** Changed in: openssl (Ubuntu)
Status: New => Invalid
** Changed in: openssl (Ubuntu Bionic)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
@Dietmar May (dietmar.may)
All the kernel config options mentioned are enabled, at least in the Ubuntu
19.10 kernel. And i would have expected them to be on in previous releases too,
but didn't check.
I do wonder if ubuntu-drivers-common should detect that hw rng device is
available and offer
@seth this was only added very recently
https://github.com/systemd/systemd/commit/26ded55709947d936634f1de0f43dcf88f594621
Not on by default, and services need to order After=systemd-random-
seed.service to guarantee initialized random pool.
Low entropy is an issue, Excessive entropy usage is
** Tags added: bionic-openssl-1.1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1835464
Title:
nginx service fails after libssl update due to low entropy at boot
Status
I read through Bionic's systemd-random-seed.service source (src/random-
seed/random-seed.c) and didn't see any references to RNDADDTOENTCNT or
RNDADDENTROPY, the ioctl(2)s that are used to indicate to the kernel
that added entropy should be used for the random(4) device. Maybe
they're hidden
@racb
I'm not sure that I would consider it normal or expected, though, for
system services to suddenly stop working due to regular updates, and for
a server to suddenly become unreachable and unresponsive just because it
was updated.
On the other hand, it's certainly not desirable for a system
** Changed in: nginx (Ubuntu)
Status: Incomplete => Opinion
** Changed in: nginx (Ubuntu Bionic)
Status: Incomplete => Opinion
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
I think understand the problem here, but it isn't clear to me that it's
a bug in the openssl update either. It is surely normal and expected
that regular updates (including security updates) might result in a
greater entropy requirement.
It would be nice if we could arrange things to block for
@teward
No, I'm not sure whether it's an nginx bug.
openssl packages were updated; nginx package is at the same version.
Basically, it looks like an openssl call that previously succeeded (and
probably gave questionable responses) now has become a blocking call
that doesn't return until
@xnox
In my case, this is on a TI AM3352 processor. The key config item is:
CONFIG_HW_RANDOM_OMAP=m
TI's docs indicate that the following is important:
CONFIG_CRYPTO_DEV_OMAP_SHAM=y
And these may be related:
CONFIG_CRYPTO_DEV_OMAP_AES=y
CONFIG_CRYPTO_SHA256_ARM=y
CONFIG_CRYPTO_SHA512_ARM=y
** Also affects: openssl (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: nginx (Ubuntu Bionic)
Status: New => Incomplete
--
You received this bug notification because you are a
Tagging regression-update since the claim here is it was as a
consequence of the OpenSSL SRU (regardless of where we determine the bug
actually is, it still got exposed by that update).
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
** Changed in: nginx (Ubuntu)
Status: New => Incomplete
** Also affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
13 matches
Mail list logo
