Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent crash on failure to source secure randomness #2300

Merged
merged 6 commits into from
Mar 1, 2025
Merged

Prevent crash on failure to source secure randomness #2300

merged 6 commits into from
Mar 1, 2025

Conversation

DL6ER
Copy link
Member

@DL6ER DL6ER commented Feb 27, 2025
edited
Loading

What does this implement/fix?

Good entropy is the fundamental basis for good cryptography (DNSSEC, password hashing) and SSL or TLS. If your entropy is weak or predictable, a strong adversary can break your security. This PR adds two fallback layers in case secure (hardware) randomness is not available because the kernel is (a) too old or (b) the feature has actively been disabled. The last layer (an internal DRBG) should always work.

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)

Checklist:

  • The code change is tested and works locally.
  • I based my code and PRs against the repositories developmental branch.
  • I signed off all commits. Pi-hole enforces the DCO for all contributions
  • I signed all my commits. Pi-hole requires signatures to verify authorship
  • I have read the above and my PR is ready for review.

@DL6ER DL6ER added the Bugfix label Feb 27, 2025
DL6ER added 4 commits February 28, 2025 17:09
@DL6ER
Increase scope of mbedtls entropy gathering and random number generat…
7c0deab 
…or to application-wide scope

Signed-off-by: DL6ER <[email protected]>
@DL6ER
Use /etc/machine-id (the unique 128-bit machine ID of the local syste…
99165db 
…m that is set during installation or boot) for random number generation initialization

Signed-off-by: DL6ER <[email protected]>
@DL6ER
Add two fallback options to secure randomness generation. If getrando…
778cc66 
…m() fails, we first try manually sourcing from /dev/urandom ourselves to exclude this being a simple library error. If this does not work either, we resort to using mbedtls' DRBG method.

Signed-off-by: DL6ER <[email protected]>
@DL6ER
Reduce code duplication in init_entropy()
b943517 
Signed-off-by: DL6ER <[email protected]>
@DL6ER DL6ER force-pushed the fix/randomness_crash branch from b16d001 to b943517 Compare February 28, 2025 16:31
@DL6ER DL6ER requested a review from a team February 28, 2025 18:57
@DL6ER
Copy link
Member Author

DL6ER commented Feb 28, 2025

First success reports incoming on #2242 (comment), I will mark this as "ready for review".

@DL6ER DL6ER marked this pull request as ready for review February 28, 2025 18:59
PromoFaux
PromoFaux previously approved these changes Feb 28, 2025
View reviewed changes
Copy link
Member

@PromoFaux PromoFaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on positive feedback from testers

yubiuser
yubiuser reviewed Mar 1, 2025
View reviewed changes
@DL6ER
Remove debug logging and convert a few INFO to DEBUG_API messages to …
1bd92e7 
…avoid spamming user logs on systems which are permanently broken

Signed-off-by: DL6ER <[email protected]>
@DL6ER
Copy link
Member Author

DL6ER commented Mar 1, 2025

Updated the PR description, assuming the approval still holds after demoting the print statements from INFO to DEBUG_API.

@DL6ER DL6ER merged commit d154623 into development Mar 1, 2025
18 checks passed
@DL6ER DL6ER deleted the fix/randomness_crash branch March 1, 2025 06:30
This was referenced Mar 1, 2025
Merged
Closed
Closed
@uurf uurf mentioned this pull request Mar 5, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yubiuser yubiuser yubiuser left review comments

@PromoFaux PromoFaux PromoFaux left review comments

Assignees
No one assigned
Labels
Bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DL6ER @PromoFaux @yubiuser