[src/trunk]: src/sys/kern Accept both byte orders for random seed in the kernel.

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/fc43a5c76c57
branches:  trunk
changeset: 931754:fc43a5c76c57
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Thu Apr 30 03:42:23 2020 +0000

description:
Accept both byte orders for random seed in the kernel.

The file format was defined with a machine-dependent 32-bit integer
field (the estimated number of bits of entropy in the process that
generated it).  Fortunately we have a checksum to verify the order.

This way you can use `rndctl -S' on a little-endian machine to
generate a seed when installing NetBSD on a big-endian machine, and
the kernel will accept it on boot.

diffstat:

 sys/kern/kern_entropy.c |  19 ++++++++++++++-----
 1 files changed, 14 insertions(+), 5 deletions(-)

diffs (49 lines):

diff -r 2a4e856ae3cf -r fc43a5c76c57 sys/kern/kern_entropy.c
--- a/sys/kern/kern_entropy.c   Thu Apr 30 03:42:10 2020 +0000
+++ b/sys/kern/kern_entropy.c   Thu Apr 30 03:42:23 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_entropy.c,v 1.1 2020/04/30 03:28:18 riastradh Exp $       */
+/*     $NetBSD: kern_entropy.c,v 1.2 2020/04/30 03:42:23 riastradh Exp $       */
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -77,7 +77,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.1 2020/04/30 03:28:18 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.2 2020/04/30 03:42:23 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -514,8 +514,6 @@
         * but ignore the entropy estimate -- the file may have been
         * incompletely written with garbage, which is harmless to add
         * but may not be as unpredictable as alleged.
-        *
-        * XXX There is a byte order dependency here...
         */
        SHA1Init(&ctx);
        SHA1Update(&ctx, (const void *)&seed->entropy, sizeof(seed->entropy));
@@ -526,9 +524,20 @@
                printf("entropy: invalid seed checksum\n");
                seed->entropy = 0;
        }
-       explicit_memset(&ctx, 0, sizeof &ctx);
+       explicit_memset(&ctx, 0, sizeof ctx);
        explicit_memset(digest, 0, sizeof digest);
 
+       /*
+        * If the entropy is insensibly large, try byte-swapping.
+        * Otherwise assume the file is corrupted and act as though it
+        * has zero entropy.
+        */
+       if (howmany(seed->entropy, NBBY) > sizeof(seed->data)) {
+               seed->entropy = bswap32(seed->entropy);
+               if (howmany(seed->entropy, NBBY) > sizeof(seed->data))
+                       seed->entropy = 0;
+       }
+
        /* Make sure the seed source is attached.  */
        attach_seed_rndsource();