Merge branch 'freebsd/current/main' into hardened/current/master

This commit is contained in:
HardenedBSD Sync Services 2024-09-22 06:01:36 -06:00
commit e317cb86c3
No known key found for this signature in database
15 changed files with 86 additions and 18 deletions

View File

@ -38,6 +38,10 @@ ec2_common() {
echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf
# The EFI RNG on Graviton 2 is particularly slow if we ask for the
# default 2048 bytes of entropy; ask for 64 bytes instead.
echo 'entropy_efi_seed_size="64"' >> ${DESTDIR}/boot/loader.conf
# Tell gptboot not to wait 3 seconds for a keypress which will
# never arrive.
printf -- "-n\n" > ${DESTDIR}/boot.config

View File

@ -190,7 +190,9 @@ interp_builtin_cmd(int argc, char *argv[])
cmd = interp_lookup_cmd(argv[0]);
if (cmd != NULL && cmd->c_fn) {
TSENTER2(argv[0]);
result = cmd->c_fn(argc, argv);
TSEXIT();
} else {
command_errmsg = "unknown command";
}

View File

@ -48,8 +48,12 @@ entropy_cache_type="boot_entropy_cache" # Required for the kernel to find
# the boot-time entropy cache. This
# must not change value even if the
# _name above does change!
entropy_efi_seed="YES" # Set this to NO to disable loading
# entropy from the UEFI hardware random number generator API
entropy_efi_seed="YES" # Set this to NO to disable loading
# entropy from the UEFI hardware
# random number generator API
entropy_efi_seed_size="2048" # Set this to a different value to
# change the amount of entropy
# requested from EFI
### RAM Blacklist configuration ############################
ram_blacklist_load="NO" # Set this to YES to load a file

View File

@ -57,6 +57,9 @@
#include <bootstrap.h>
#include <smbios.h>
#include <dev/random/fortuna.h>
#include <geom/eli/pkcs5v2.h>
#include "efizfs.h"
#include "framebuffer.h"
@ -1250,11 +1253,27 @@ command_seed_entropy(int argc, char *argv[])
{
EFI_STATUS status;
EFI_RNG_PROTOCOL *rng;
unsigned int size = 2048;
unsigned int size_efi = RANDOM_FORTUNA_DEFPOOLSIZE * RANDOM_FORTUNA_NPOOLS;
unsigned int size = RANDOM_FORTUNA_DEFPOOLSIZE * RANDOM_FORTUNA_NPOOLS;
void *buf_efi;
void *buf;
if (argc > 1) {
size = strtol(argv[1], NULL, 0);
size_efi = strtol(argv[1], NULL, 0);
/* Don't *compress* the entropy we get from EFI. */
if (size_efi > size)
size = size_efi;
/*
* If the amount of entropy we get from EFI is less than the
* size of a single Fortuna pool -- i.e. not enough to ensure
* that Fortuna is safely seeded -- don't expand it since we
* don't want to trick Fortuna into thinking that it has been
* safely seeded when it has not.
*/
if (size_efi < RANDOM_FORTUNA_DEFPOOLSIZE)
size = size_efi;
}
status = BS->LocateProtocol(&rng_guid, NULL, (VOID **)&rng);
@ -1268,18 +1287,34 @@ command_seed_entropy(int argc, char *argv[])
return (CMD_ERROR);
}
status = rng->GetRNG(rng, NULL, size, (UINT8 *)buf);
if ((buf_efi = malloc(size_efi)) == NULL) {
free(buf);
command_errmsg = "out of memory";
return (CMD_ERROR);
}
TSENTER2("rng->GetRNG");
status = rng->GetRNG(rng, NULL, size_efi, (UINT8 *)buf_efi);
TSEXIT();
if (status != EFI_SUCCESS) {
free(buf_efi);
free(buf);
command_errmsg = "GetRNG failed";
return (CMD_ERROR);
}
if (size_efi < size)
pkcs5v2_genkey_raw(buf, size, "", 0, buf_efi, size_efi, 1);
else
memcpy(buf, buf_efi, size);
if (file_addbuf("efi_rng_seed", "boot_entropy_platform", size, buf) != 0) {
free(buf_efi);
free(buf);
return (CMD_ERROR);
}
explicit_bzero(buf_efi, size_efi);
free(buf_efi);
free(buf);
return (CMD_OK);
}

View File

@ -164,6 +164,10 @@ CFLAGS.bzipfs.c+= -I${SRCTOP}/contrib/bzip2 -DBZ_NO_STDIO -DBZ_NO_COMPRESS
.PATH: ${SYSDIR}/libkern
SRCS+= explicit_bzero.c crc32_libkern.c
# Bits from GELI which are reused elsewhere
.PATH: ${SYSDIR}/geom/eli
SRCS+= g_eli_hmac.c pkcs5v2.c
# Maybe GELI
.if ${MK_LOADER_GELI} == "yes"
.include "${SASRC}/geli/Makefile.inc"

View File

@ -21,10 +21,8 @@ SRCS+= ${i}
.endfor
SRCS+= geliboot.c \
geliboot_crypto.c \
g_eli_hmac.c \
g_eli_key.c \
g_eli_key_cache.c \
pkcs5v2.c \
# aes
.PATH: ${SYSDIR}/opencrypto

View File

@ -369,7 +369,8 @@ end
function core.loadEntropy()
if core.isUEFIBoot() then
if (loader.getenv("entropy_efi_seed") or "no"):lower() == "yes" then
loader.perform("efi-seed-entropy")
local seedsize = loader.getenv("entropy_efi_seed_size") or "2048"
loader.perform("efi-seed-entropy " .. seedsize)
end
end
end

View File

@ -54,4 +54,6 @@ if not core.isMenuSkipped() then
else
-- Load kernel/modules before we go
config.loadelf()
-- Load platform entropy if possible
core.loadEntropy()
end

View File

@ -74,8 +74,6 @@
#include <dev/random/fortuna.h>
/* Defined in FS&K */
#define RANDOM_FORTUNA_NPOOLS 32 /* The number of accumulation pools */
#define RANDOM_FORTUNA_DEFPOOLSIZE 64 /* The default pool size/length for a (re)seed */
#define RANDOM_FORTUNA_MAX_READ (1 << 20) /* Max bytes from AES before rekeying */
#define RANDOM_FORTUNA_BLOCKS_PER_KEY (1 << 16) /* Max blocks from AES before rekeying */
CTASSERT(RANDOM_FORTUNA_BLOCKS_PER_KEY * RANDOM_BLOCKSIZE ==

View File

@ -27,6 +27,10 @@
#ifndef SYS_DEV_RANDOM_FORTUNA_H_INCLUDED
#define SYS_DEV_RANDOM_FORTUNA_H_INCLUDED
/* Defined in FS&K */
#define RANDOM_FORTUNA_NPOOLS 32 /* The number of accumulation pools */
#define RANDOM_FORTUNA_DEFPOOLSIZE 64 /* The default pool size/length for a (re)seed */
#ifdef _KERNEL
typedef struct mtx mtx_t;
#define RANDOM_RESEED_INIT_LOCK(x) mtx_init(&fortuna_state.fs_mtx, "reseed mutex", NULL, MTX_DEF)

View File

@ -54,6 +54,7 @@
#include <crypto/rijndael/rijndael-api-fst.h>
#include <crypto/sha2/sha256.h>
#include <dev/random/fortuna.h>
#include <dev/random/hash.h>
#include <dev/random/randomdev.h>
#include <dev/random/random_harvestq.h>
@ -259,8 +260,8 @@ random_sources_feed(void)
* stuck for a few seconds with random_kthread gradually collecting a
* small chunk of entropy every 1 / RANDOM_KTHREAD_HZ seconds.
*
* The value 64 below is RANDOM_FORTUNA_DEFPOOLSIZE, i.e. chosen to
* fill Fortuna's pools in the default configuration. With another
* We collect RANDOM_FORTUNA_DEFPOOLSIZE bytes per pool, i.e. enough
* to fill Fortuna's pools in the default configuration. With another
* PRNG or smaller pools for Fortuna, we might collect more entropy
* than needed to fill the pools, but this is harmless; alternatively,
* a different PRNG, larger pools, or fast entropy sources which are
@ -270,8 +271,8 @@ random_sources_feed(void)
* try again for a large amount of entropy.
*/
if (!p_random_alg_context->ra_seeded())
npools = howmany(p_random_alg_context->ra_poolcount * 64,
sizeof(entropy));
npools = howmany(p_random_alg_context->ra_poolcount *
RANDOM_FORTUNA_DEFPOOLSIZE, sizeof(entropy));
/*
* Step over all of live entropy sources, and feed their output

View File

@ -586,8 +586,6 @@
#define HDA_CODEC_ALC295 HDA_CODEC_CONSTRUCT(REALTEK, 0x0295)
#define HDA_CODEC_ALC298 HDA_CODEC_CONSTRUCT(REALTEK, 0x0298)
#define HDA_CODEC_ALC299 HDA_CODEC_CONSTRUCT(REALTEK, 0x0299)
#define HDA_CODEC_ALC292 HDA_CODEC_CONSTRUCT(REALTEK, 0x0292)
#define HDA_CODEC_ALC295 HDA_CODEC_CONSTRUCT(REALTEK, 0x0295)
#define HDA_CODEC_ALC300 HDA_CODEC_CONSTRUCT(REALTEK, 0x0300)
#define HDA_CODEC_ALC623 HDA_CODEC_CONSTRUCT(REALTEK, 0x0623)
#define HDA_CODEC_ALC660 HDA_CODEC_CONSTRUCT(REALTEK, 0x0660)

View File

@ -51,13 +51,22 @@ void
pkcs5v2_genkey(uint8_t *key, unsigned keylen, const uint8_t *salt,
size_t saltsize, const char *passphrase, u_int iterations)
{
pkcs5v2_genkey_raw(key, keylen, salt, saltsize, passphrase,
strlen(passphrase), iterations);
}
void
pkcs5v2_genkey_raw(uint8_t *key, unsigned keylen, const uint8_t *salt,
size_t saltsize, const uint8_t *passphrase, size_t passlen,
u_int iterations)
{
uint8_t md[SHA512_MDLEN], saltcount[saltsize + sizeof(uint32_t)];
uint8_t *counter, *keyp;
u_int i, bsize, passlen;
u_int i, bsize;
uint32_t count;
struct hmac_ctx startpoint, ctx;
passlen = strlen(passphrase);
bzero(key, keylen);
bcopy(salt, saltcount, saltsize);
counter = saltcount + saltsize;

View File

@ -30,6 +30,9 @@
#define _PKCS5V2_H_
void pkcs5v2_genkey(uint8_t *key, unsigned keylen, const uint8_t *salt,
size_t saltsize, const char *passphrase, u_int iterations);
void pkcs5v2_genkey_raw(uint8_t *key, unsigned keylen, const uint8_t *salt,
size_t saltsize, const uint8_t *passphrase, size_t passlen,
u_int iterations);
#ifndef _KERNEL
int pkcs5v2_calculate(int usecs);
#endif

View File

@ -788,6 +788,11 @@ hda_corb_run(struct hda_softc *sc)
int err;
corb->wp = hda_get_reg_by_offset(sc, HDAC_CORBWP);
if (corb->wp >= corb->size) {
DPRINTF("Invalid HDAC_CORBWP %u >= size %u", corb->wp,
corb->size);
return (-1);
}
while (corb->rp != corb->wp && corb->run) {
corb->rp++;