lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 23 Sep 2022 13:53:21 +0200
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     linux-m68k@...ts.linux-m68k.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] m68k: virt: generate new RNG seed on reboot

Hi Geert,

On Fri, Sep 23, 2022 at 1:30 PM Geert Uytterhoeven <geert@...ux-m68k.org> wrote:
> > +static struct bi_record *rng_seed_record;
>
> This can be const...
> >                 memzero_explicit((void *)data, len + 2);
> > +                /* Store a reference to be filled in on reboot. */
> > +               rng_seed_record = (void *)record;
>
> ... so this cast can be dropped.

Will do.

>
> > +
> >  static void virt_reset(void)
> >  {
> >         void __iomem *base = (void __iomem *)virt_bi_data.ctrl.mmio;
> >
> > +       if (rng_seed_record && rng_seed_record->size > sizeof(*rng_seed_record) + 2) {
> > +               u16 len = rng_seed_record->size - sizeof(*rng_seed_record) - 2;
> > +               get_random_bytes((u8 *)rng_seed_record->data + 2, len);
> > +               *(u16 *)rng_seed_record->data = len;
>
> Wouldn't it be simpler to just use the existing length?
>
>     if (rnd_seed_record) {
>            u16 len = be16_to_cpup(data);
>            get_random_bytes((u8 *)rng_seed_record->data + 2, len);
>     }

No, that would not work. len is 0 there, since we zero out the bytes
after use for forward secrecy, and we zero out the length, so that we
don't wind up feeding it zeros.

>
> However, I have my doubts this will actually work. Was this tested?
> The bootinfo is passed from userspace, usually by reading
> /proc/bootinfo, and adapting it where needed.
> So I think you should implement this in kexec-tools instead.

Yes, this was tested. This is to handle the reboot case, just as the
commit subject says. Specifically, calling `reboot(RB_AUTOBOOT);`.

It does *not* handle kexec. For that, indeed, kexec-tools needs to be
augmented, but that's a separate patch that doesn't need to interact
with this one.

The way I tested this is by having my initramfs just call
`reboot(RB_AUTOBOOT);`, and having add_bootloader_randomness() print
its contents to the console. I checked that it was both present and
different every time.

I'll send a v2 with that const fix.

Jason

Powered by blists - more mailing lists