[PATCH 1/1] tools: use adequate entropy source for initialization vector
The random() function is unsafe to initialize cryptographic data. Use getrandom() which reads from /dev/urandom instead.
getrandom() is available on Linux sine release 3.17 and on BSD.
Addresses-Coverity-ID: 312953 Calling risky function Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com --- tools/image-host.c | 36 +++--------------------------------- 1 file changed, 3 insertions(+), 33 deletions(-)
diff --git a/tools/image-host.c b/tools/image-host.c index b2a0f2e6d16..d30a235baf6 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -13,11 +13,11 @@ #include <fdt_region.h> #include <image.h> #include <version.h> - #if CONFIG_IS_ENABLED(FIT_SIGNATURE) #include <openssl/pem.h> #include <openssl/evp.h> #endif +#include <sys/random.h>
/** * fit_set_hash_value - set hash value in requested has node @@ -364,36 +364,6 @@ static int fit_image_read_key_iv_data(const char *keydir, const char *key_iv_nam return ret; }
-static int get_random_data(void *data, int size) -{ - unsigned char *tmp = data; - struct timespec date; - int i, ret; - - if (!tmp) { - fprintf(stderr, "%s: pointer data is NULL\n", __func__); - ret = -1; - goto out; - } - - ret = clock_gettime(CLOCK_MONOTONIC, &date); - if (ret) { - fprintf(stderr, "%s: clock_gettime has failed (%s)\n", __func__, - strerror(errno)); - goto out; - } - - srandom(date.tv_nsec); - - for (i = 0; i < size; i++) { - *tmp = random() & 0xff; - tmp++; - } - - out: - return ret; -} - static int fit_image_setup_cipher(struct image_cipher_info *info, const char *keydir, void *fit, const char *image_name, int image_noffset, @@ -465,8 +435,8 @@ static int fit_image_setup_cipher(struct image_cipher_info *info, if (ret < 0) goto out; } else { - /* Generate an ramdom IV */ - ret = get_random_data((void *)info->iv, info->cipher->iv_len); + /* Generate a ramdom initialization vector */ + ret = getrandom((void *)info->iv, info->cipher->iv_len, 0); }
out:
From: Heinrich Schuchardt heinrich.schuchardt@canonical.com Date: Thu, 11 Apr 2024 01:31:16 +0200
The random() function is unsafe to initialize cryptographic data. Use getrandom() which reads from /dev/urandom instead.
getrandom() is available on Linux sine release 3.17 and on BSD.
NACK
getrandom() isn't evailable on OpenBSD. Either use getentropy() or arc4random_buf() instead.
Addresses-Coverity-ID: 312953 Calling risky function Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
tools/image-host.c | 36 +++--------------------------------- 1 file changed, 3 insertions(+), 33 deletions(-)
diff --git a/tools/image-host.c b/tools/image-host.c index b2a0f2e6d16..d30a235baf6 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -13,11 +13,11 @@ #include <fdt_region.h> #include <image.h> #include <version.h>
#if CONFIG_IS_ENABLED(FIT_SIGNATURE) #include <openssl/pem.h> #include <openssl/evp.h> #endif +#include <sys/random.h>
/**
- fit_set_hash_value - set hash value in requested has node
@@ -364,36 +364,6 @@ static int fit_image_read_key_iv_data(const char *keydir, const char *key_iv_nam return ret; }
-static int get_random_data(void *data, int size) -{
- unsigned char *tmp = data;
- struct timespec date;
- int i, ret;
- if (!tmp) {
fprintf(stderr, "%s: pointer data is NULL\n", __func__);ret = -1;goto out;- }
- ret = clock_gettime(CLOCK_MONOTONIC, &date);
- if (ret) {
fprintf(stderr, "%s: clock_gettime has failed (%s)\n", __func__,strerror(errno));goto out;- }
- srandom(date.tv_nsec);
- for (i = 0; i < size; i++) {
*tmp = random() & 0xff;tmp++;- }
- out:
- return ret;
-}
static int fit_image_setup_cipher(struct image_cipher_info *info, const char *keydir, void *fit, const char *image_name, int image_noffset, @@ -465,8 +435,8 @@ static int fit_image_setup_cipher(struct image_cipher_info *info, if (ret < 0) goto out; } else {
/* Generate an ramdom IV */ret = get_random_data((void *)info->iv, info->cipher->iv_len);
/* Generate a ramdom initialization vector */ret = getrandom((void *)info->iv, info->cipher->iv_len, 0);}
out:
-- 2.43.0
On 4/11/24 01:46, Mark Kettenis wrote:
From: Heinrich Schuchardt heinrich.schuchardt@canonical.com Date: Thu, 11 Apr 2024 01:31:16 +0200
The random() function is unsafe to initialize cryptographic data. Use getrandom() which reads from /dev/urandom instead.
getrandom() is available on Linux sine release 3.17 and on BSD.
NACK
getrandom() isn't evailable on OpenBSD. Either use getentropy() or arc4random_buf() instead.
Thanks for reviewing. arc4random_buf() was added to glibc only in 2022. So there might be too many users not using a recent enough Linux distro. So I guess getentropy() is a better choice.
Best regards
Heinrich
Addresses-Coverity-ID: 312953 Calling risky function Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
tools/image-host.c | 36 +++--------------------------------- 1 file changed, 3 insertions(+), 33 deletions(-)
diff --git a/tools/image-host.c b/tools/image-host.c index b2a0f2e6d16..d30a235baf6 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -13,11 +13,11 @@ #include <fdt_region.h> #include <image.h> #include <version.h>
- #if CONFIG_IS_ENABLED(FIT_SIGNATURE) #include <openssl/pem.h> #include <openssl/evp.h> #endif
+#include <sys/random.h>
/**
- fit_set_hash_value - set hash value in requested has node
@@ -364,36 +364,6 @@ static int fit_image_read_key_iv_data(const char *keydir, const char *key_iv_nam return ret; }
-static int get_random_data(void *data, int size) -{
- unsigned char *tmp = data;
- struct timespec date;
- int i, ret;
- if (!tmp) {
fprintf(stderr, "%s: pointer data is NULL\n", __func__);ret = -1;goto out;- }
- ret = clock_gettime(CLOCK_MONOTONIC, &date);
- if (ret) {
fprintf(stderr, "%s: clock_gettime has failed (%s)\n", __func__,strerror(errno));goto out;- }
- srandom(date.tv_nsec);
- for (i = 0; i < size; i++) {
*tmp = random() & 0xff;tmp++;- }
- out:
- return ret;
-}
- static int fit_image_setup_cipher(struct image_cipher_info *info, const char *keydir, void *fit, const char *image_name, int image_noffset,
@@ -465,8 +435,8 @@ static int fit_image_setup_cipher(struct image_cipher_info *info, if (ret < 0) goto out; } else {
/* Generate an ramdom IV */ret = get_random_data((void *)info->iv, info->cipher->iv_len);
/* Generate a ramdom initialization vector */ret = getrandom((void *)info->iv, info->cipher->iv_len, 0);}
out:
-- 2.43.0
participants (2)
-
Heinrich Schuchardt -
Mark Kettenis