Try to load entropy data from disk:/etc/random.seed, and additionally

use a MD-supplied random function.  Then, insert this into the ELF
openbsd.randomdata of the kernel, so that it has entropy right from
the start.  Some help from jsing for the softraid aspects.
Also tested by phessler

11 files changed, 25 insertions, 19 deletions

diff --git a/sys/arch/alpha/stand/boot/boot.c b/sys/arch/alpha/stand/boot/boot.c
index 648ddc9a8c6..5f22c1ff3b1 100644
--- a/sys/arch/alpha/stand/boot/boot.c
+++ b/sys/arch/alpha/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.c,v 1.20 2011/06/05 21:49:36 miod Exp $	*/
+/*	$OpenBSD: boot.c,v 1.21 2013/12/28 02:51:06 deraadt Exp $	*/
 /*	$NetBSD: boot.c,v 1.10 1997/01/18 01:58:33 cgd Exp $	*/
 
 /*
@@ -57,6 +57,8 @@ paddr_t ptbr_save;
 
 int debug;
 
+char   rnddata[BOOTRANDOM_MAX];		/* XXX dummy */
+
 int
 main()
 {
diff --git a/sys/arch/amd64/stand/Makefile.inc b/sys/arch/amd64/stand/Makefile.inc
index bea81fb3d83..78aa8fb2f37 100644
--- a/sys/arch/amd64/stand/Makefile.inc
+++ b/sys/arch/amd64/stand/Makefile.inc
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile.inc,v 1.9 2013/01/17 12:37:44 jsing Exp $
+#	$OpenBSD: Makefile.inc,v 1.10 2013/12/28 02:51:06 deraadt Exp $
 
 CFLAGS=${DEBUG} ${COPTS} -Os -Wall -Werror
-CFLAGS+=	-fno-stack-protector
+CFLAGS+=	-fno-stack-protector -DMDRANDOM
 CDIAGFLAGS=
 CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR}
 SACFLAGS=-D_STANDALONE
diff --git a/sys/arch/amd64/stand/boot/Makefile b/sys/arch/amd64/stand/boot/Makefile
index 77955079a2f..2f11b72cf37 100644
--- a/sys/arch/amd64/stand/boot/Makefile
+++ b/sys/arch/amd64/stand/boot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.24 2013/06/02 21:01:48 guenther Exp $
+#	$OpenBSD: Makefile,v 1.25 2013/12/28 02:51:06 deraadt Exp $
 
 COPTS?=
 MAN?=	boot.8
@@ -22,7 +22,7 @@ LDFLAGS+=-nostdlib -Bstatic -Ttext $(LINKADDR) -N -x -nopie
 LDFLAGS+=-melf_i386 -L/usr/libdata 
 
 .PATH:	${SADIR}/libsa
-SRCS+=	alloca.S gidt.S
+SRCS+=	alloca.S gidt.S random_i386.S
 SRCS+=	cmd_i386.c dev_i386.c exec_i386.c gateA20.c machdep.c
 SRCS+=	bioscons.c biosdev.c diskprobe.c memprobe.c time.c
 .if ${SOFTRAID:L} == "yes"
diff --git a/sys/arch/amd64/stand/cdboot/Makefile b/sys/arch/amd64/stand/cdboot/Makefile
index 18d12b52718..f3d3fb37a91 100644
--- a/sys/arch/amd64/stand/cdboot/Makefile
+++ b/sys/arch/amd64/stand/cdboot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.21 2013/06/02 21:01:48 guenther Exp $
+#	$OpenBSD: Makefile,v 1.22 2013/12/28 02:51:06 deraadt Exp $
 
 MAN=	cdboot.8
 
@@ -16,7 +16,7 @@ INSTALL_STRIP=
 
 .PATH:	${SADIR}/libsa
 SRCS+=	machdep.c dev_i386.c exec_i386.c cmd_i386.c
-SRCS+=	gidt.S alloca.S biosdev.c bioscons.c gateA20.c \
+SRCS+=	gidt.S random_i386.S alloca.S biosdev.c bioscons.c gateA20.c \
 	memprobe.c diskprobe.c time.c
 SRCS+=	softraid.c
 
diff --git a/sys/arch/amd64/stand/pxeboot/Makefile b/sys/arch/amd64/stand/pxeboot/Makefile
index e3b1c27475f..f2fe87207a5 100644
--- a/sys/arch/amd64/stand/pxeboot/Makefile
+++ b/sys/arch/amd64/stand/pxeboot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.17 2013/04/23 16:41:13 jsing Exp $
+#	$OpenBSD: Makefile,v 1.18 2013/12/28 02:51:07 deraadt Exp $
 
 MAN=	pxeboot.8
 
@@ -17,7 +17,7 @@ INSTALL_STRIP=
 .PATH:	${SADIR}/libsa
 # i386 stuff (so, it will possibly load in the same 64k)
 SRCS+=	machdep.c exec_i386.c cmd_i386.c
-SRCS+=	gidt.S alloca.S biosdev.c bioscons.c gateA20.c \
+SRCS+=	gidt.S random_i386.S alloca.S biosdev.c bioscons.c gateA20.c \
 	memprobe.c diskprobe.c time.c ## biosprobe.c
 SRCS+=	pxe.c pxe_call.S pxe_net.c
 SRCS+=	softraid.c
diff --git a/sys/arch/hppa/stand/cdboot/cdboot.c b/sys/arch/hppa/stand/cdboot/cdboot.c
index e2a6d1baf3e..e19c54c93e8 100644
--- a/sys/arch/hppa/stand/cdboot/cdboot.c
+++ b/sys/arch/hppa/stand/cdboot/cdboot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cdboot.c,v 1.12 2012/06/26 16:18:45 deraadt Exp $	*/
+/*	$OpenBSD: cdboot.c,v 1.13 2013/12/28 02:51:07 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2003 Michael Shalayeff
@@ -63,6 +63,8 @@ struct consdev *cn_tab;
 typedef void (*startfuncp)(int, int, int, int, int, int, caddr_t)
     __attribute__ ((noreturn));
 
+char   rnddata[BOOTRANDOM_MAX];		/* XXX dummy */
+
 void
 boot(dev_t dev)
 {
diff --git a/sys/arch/i386/stand/Makefile.inc b/sys/arch/i386/stand/Makefile.inc
index e1b447f0243..78fa6d376a5 100644
--- a/sys/arch/i386/stand/Makefile.inc
+++ b/sys/arch/i386/stand/Makefile.inc
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile.inc,v 1.44 2013/01/18 04:10:16 jsing Exp $
+#	$OpenBSD: Makefile.inc,v 1.45 2013/12/28 02:51:07 deraadt Exp $
 
 CFLAGS=${DEBUG} ${COPTS} -Os -Wall -Werror
-CFLAGS+=	-fno-stack-protector
+CFLAGS+=	-fno-stack-protector -DMDRANDOM
 CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR}
 SACFLAGS=-D_STANDALONE
 DEBUGLIBS=no
diff --git a/sys/arch/i386/stand/boot/Makefile b/sys/arch/i386/stand/boot/Makefile
index 516e661706a..d8c75948ce0 100644
--- a/sys/arch/i386/stand/boot/Makefile
+++ b/sys/arch/i386/stand/boot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.52 2013/06/02 21:01:48 guenther Exp $
+#	$OpenBSD: Makefile,v 1.53 2013/12/28 02:51:07 deraadt Exp $
 
 COPTS?=
 MAN?=	boot.8
@@ -32,7 +32,7 @@ SRCS=	srt0.S
 SRCS+=	boot.c cmd.c vars.c bootarg.c conf.c
 
 .PATH:	${SADIR}/libsa
-SRCS+=	alloca.S debug_i386.S gidt.S
+SRCS+=	alloca.S debug_i386.S gidt.S random_i386.S
 SRCS+=	apmprobe.c bioscons.c biosdev.c cmd_i386.c debug.c dev_i386.c \
 	diskprobe.c exec_i386.c gateA20.c machdep.c memprobe.c pciprobe.c \
 	ps2probe.c time.c
diff --git a/sys/arch/i386/stand/cdboot/Makefile b/sys/arch/i386/stand/cdboot/Makefile
index 3909c2d9c02..3457d5e50f0 100644
--- a/sys/arch/i386/stand/cdboot/Makefile
+++ b/sys/arch/i386/stand/cdboot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.19 2013/06/02 21:01:48 guenther Exp $
+#	$OpenBSD: Makefile,v 1.20 2013/12/28 02:51:07 deraadt Exp $
 
 MAN=	cdboot.8
 
@@ -16,7 +16,7 @@ INSTALL_STRIP=
 CLEANFILES+=	crt0.o ${PROG}.whole
 
 .PATH:	${SADIR}/libsa
-SRCS+=	alloca.S debug_i386.S gidt.S
+SRCS+=	alloca.S debug_i386.S gidt.S random_i386.S
 SRCS+=	cmd_i386.c dev_i386.c exec_i386.c gateA20.c machdep.c
 SRCS+=	apmprobe.c bioscons.c biosdev.c debug.c diskprobe.c memprobe.c \
 	pciprobe.c ps2probe.c time.c
diff --git a/sys/arch/i386/stand/pxeboot/Makefile b/sys/arch/i386/stand/pxeboot/Makefile
index 83cfd0de5b8..df0ece2ddc0 100644
--- a/sys/arch/i386/stand/pxeboot/Makefile
+++ b/sys/arch/i386/stand/pxeboot/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.15 2013/04/23 16:41:13 jsing Exp $
+#	$OpenBSD: Makefile,v 1.16 2013/12/28 02:51:07 deraadt Exp $
 
 MAN=	pxeboot.8
 
@@ -16,7 +16,7 @@ INSTALL_STRIP=
 CLEANFILES+=	crt0.o ${PROG}.whole
 
 .PATH:	${SADIR}/libsa
-SRCS+=	alloca.S debug_i386.S gidt.S
+SRCS+=	alloca.S debug_i386.S gidt.S random_i386.S
 SRCS+=	cmd_i386.c exec_i386.c gateA20.c machdep.c
 SRCS+=	apmprobe.c bioscons.c biosdev.c debug.c diskprobe.c memprobe.c \
 	pciprobe.c ps2probe.c time.c
diff --git a/sys/arch/sgi/stand/boot/boot.c b/sys/arch/sgi/stand/boot/boot.c
index e63816f9e72..921d460ecf5 100644
--- a/sys/arch/sgi/stand/boot/boot.c
+++ b/sys/arch/sgi/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.c,v 1.22 2012/09/29 21:40:48 miod Exp $ */
+/*	$OpenBSD: boot.c,v 1.23 2013/12/28 02:51:07 deraadt Exp $ */
 
 /*
  * Copyright (c) 2004 Opsycon AB, www.opsycon.se.
@@ -54,6 +54,8 @@ char *OSLoadFilename = NULL;
 
 int	IP;
 
+char   rnddata[BOOTRANDOM_MAX];		/* XXX dummy */
+
 #include "version"
 
 /*