* [PATCH v3 0/2] Use RNG to get random behaviour
@ 2020-12-18 9:28 matthias.bgg at kernel.org
2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
0 siblings, 2 replies; 8+ messages in thread
From: matthias.bgg at kernel.org @ 2020-12-18 9:28 UTC (permalink / raw)
To: u-boot
From: Matthias Brugger <mbrugger@suse.com>
For now bootp and uuid code use a weak seed for generating random data.
U-Boot as support for RNG devices now, so we should change to code to
use them if they are present. This will help mitigate issues like seen
in CVE-2019-11690.
Changes in v3:
- use IS_ENABLED instead of #if
- use 4 byte for entropy
- use IS_ENABLED instead of #if
Changes in v2:
- fix dm_rng_read() parameters
- add missing include
- fix dm_rng_read() parameters
- add missing include file
Matthias Brugger (2):
lib: uuid: use RNG device if present
net: Use NDRNG device in srand_mac()
lib/uuid.c | 21 ++++++++++++++++++---
net/net_rand.h | 19 ++++++++++++++++++-
2 files changed, 36 insertions(+), 4 deletions(-)
--
2.29.2
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/2] lib: uuid: use RNG device if present
2020-12-18 9:28 [PATCH v3 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
@ 2020-12-18 9:28 ` matthias.bgg at kernel.org
2020-12-18 9:51 ` Torsten Duwe
` (2 more replies)
2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
1 sibling, 3 replies; 8+ messages in thread
From: matthias.bgg at kernel.org @ 2020-12-18 9:28 UTC (permalink / raw)
To: u-boot
From: Matthias Brugger <mbrugger@suse.com>
When calculating a random UUID we use a weak seed.
Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
---
Changes in v3:
- use IS_ENABLED instead of #if
- use 4 byte for entropy
Changes in v2:
- fix dm_rng_read() parameters
- add missing include
lib/uuid.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/lib/uuid.c b/lib/uuid.c
index e62d5ca264..23af2b4800 100644
--- a/lib/uuid.c
+++ b/lib/uuid.c
@@ -15,6 +15,8 @@
#include <asm/io.h>
#include <part_efi.h>
#include <malloc.h>
+#include <dm/uclass.h>
+#include <rng.h>
/*
* UUID - Universally Unique IDentifier - 128 bits unique number.
@@ -249,9 +251,22 @@ void gen_rand_uuid(unsigned char *uuid_bin)
{
u32 ptr[4];
struct uuid *uuid = (struct uuid *)ptr;
- int i;
-
- srand(get_ticks() + rand());
+ int i, ret;
+ struct udevice *devp;
+ u32 randv = 0;
+
+ if (IS_ENABLED(CONFIG_DM_RNG)) {
+ ret = uclass_get_device(UCLASS_RNG, 0, &devp);
+ if (ret) {
+ ret = dm_rng_read(devp, &randv, sizeof(randv));
+ if (ret < 0)
+ randv = 0;
+ }
+ }
+ if (randv)
+ srand(randv);
+ else
+ srand(get_ticks() + rand());
/* Set all fields randomly */
for (i = 0; i < 4; i++)
--
2.29.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 2/2] net: Use NDRNG device in srand_mac()
2020-12-18 9:28 [PATCH v3 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
@ 2020-12-18 9:28 ` matthias.bgg at kernel.org
2020-12-18 9:52 ` Torsten Duwe
2021-01-19 20:01 ` Tom Rini
1 sibling, 2 replies; 8+ messages in thread
From: matthias.bgg at kernel.org @ 2020-12-18 9:28 UTC (permalink / raw)
To: u-boot
From: Matthias Brugger <mbrugger@suse.com>
When calling srand_mac we use a weak seed dependent on the
mac address. If present, use a RNG device instead to incerase entropy.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
---
Changes in v3:
- use IS_ENABLED instead of #if
Changes in v2:
- fix dm_rng_read() parameters
- add missing include file
net/net_rand.h | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/net/net_rand.h b/net/net_rand.h
index 4bf9bd817e..6a52cda85e 100644
--- a/net/net_rand.h
+++ b/net/net_rand.h
@@ -10,6 +10,8 @@
#define __NET_RAND_H__
#include <common.h>
+#include <dm/uclass.h>
+#include <rng.h>
/*
* Return a seed for the PRNG derived from the eth0 MAC address.
@@ -37,7 +39,22 @@ static inline unsigned int seed_mac(void)
*/
static inline void srand_mac(void)
{
- srand(seed_mac());
+ int ret;
+ struct udevice *devp;
+ u32 randv = 0;
+
+ if (IS_ENABLED(CONFIG_DM_RNG)) {
+ ret = uclass_get_device(UCLASS_RNG, 0, &devp);
+ if (ret) {
+ ret = dm_rng_read(devp, &randv, sizeof(randv));
+ if (ret < 0)
+ randv = 0;
+ }
+ }
+ if (randv)
+ srand(randv);
+ else
+ srand(seed_mac());
}
#endif /* __NET_RAND_H__ */
--
2.29.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 1/2] lib: uuid: use RNG device if present
2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
@ 2020-12-18 9:51 ` Torsten Duwe
2021-01-19 20:01 ` Tom Rini
2021-10-22 15:14 ` Patrick DELAUNAY
2 siblings, 0 replies; 8+ messages in thread
From: Torsten Duwe @ 2020-12-18 9:51 UTC (permalink / raw)
To: u-boot
On Fri, 18 Dec 2020 10:28:03 +0100
matthias.bgg at kernel.org wrote:
> From: Matthias Brugger <mbrugger@suse.com>
>
> When calculating a random UUID we use a weak seed.
> Use a RNG device if present to increase entropy.
>
> Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 2/2] net: Use NDRNG device in srand_mac()
2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
@ 2020-12-18 9:52 ` Torsten Duwe
2021-01-19 20:01 ` Tom Rini
1 sibling, 0 replies; 8+ messages in thread
From: Torsten Duwe @ 2020-12-18 9:52 UTC (permalink / raw)
To: u-boot
On Fri, 18 Dec 2020 10:28:04 +0100
matthias.bgg at kernel.org wrote:
> From: Matthias Brugger <mbrugger@suse.com>
>
> When calling srand_mac we use a weak seed dependent on the
> mac address. If present, use a RNG device instead to incerase entropy.
>
> Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/2] lib: uuid: use RNG device if present
2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
2020-12-18 9:51 ` Torsten Duwe
@ 2021-01-19 20:01 ` Tom Rini
2021-10-22 15:14 ` Patrick DELAUNAY
2 siblings, 0 replies; 8+ messages in thread
From: Tom Rini @ 2021-01-19 20:01 UTC (permalink / raw)
To: u-boot
On Fri, Dec 18, 2020 at 10:28:03AM +0100, matthias.bgg at kernel.org wrote:
> From: Matthias Brugger <mbrugger@suse.com>
>
> When calculating a random UUID we use a weak seed.
> Use a RNG device if present to increase entropy.
>
> Signed-off-by: Matthias Brugger <mbrugger@suse.com>
> Reviewed-by: Torsten Duwe <duwe@suse.de>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210119/6e9947ad/attachment.sig>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 2/2] net: Use NDRNG device in srand_mac()
2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
2020-12-18 9:52 ` Torsten Duwe
@ 2021-01-19 20:01 ` Tom Rini
1 sibling, 0 replies; 8+ messages in thread
From: Tom Rini @ 2021-01-19 20:01 UTC (permalink / raw)
To: u-boot
On Fri, Dec 18, 2020 at 10:28:04AM +0100, matthias.bgg at kernel.org wrote:
> From: Matthias Brugger <mbrugger@suse.com>
>
> When calling srand_mac we use a weak seed dependent on the
> mac address. If present, use a RNG device instead to incerase entropy.
>
> Signed-off-by: Matthias Brugger <mbrugger@suse.com>
> Reviewed-by: Torsten Duwe <duwe@suse.de>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210119/d441b15f/attachment.sig>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v3 1/2] lib: uuid: use RNG device if present
2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
2020-12-18 9:51 ` Torsten Duwe
2021-01-19 20:01 ` Tom Rini
@ 2021-10-22 15:14 ` Patrick DELAUNAY
2 siblings, 0 replies; 8+ messages in thread
From: Patrick DELAUNAY @ 2021-10-22 15:14 UTC (permalink / raw)
To: matthias.bgg, joe.hershberger, sjg
Cc: u-boot, duwe, pbrobinson, Matthias Brugger
Hi
On 12/18/20 10:28 AM, matthias.bgg@kernel.org wrote:
> From: Matthias Brugger <mbrugger@suse.com>
>
> When calculating a random UUID we use a weak seed.
> Use a RNG device if present to increase entropy.
>
> Signed-off-by: Matthias Brugger <mbrugger@suse.com>
>
> ---
>
> Changes in v3:
> - use IS_ENABLED instead of #if
> - use 4 byte for entropy
>
> Changes in v2:
> - fix dm_rng_read() parameters
> - add missing include
>
> lib/uuid.c | 21 ++++++++++++++++++---
> 1 file changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/lib/uuid.c b/lib/uuid.c
> index e62d5ca264..23af2b4800 100644
> --- a/lib/uuid.c
> +++ b/lib/uuid.c
> @@ -15,6 +15,8 @@
> #include <asm/io.h>
> #include <part_efi.h>
> #include <malloc.h>
> +#include <dm/uclass.h>
> +#include <rng.h>
>
> /*
> * UUID - Universally Unique IDentifier - 128 bits unique number.
> @@ -249,9 +251,22 @@ void gen_rand_uuid(unsigned char *uuid_bin)
> {
> u32 ptr[4];
> struct uuid *uuid = (struct uuid *)ptr;
> - int i;
> -
> - srand(get_ticks() + rand());
> + int i, ret;
> + struct udevice *devp;
> + u32 randv = 0;
> +
> + if (IS_ENABLED(CONFIG_DM_RNG)) {
> + ret = uclass_get_device(UCLASS_RNG, 0, &devp);
> + if (ret) {
For information, as this patch already merged
here we need to test if ret == 0:
+ if (!ret) {
I push a patch to correct this test:
"lib: uuid: fix the test on RNG device presence"
http://patchwork.ozlabs.org/project/uboot/patch/20211022170544.1.Ib218a8a747f99cab44c3fac6af649f17f003b2e2@changeid/
> + ret = dm_rng_read(devp, &randv, sizeof(randv));
> + if (ret < 0)
> + randv = 0;
> + }
> + }
> + if (randv)
> + srand(randv);
> + else
> + srand(get_ticks() + rand());
>
> /* Set all fields randomly */
> for (i = 0; i < 4; i++)
Regards
Patrick
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-10-22 15:14 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-18 9:28 [PATCH v3 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
2020-12-18 9:28 ` [PATCH v3 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
2020-12-18 9:51 ` Torsten Duwe
2021-01-19 20:01 ` Tom Rini
2021-10-22 15:14 ` Patrick DELAUNAY
2020-12-18 9:28 ` [PATCH v3 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
2020-12-18 9:52 ` Torsten Duwe
2021-01-19 20:01 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.