\x03\\xe5\\x2e\\x06\\xee\\x83\\x60\\x34\\x40\\x75", 32, GRND_RANDOM) = 32\r\r' ... :: [ 15:24:25 ] :: [ PASS ] :: Command 'cat split-calls.child_1.0' (Expected 0, got 0) :: [ 15:24:25 ] :: [ BEGIN ] :: Running 'cat split-calls.child_1.1' 'getrandom("\\xdb\\x9d\\xfd\\x96\\xe9\\x18\\x7b\\x17\\x40\\x0f\\xa6\\x7c\\xb2\\x37\\xa3\\x46\\x8c\\x6f\\x7f\\x4a\\xac\\x89\\x15\\xd2\\xdd\\xb7\\x58\\x92\\xfa\\xcd\\xc7\\xc0", 32, GRND_RANDOM) = 32\r\r' ... :: [ 15:24:25 ] :: [ PASS ] :: Command 'cat split-calls.child_1.1' (Expected 0, got 0) :: [ 15:24:25 ] :: [ BEGIN ] :: Running 'cat split-calls.parent.0' 'getrandom("\\xbe\\x5e\\xa0\\x9b\\x15\\xa7\\x0e\\xa7", 8, GRND_NONBLOCK) = 8\r\r' ... :: [ 15:24:25 ] :: [ PASS ] :: Command 'cat split-calls.parent.0' (Expected 0, got 0) ... :: [ 15:24:26 ] :: [ BEGIN ] :: Running 'cat split-calls.parent.4' 'getrandom("\\xc8\\xc6\\x4c\\x60\\x5d\\x5d\\x42\\xc2\\xcc\\x70\\x13\\xcf\\x9f\\x69\\xd3\\x09\\xf3\\xf8\\x78\\x58\\x09\\xaf\\x33\\x73\\xa7\\x88\\x7e\\xdc\\x83\\x2b\\x17\\x2c", 32, GRND_RANDOM) = 32\r\r' ... :: [ 15:24:26 ] :: [ PASS ] :: Command 'cat split-calls.parent.4' (Expected 0, got 0) :: [ 15:24:26 ] :: [ BEGIN ] :: Running 'cat split-calls.parent.5' 'getrandom("\\x9f\\xde\\xea\\xff\\x35\\x9d\\x36\\xb2\\xae\\xc8\\x6e\\x64\\x90\\xaa\\x84\\x2f\\x3f\\xd6\\x14\\x57\\x0d\\x34\\x71\\x79\\xf4\\x1f\\xb2\\x10\\xce\\xc4\\x2d\\xb1", 32, GRND_RANDOM) = 32\r\r' ...
So the real question is: Do we have enough entropy for FIPS mode?