[PATCH v3 0/2] Use RNG to get random behaviour
From: Matthias Brugger mbrugger@suse.com
For now bootp and uuid code use a weak seed for generating random data. U-Boot as support for RNG devices now, so we should change to code to use them if they are present. This will help mitigate issues like seen in CVE-2019-11690.
Changes in v3: - use IS_ENABLED instead of #if - use 4 byte for entropy - use IS_ENABLED instead of #if
Changes in v2: - fix dm_rng_read() parameters - add missing include - fix dm_rng_read() parameters - add missing include file
Matthias Brugger (2): lib: uuid: use RNG device if present net: Use NDRNG device in srand_mac()
lib/uuid.c | 21 ++++++++++++++++++--- net/net_rand.h | 19 ++++++++++++++++++- 2 files changed, 36 insertions(+), 4 deletions(-)
From: Matthias Brugger mbrugger@suse.com
When calculating a random UUID we use a weak seed. Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger mbrugger@suse.com
---
Changes in v3: - use IS_ENABLED instead of #if - use 4 byte for entropy
Changes in v2: - fix dm_rng_read() parameters - add missing include
lib/uuid.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/lib/uuid.c b/lib/uuid.c index e62d5ca264..23af2b4800 100644 --- a/lib/uuid.c +++ b/lib/uuid.c @@ -15,6 +15,8 @@ #include <asm/io.h> #include <part_efi.h> #include <malloc.h> +#include <dm/uclass.h> +#include <rng.h>
/* * UUID - Universally Unique IDentifier - 128 bits unique number. @@ -249,9 +251,22 @@ void gen_rand_uuid(unsigned char *uuid_bin) { u32 ptr[4]; struct uuid *uuid = (struct uuid *)ptr; - int i; - - srand(get_ticks() + rand()); + int i, ret; + struct udevice *devp; + u32 randv = 0; + + if (IS_ENABLED(CONFIG_DM_RNG)) { + ret = uclass_get_device(UCLASS_RNG, 0, &devp); + if (ret) { + ret = dm_rng_read(devp, &randv, sizeof(randv)); + if (ret < 0) + randv = 0; + } + } + if (randv) + srand(randv); + else + srand(get_ticks() + rand());
/* Set all fields randomly */ for (i = 0; i < 4; i++)
On Fri, 18 Dec 2020 10:28:03 +0100 matthias.bgg@kernel.org wrote:
From: Matthias Brugger mbrugger@suse.com
When calculating a random UUID we use a weak seed. Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger mbrugger@suse.com
Reviewed-by: Torsten Duwe duwe@suse.de
On Fri, Dec 18, 2020 at 10:28:03AM +0100, matthias.bgg@kernel.org wrote:
From: Matthias Brugger mbrugger@suse.com
When calculating a random UUID we use a weak seed. Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger mbrugger@suse.com Reviewed-by: Torsten Duwe duwe@suse.de
Applied to u-boot/master, thanks!
Hi
On 12/18/20 10:28 AM, matthias.bgg@kernel.org wrote:
From: Matthias Brugger mbrugger@suse.com
When calculating a random UUID we use a weak seed. Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger mbrugger@suse.com
Changes in v3:
- use IS_ENABLED instead of #if
- use 4 byte for entropy
Changes in v2:
fix dm_rng_read() parameters
add missing include
lib/uuid.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/lib/uuid.c b/lib/uuid.c index e62d5ca264..23af2b4800 100644 --- a/lib/uuid.c +++ b/lib/uuid.c @@ -15,6 +15,8 @@ #include <asm/io.h> #include <part_efi.h> #include <malloc.h> +#include <dm/uclass.h> +#include <rng.h>
/*
- UUID - Universally Unique IDentifier - 128 bits unique number.
@@ -249,9 +251,22 @@ void gen_rand_uuid(unsigned char *uuid_bin) { u32 ptr[4]; struct uuid *uuid = (struct uuid *)ptr;
- int i;
- srand(get_ticks() + rand());
- int i, ret;
- struct udevice *devp;
- u32 randv = 0;
- if (IS_ENABLED(CONFIG_DM_RNG)) {
ret = uclass_get_device(UCLASS_RNG, 0, &devp);if (ret) {
For information, as this patch already merged here we need to test if ret == 0:
+ if (!ret) {
I push a patch to correct this test:
"lib: uuid: fix the test on RNG device presence"
http://patchwork.ozlabs.org/project/uboot/patch/20211022170544.1.Ib218a8a747...
ret = dm_rng_read(devp, &randv, sizeof(randv));if (ret < 0)randv = 0;}}
if (randv)
srand(randv);else
srand(get_ticks() + rand());/* Set all fields randomly */ for (i = 0; i < 4; i++)
Regards
Patrick
From: Matthias Brugger mbrugger@suse.com
When calling srand_mac we use a weak seed dependent on the mac address. If present, use a RNG device instead to incerase entropy.
Signed-off-by: Matthias Brugger mbrugger@suse.com
---
Changes in v3: - use IS_ENABLED instead of #if
Changes in v2: - fix dm_rng_read() parameters - add missing include file
net/net_rand.h | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/net/net_rand.h b/net/net_rand.h index 4bf9bd817e..6a52cda85e 100644 --- a/net/net_rand.h +++ b/net/net_rand.h @@ -10,6 +10,8 @@ #define __NET_RAND_H__
#include <common.h> +#include <dm/uclass.h> +#include <rng.h>
/* * Return a seed for the PRNG derived from the eth0 MAC address. @@ -37,7 +39,22 @@ static inline unsigned int seed_mac(void) */ static inline void srand_mac(void) { - srand(seed_mac()); + int ret; + struct udevice *devp; + u32 randv = 0; + + if (IS_ENABLED(CONFIG_DM_RNG)) { + ret = uclass_get_device(UCLASS_RNG, 0, &devp); + if (ret) { + ret = dm_rng_read(devp, &randv, sizeof(randv)); + if (ret < 0) + randv = 0; + } + } + if (randv) + srand(randv); + else + srand(seed_mac()); }
#endif /* __NET_RAND_H__ */
On Fri, 18 Dec 2020 10:28:04 +0100 matthias.bgg@kernel.org wrote:
From: Matthias Brugger mbrugger@suse.com
When calling srand_mac we use a weak seed dependent on the mac address. If present, use a RNG device instead to incerase entropy.
Signed-off-by: Matthias Brugger mbrugger@suse.com
Reviewed-by: Torsten Duwe duwe@suse.de
On Fri, Dec 18, 2020 at 10:28:04AM +0100, matthias.bgg@kernel.org wrote:
From: Matthias Brugger mbrugger@suse.com
When calling srand_mac we use a weak seed dependent on the mac address. If present, use a RNG device instead to incerase entropy.
Signed-off-by: Matthias Brugger mbrugger@suse.com Reviewed-by: Torsten Duwe duwe@suse.de
Applied to u-boot/master, thanks!
participants (4)
-
matthias.bgg@kernel.org -
Patrick DELAUNAY -
Tom Rini -
Torsten Duwe