* [PATCH v3 0/2] Use RNG to get random behaviour @ 2020-12-18 9:28 matthias.bgg at kernel.org 2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org 2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org 0 siblings, 2 replies; 8+ messages in thread From: matthias.bgg at kernel.org @ 2020-12-18 9:28 UTC (permalink / raw) To: u-boot From: Matthias Brugger <mbrugger@suse.com> For now bootp and uuid code use a weak seed for generating random data. U-Boot as support for RNG devices now, so we should change to code to use them if they are present. This will help mitigate issues like seen in CVE-2019-11690. Changes in v3: - use IS_ENABLED instead of #if - use 4 byte for entropy - use IS_ENABLED instead of #if Changes in v2: - fix dm_rng_read() parameters - add missing include - fix dm_rng_read() parameters - add missing include file Matthias Brugger (2): lib: uuid: use RNG device if present net: Use NDRNG device in srand_mac() lib/uuid.c | 21 ++++++++++++++++++--- net/net_rand.h | 19 ++++++++++++++++++- 2 files changed, 36 insertions(+), 4 deletions(-) -- 2.29.2 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/2] lib: uuid: use RNG device if present 2020-12-18 9:28 [PATCH v3 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org @ 2020-12-18 9:28 ` matthias.bgg at kernel.org 2020-12-18 9:51 ` Torsten Duwe ` (2 more replies) 2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org 1 sibling, 3 replies; 8+ messages in thread From: matthias.bgg at kernel.org @ 2020-12-18 9:28 UTC (permalink / raw) To: u-boot From: Matthias Brugger <mbrugger@suse.com> When calculating a random UUID we use a weak seed. Use a RNG device if present to increase entropy. Signed-off-by: Matthias Brugger <mbrugger@suse.com> --- Changes in v3: - use IS_ENABLED instead of #if - use 4 byte for entropy Changes in v2: - fix dm_rng_read() parameters - add missing include lib/uuid.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/uuid.c b/lib/uuid.c index e62d5ca264..23af2b4800 100644 --- a/lib/uuid.c +++ b/lib/uuid.c @@ -15,6 +15,8 @@ #include <asm/io.h> #include <part_efi.h> #include <malloc.h> +#include <dm/uclass.h> +#include <rng.h> /* * UUID - Universally Unique IDentifier - 128 bits unique number. @@ -249,9 +251,22 @@ void gen_rand_uuid(unsigned char *uuid_bin) { u32 ptr[4]; struct uuid *uuid = (struct uuid *)ptr; - int i; - - srand(get_ticks() + rand()); + int i, ret; + struct udevice *devp; + u32 randv = 0; + + if (IS_ENABLED(CONFIG_DM_RNG)) { + ret = uclass_get_device(UCLASS_RNG, 0, &devp); + if (ret) { + ret = dm_rng_read(devp, &randv, sizeof(randv)); + if (ret < 0) + randv = 0; + } + } + if (randv) + srand(randv); + else + srand(get_ticks() + rand()); /* Set all fields randomly */ for (i = 0; i < 4; i++) -- 2.29.2 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 1/2] lib: uuid: use RNG device if present 2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org @ 2020-12-18 9:51 ` Torsten Duwe 2021-01-19 20:01 ` Tom Rini 2021-10-22 15:14 ` Patrick DELAUNAY 2 siblings, 0 replies; 8+ messages in thread From: Torsten Duwe @ 2020-12-18 9:51 UTC (permalink / raw) To: u-boot On Fri, 18 Dec 2020 10:28:03 +0100 matthias.bgg at kernel.org wrote: > From: Matthias Brugger <mbrugger@suse.com> > > When calculating a random UUID we use a weak seed. > Use a RNG device if present to increase entropy. > > Signed-off-by: Matthias Brugger <mbrugger@suse.com> Reviewed-by: Torsten Duwe <duwe@suse.de> ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/2] lib: uuid: use RNG device if present 2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org 2020-12-18 9:51 ` Torsten Duwe @ 2021-01-19 20:01 ` Tom Rini 2021-10-22 15:14 ` Patrick DELAUNAY 2 siblings, 0 replies; 8+ messages in thread From: Tom Rini @ 2021-01-19 20:01 UTC (permalink / raw) To: u-boot On Fri, Dec 18, 2020 at 10:28:03AM +0100, matthias.bgg at kernel.org wrote: > From: Matthias Brugger <mbrugger@suse.com> > > When calculating a random UUID we use a weak seed. > Use a RNG device if present to increase entropy. > > Signed-off-by: Matthias Brugger <mbrugger@suse.com> > Reviewed-by: Torsten Duwe <duwe@suse.de> Applied to u-boot/master, thanks! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: not available URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210119/6e9947ad/attachment.sig> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v3 1/2] lib: uuid: use RNG device if present 2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org 2020-12-18 9:51 ` Torsten Duwe 2021-01-19 20:01 ` Tom Rini @ 2021-10-22 15:14 ` Patrick DELAUNAY 2 siblings, 0 replies; 8+ messages in thread From: Patrick DELAUNAY @ 2021-10-22 15:14 UTC (permalink / raw) To: matthias.bgg, joe.hershberger, sjg Cc: u-boot, duwe, pbrobinson, Matthias Brugger Hi On 12/18/20 10:28 AM, matthias.bgg@kernel.org wrote: > From: Matthias Brugger <mbrugger@suse.com> > > When calculating a random UUID we use a weak seed. > Use a RNG device if present to increase entropy. > > Signed-off-by: Matthias Brugger <mbrugger@suse.com> > > --- > > Changes in v3: > - use IS_ENABLED instead of #if > - use 4 byte for entropy > > Changes in v2: > - fix dm_rng_read() parameters > - add missing include > > lib/uuid.c | 21 ++++++++++++++++++--- > 1 file changed, 18 insertions(+), 3 deletions(-) > > diff --git a/lib/uuid.c b/lib/uuid.c > index e62d5ca264..23af2b4800 100644 > --- a/lib/uuid.c > +++ b/lib/uuid.c > @@ -15,6 +15,8 @@ > #include <asm/io.h> > #include <part_efi.h> > #include <malloc.h> > +#include <dm/uclass.h> > +#include <rng.h> > > /* > * UUID - Universally Unique IDentifier - 128 bits unique number. > @@ -249,9 +251,22 @@ void gen_rand_uuid(unsigned char *uuid_bin) > { > u32 ptr[4]; > struct uuid *uuid = (struct uuid *)ptr; > - int i; > - > - srand(get_ticks() + rand()); > + int i, ret; > + struct udevice *devp; > + u32 randv = 0; > + > + if (IS_ENABLED(CONFIG_DM_RNG)) { > + ret = uclass_get_device(UCLASS_RNG, 0, &devp); > + if (ret) { For information, as this patch already merged here we need to test if ret == 0: + if (!ret) { I push a patch to correct this test: "lib: uuid: fix the test on RNG device presence" http://patchwork.ozlabs.org/project/uboot/patch/20211022170544.1.Ib218a8a747f99cab44c3fac6af649f17f003b2e2@changeid/ > + ret = dm_rng_read(devp, &randv, sizeof(randv)); > + if (ret < 0) > + randv = 0; > + } > + } > + if (randv) > + srand(randv); > + else > + srand(get_ticks() + rand()); > > /* Set all fields randomly */ > for (i = 0; i < 4; i++) Regards Patrick ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 2/2] net: Use NDRNG device in srand_mac() 2020-12-18 9:28 [PATCH v3 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org 2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org @ 2020-12-18 9:28 ` matthias.bgg at kernel.org 2020-12-18 9:52 ` Torsten Duwe 2021-01-19 20:01 ` Tom Rini 1 sibling, 2 replies; 8+ messages in thread From: matthias.bgg at kernel.org @ 2020-12-18 9:28 UTC (permalink / raw) To: u-boot From: Matthias Brugger <mbrugger@suse.com> When calling srand_mac we use a weak seed dependent on the mac address. If present, use a RNG device instead to incerase entropy. Signed-off-by: Matthias Brugger <mbrugger@suse.com> --- Changes in v3: - use IS_ENABLED instead of #if Changes in v2: - fix dm_rng_read() parameters - add missing include file net/net_rand.h | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/net/net_rand.h b/net/net_rand.h index 4bf9bd817e..6a52cda85e 100644 --- a/net/net_rand.h +++ b/net/net_rand.h @@ -10,6 +10,8 @@ #define __NET_RAND_H__ #include <common.h> +#include <dm/uclass.h> +#include <rng.h> /* * Return a seed for the PRNG derived from the eth0 MAC address. @@ -37,7 +39,22 @@ static inline unsigned int seed_mac(void) */ static inline void srand_mac(void) { - srand(seed_mac()); + int ret; + struct udevice *devp; + u32 randv = 0; + + if (IS_ENABLED(CONFIG_DM_RNG)) { + ret = uclass_get_device(UCLASS_RNG, 0, &devp); + if (ret) { + ret = dm_rng_read(devp, &randv, sizeof(randv)); + if (ret < 0) + randv = 0; + } + } + if (randv) + srand(randv); + else + srand(seed_mac()); } #endif /* __NET_RAND_H__ */ -- 2.29.2 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 2/2] net: Use NDRNG device in srand_mac() 2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org @ 2020-12-18 9:52 ` Torsten Duwe 2021-01-19 20:01 ` Tom Rini 1 sibling, 0 replies; 8+ messages in thread From: Torsten Duwe @ 2020-12-18 9:52 UTC (permalink / raw) To: u-boot On Fri, 18 Dec 2020 10:28:04 +0100 matthias.bgg at kernel.org wrote: > From: Matthias Brugger <mbrugger@suse.com> > > When calling srand_mac we use a weak seed dependent on the > mac address. If present, use a RNG device instead to incerase entropy. > > Signed-off-by: Matthias Brugger <mbrugger@suse.com> Reviewed-by: Torsten Duwe <duwe@suse.de> ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 2/2] net: Use NDRNG device in srand_mac() 2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org 2020-12-18 9:52 ` Torsten Duwe @ 2021-01-19 20:01 ` Tom Rini 1 sibling, 0 replies; 8+ messages in thread From: Tom Rini @ 2021-01-19 20:01 UTC (permalink / raw) To: u-boot On Fri, Dec 18, 2020 at 10:28:04AM +0100, matthias.bgg at kernel.org wrote: > From: Matthias Brugger <mbrugger@suse.com> > > When calling srand_mac we use a weak seed dependent on the > mac address. If present, use a RNG device instead to incerase entropy. > > Signed-off-by: Matthias Brugger <mbrugger@suse.com> > Reviewed-by: Torsten Duwe <duwe@suse.de> Applied to u-boot/master, thanks! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: not available URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210119/d441b15f/attachment.sig> ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-10-22 15:14 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-12-18 9:28 [PATCH v3 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org 2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org 2020-12-18 9:51 ` Torsten Duwe 2021-01-19 20:01 ` Tom Rini 2021-10-22 15:14 ` Patrick DELAUNAY 2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org 2020-12-18 9:52 ` Torsten Duwe 2021-01-19 20:01 ` Tom Rini
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox