summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2013-12-28 02:51:08 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2013-12-28 02:51:08 +0000
commitac02943a4df338f28713e109cad7148801923c12 (patch)
tree5d4dbb30efd4036fcdfdd438927133fc51a068c4 /sys
parent0481b66bfbcfb1c51b06053fe9c4518af1878dac (diff)
Try to load entropy data from disk:/etc/random.seed, and additionally
use a MD-supplied random function. Then, insert this into the ELF openbsd.randomdata of the kernel, so that it has entropy right from the start. Some help from jsing for the softraid aspects. Also tested by phessler
Diffstat (limited to 'sys')
-rw-r--r--sys/arch/alpha/stand/boot/boot.c4
-rw-r--r--sys/arch/amd64/stand/Makefile.inc4
-rw-r--r--sys/arch/amd64/stand/boot/Makefile4
-rw-r--r--sys/arch/amd64/stand/cdboot/Makefile4
-rw-r--r--sys/arch/amd64/stand/pxeboot/Makefile4
-rw-r--r--sys/arch/hppa/stand/cdboot/cdboot.c4
-rw-r--r--sys/arch/i386/stand/Makefile.inc4
-rw-r--r--sys/arch/i386/stand/boot/Makefile4
-rw-r--r--sys/arch/i386/stand/cdboot/Makefile4
-rw-r--r--sys/arch/i386/stand/pxeboot/Makefile4
-rw-r--r--sys/arch/sgi/stand/boot/boot.c4
-rw-r--r--sys/lib/libsa/loadfile_elf.c13
-rw-r--r--sys/lib/libsa/stand.h6
-rw-r--r--sys/stand/boot/boot.c59
-rw-r--r--sys/stand/boot/bootarg.h5
15 files changed, 98 insertions, 29 deletions
diff --git a/sys/arch/alpha/stand/boot/boot.c b/sys/arch/alpha/stand/boot/boot.c
index 648ddc9a8c6..5f22c1ff3b1 100644
--- a/sys/arch/alpha/stand/boot/boot.c
+++ b/sys/arch/alpha/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: boot.c,v 1.20 2011/06/05 21:49:36 miod Exp $ */
+/* $OpenBSD: boot.c,v 1.21 2013/12/28 02:51:06 deraadt Exp $ */
/* $NetBSD: boot.c,v 1.10 1997/01/18 01:58:33 cgd Exp $ */
/*
@@ -57,6 +57,8 @@ paddr_t ptbr_save;
int debug;
+char rnddata[BOOTRANDOM_MAX]; /* XXX dummy */
+
int
main()
{
diff --git a/sys/arch/amd64/stand/Makefile.inc b/sys/arch/amd64/stand/Makefile.inc
index bea81fb3d83..78aa8fb2f37 100644
--- a/sys/arch/amd64/stand/Makefile.inc
+++ b/sys/arch/amd64/stand/Makefile.inc
@@ -1,7 +1,7 @@
-# $OpenBSD: Makefile.inc,v 1.9 2013/01/17 12:37:44 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.10 2013/12/28 02:51:06 deraadt Exp $
CFLAGS=${DEBUG} ${COPTS} -Os -Wall -Werror
-CFLAGS+= -fno-stack-protector
+CFLAGS+= -fno-stack-protector -DMDRANDOM
CDIAGFLAGS=
CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR}
SACFLAGS=-D_STANDALONE
diff --git a/sys/arch/amd64/stand/boot/Makefile b/sys/arch/amd64/stand/boot/Makefile
index 77955079a2f..2f11b72cf37 100644
--- a/sys/arch/amd64/stand/boot/Makefile
+++ b/sys/arch/amd64/stand/boot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.24 2013/06/02 21:01:48 guenther Exp $
+# $OpenBSD: Makefile,v 1.25 2013/12/28 02:51:06 deraadt Exp $
COPTS?=
MAN?= boot.8
@@ -22,7 +22,7 @@ LDFLAGS+=-nostdlib -Bstatic -Ttext $(LINKADDR) -N -x -nopie
LDFLAGS+=-melf_i386 -L/usr/libdata
.PATH: ${SADIR}/libsa
-SRCS+= alloca.S gidt.S
+SRCS+= alloca.S gidt.S random_i386.S
SRCS+= cmd_i386.c dev_i386.c exec_i386.c gateA20.c machdep.c
SRCS+= bioscons.c biosdev.c diskprobe.c memprobe.c time.c
.if ${SOFTRAID:L} == "yes"
diff --git a/sys/arch/amd64/stand/cdboot/Makefile b/sys/arch/amd64/stand/cdboot/Makefile
index 18d12b52718..f3d3fb37a91 100644
--- a/sys/arch/amd64/stand/cdboot/Makefile
+++ b/sys/arch/amd64/stand/cdboot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.21 2013/06/02 21:01:48 guenther Exp $
+# $OpenBSD: Makefile,v 1.22 2013/12/28 02:51:06 deraadt Exp $
MAN= cdboot.8
@@ -16,7 +16,7 @@ INSTALL_STRIP=
.PATH: ${SADIR}/libsa
SRCS+= machdep.c dev_i386.c exec_i386.c cmd_i386.c
-SRCS+= gidt.S alloca.S biosdev.c bioscons.c gateA20.c \
+SRCS+= gidt.S random_i386.S alloca.S biosdev.c bioscons.c gateA20.c \
memprobe.c diskprobe.c time.c
SRCS+= softraid.c
diff --git a/sys/arch/amd64/stand/pxeboot/Makefile b/sys/arch/amd64/stand/pxeboot/Makefile
index e3b1c27475f..f2fe87207a5 100644
--- a/sys/arch/amd64/stand/pxeboot/Makefile
+++ b/sys/arch/amd64/stand/pxeboot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.17 2013/04/23 16:41:13 jsing Exp $
+# $OpenBSD: Makefile,v 1.18 2013/12/28 02:51:07 deraadt Exp $
MAN= pxeboot.8
@@ -17,7 +17,7 @@ INSTALL_STRIP=
.PATH: ${SADIR}/libsa
# i386 stuff (so, it will possibly load in the same 64k)
SRCS+= machdep.c exec_i386.c cmd_i386.c
-SRCS+= gidt.S alloca.S biosdev.c bioscons.c gateA20.c \
+SRCS+= gidt.S random_i386.S alloca.S biosdev.c bioscons.c gateA20.c \
memprobe.c diskprobe.c time.c ## biosprobe.c
SRCS+= pxe.c pxe_call.S pxe_net.c
SRCS+= softraid.c
diff --git a/sys/arch/hppa/stand/cdboot/cdboot.c b/sys/arch/hppa/stand/cdboot/cdboot.c
index e2a6d1baf3e..e19c54c93e8 100644
--- a/sys/arch/hppa/stand/cdboot/cdboot.c
+++ b/sys/arch/hppa/stand/cdboot/cdboot.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cdboot.c,v 1.12 2012/06/26 16:18:45 deraadt Exp $ */
+/* $OpenBSD: cdboot.c,v 1.13 2013/12/28 02:51:07 deraadt Exp $ */
/*
* Copyright (c) 2003 Michael Shalayeff
@@ -63,6 +63,8 @@ struct consdev *cn_tab;
typedef void (*startfuncp)(int, int, int, int, int, int, caddr_t)
__attribute__ ((noreturn));
+char rnddata[BOOTRANDOM_MAX]; /* XXX dummy */
+
void
boot(dev_t dev)
{
diff --git a/sys/arch/i386/stand/Makefile.inc b/sys/arch/i386/stand/Makefile.inc
index e1b447f0243..78fa6d376a5 100644
--- a/sys/arch/i386/stand/Makefile.inc
+++ b/sys/arch/i386/stand/Makefile.inc
@@ -1,7 +1,7 @@
-# $OpenBSD: Makefile.inc,v 1.44 2013/01/18 04:10:16 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.45 2013/12/28 02:51:07 deraadt Exp $
CFLAGS=${DEBUG} ${COPTS} -Os -Wall -Werror
-CFLAGS+= -fno-stack-protector
+CFLAGS+= -fno-stack-protector -DMDRANDOM
CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR}
SACFLAGS=-D_STANDALONE
DEBUGLIBS=no
diff --git a/sys/arch/i386/stand/boot/Makefile b/sys/arch/i386/stand/boot/Makefile
index 516e661706a..d8c75948ce0 100644
--- a/sys/arch/i386/stand/boot/Makefile
+++ b/sys/arch/i386/stand/boot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.52 2013/06/02 21:01:48 guenther Exp $
+# $OpenBSD: Makefile,v 1.53 2013/12/28 02:51:07 deraadt Exp $
COPTS?=
MAN?= boot.8
@@ -32,7 +32,7 @@ SRCS= srt0.S
SRCS+= boot.c cmd.c vars.c bootarg.c conf.c
.PATH: ${SADIR}/libsa
-SRCS+= alloca.S debug_i386.S gidt.S
+SRCS+= alloca.S debug_i386.S gidt.S random_i386.S
SRCS+= apmprobe.c bioscons.c biosdev.c cmd_i386.c debug.c dev_i386.c \
diskprobe.c exec_i386.c gateA20.c machdep.c memprobe.c pciprobe.c \
ps2probe.c time.c
diff --git a/sys/arch/i386/stand/cdboot/Makefile b/sys/arch/i386/stand/cdboot/Makefile
index 3909c2d9c02..3457d5e50f0 100644
--- a/sys/arch/i386/stand/cdboot/Makefile
+++ b/sys/arch/i386/stand/cdboot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.19 2013/06/02 21:01:48 guenther Exp $
+# $OpenBSD: Makefile,v 1.20 2013/12/28 02:51:07 deraadt Exp $
MAN= cdboot.8
@@ -16,7 +16,7 @@ INSTALL_STRIP=
CLEANFILES+= crt0.o ${PROG}.whole
.PATH: ${SADIR}/libsa
-SRCS+= alloca.S debug_i386.S gidt.S
+SRCS+= alloca.S debug_i386.S gidt.S random_i386.S
SRCS+= cmd_i386.c dev_i386.c exec_i386.c gateA20.c machdep.c
SRCS+= apmprobe.c bioscons.c biosdev.c debug.c diskprobe.c memprobe.c \
pciprobe.c ps2probe.c time.c
diff --git a/sys/arch/i386/stand/pxeboot/Makefile b/sys/arch/i386/stand/pxeboot/Makefile
index 83cfd0de5b8..df0ece2ddc0 100644
--- a/sys/arch/i386/stand/pxeboot/Makefile
+++ b/sys/arch/i386/stand/pxeboot/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.15 2013/04/23 16:41:13 jsing Exp $
+# $OpenBSD: Makefile,v 1.16 2013/12/28 02:51:07 deraadt Exp $
MAN= pxeboot.8
@@ -16,7 +16,7 @@ INSTALL_STRIP=
CLEANFILES+= crt0.o ${PROG}.whole
.PATH: ${SADIR}/libsa
-SRCS+= alloca.S debug_i386.S gidt.S
+SRCS+= alloca.S debug_i386.S gidt.S random_i386.S
SRCS+= cmd_i386.c exec_i386.c gateA20.c machdep.c
SRCS+= apmprobe.c bioscons.c biosdev.c debug.c diskprobe.c memprobe.c \
pciprobe.c ps2probe.c time.c
diff --git a/sys/arch/sgi/stand/boot/boot.c b/sys/arch/sgi/stand/boot/boot.c
index e63816f9e72..921d460ecf5 100644
--- a/sys/arch/sgi/stand/boot/boot.c
+++ b/sys/arch/sgi/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: boot.c,v 1.22 2012/09/29 21:40:48 miod Exp $ */
+/* $OpenBSD: boot.c,v 1.23 2013/12/28 02:51:07 deraadt Exp $ */
/*
* Copyright (c) 2004 Opsycon AB, www.opsycon.se.
@@ -54,6 +54,8 @@ char *OSLoadFilename = NULL;
int IP;
+char rnddata[BOOTRANDOM_MAX]; /* XXX dummy */
+
#include "version"
/*
diff --git a/sys/lib/libsa/loadfile_elf.c b/sys/lib/libsa/loadfile_elf.c
index 834a295ca10..493aedd0e85 100644
--- a/sys/lib/libsa/loadfile_elf.c
+++ b/sys/lib/libsa/loadfile_elf.c
@@ -1,5 +1,5 @@
/* $NetBSD: loadfile.c,v 1.10 2000/12/03 02:53:04 tsutsui Exp $ */
-/* $OpenBSD: loadfile_elf.c,v 1.6 2009/11/30 05:18:08 miod Exp $ */
+/* $OpenBSD: loadfile_elf.c,v 1.7 2013/12/28 02:51:07 deraadt Exp $ */
/*-
* Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -95,6 +95,17 @@ ELFNAME(exec)(int fd, Elf_Ehdr *elf, u_long *marks, int flags)
}
for (first = 1, i = 0; i < elf->e_phnum; i++) {
+ if (phdr[i].p_type == PT_OPENBSD_RANDOMIZE) {
+ int m;
+
+ /* Fill segment. */
+ for (pos = 0; pos < phdr[i].p_filesz; pos += m) {
+ m = MIN(phdr[i].p_filesz - pos, sizeof(rnddata));
+ BCOPY(rnddata, phdr[i].p_paddr + pos, m);
+ }
+ continue;
+ }
+
if (phdr[i].p_type != PT_LOAD ||
(phdr[i].p_flags & (PF_W|PF_R|PF_X)) == 0)
continue;
diff --git a/sys/lib/libsa/stand.h b/sys/lib/libsa/stand.h
index b6f5e75b8c5..75c92df9c52 100644
--- a/sys/lib/libsa/stand.h
+++ b/sys/lib/libsa/stand.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: stand.h,v 1.55 2013/01/07 20:02:11 miod Exp $ */
+/* $OpenBSD: stand.h,v 1.56 2013/12/28 02:51:07 deraadt Exp $ */
/* $NetBSD: stand.h,v 1.18 1996/11/30 04:35:51 gwr Exp $ */
/*-
@@ -130,6 +130,10 @@ struct disklabel;
char *getdisklabel(const char *, struct disklabel *);
u_int dkcksum(struct disklabel *);
+#define BOOTRANDOM "/etc/random.seed"
+#define BOOTRANDOM_MAX 512
+extern char rnddata[BOOTRANDOM_MAX];
+
void printf(const char *, ...);
int snprintf(char *, size_t, const char *, ...);
void vprintf(const char *, __va_list);
diff --git a/sys/stand/boot/boot.c b/sys/stand/boot/boot.c
index 4f64c52298f..7c8b6ebe810 100644
--- a/sys/stand/boot/boot.c
+++ b/sys/stand/boot/boot.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: boot.c,v 1.37 2011/04/17 09:49:48 kettenis Exp $ */
+/* $OpenBSD: boot.c,v 1.38 2013/12/28 02:51:07 deraadt Exp $ */
/*
* Copyright (c) 2003 Dale Rahn
@@ -35,6 +35,8 @@
#include <lib/libsa/loadfile.h>
#include <lib/libkern/funcs.h>
+#include <stand/boot/bootarg.h>
+
#include "cmd.h"
#ifndef KERNEL
@@ -52,6 +54,8 @@ int bootprompt = 1;
char *kernelfile = KERNEL; /* can be changed by MD code */
int boottimeout = 5; /* can be changed by MD code */
+char rnddata[BOOTRANDOM_MAX];
+
void
boot(dev_t bootdev)
{
@@ -79,13 +83,21 @@ boot(dev_t bootdev)
while (1) {
/* no boot.conf, or no boot cmd in there */
- if (bootprompt && st <= 0)
+ if (bootprompt && st <= 0) {
do {
printf("boot> ");
} while(!getcmd());
+ }
st = 0;
bootprompt = 1; /* allow reselect should we fail */
+ st = loadrandom(BOOTRANDOM, rnddata, sizeof(rnddata));
+ if (st != 0)
+ printf("loadrandom: error %d\n", st);
+#ifdef MDRANDOM
+ mdrandom(rnddata, sizeof(rnddata));
+#endif
+
printf("booting %s: ", cmd.path);
marks[MARK_START] = (u_long)cmd.addr;
if ((fd = loadfile(cmd.path, marks, LOAD_ALL)) != -1) {
@@ -112,11 +124,44 @@ boot(dev_t bootdev)
run_loadfile(marks, cmd.boothowto);
}
-#ifdef _TEST
int
-main()
+loadrandom(char *name, char *buf, size_t buflen)
{
- boot(0);
- return 0;
+ char path[MAXPATHLEN];
+ struct stat sb;
+ int fd, i;
+
+#define O_RDONLY 0
+
+ /* Extract the device name from the kernel we are loading. */
+ for (i = 0; i < sizeof(cmd.path); i++) {
+ if (cmd.path[i] == ':') {
+ strlcpy(path, cmd.path, i + 1);
+ snprintf(path + i, sizeof(path) - i, ":%s", name);
+ break;
+ } else if (cmd.path[i] == '\0') {
+ snprintf(path, sizeof path, "%s:%s",
+ cmd.bootdev, name);
+ break;
+ }
+ }
+
+ printf("loadrandom: %s\n", path);
+
+ fd = open(path, O_RDONLY);
+ if (fd == -1) {
+ printf("cannot open %s\n", path);
+ return -1;
+ }
+ if (fstat(fd, &sb) == -1 ||
+ sb.st_uid != 0 ||
+ (sb.st_mode & (S_IWOTH|S_IROTH)))
+ goto fail;
+ if (read(fd, buf, buflen) != buflen)
+ goto fail;
+ close(fd);
+ return 0;
+fail:
+ close(fd);
+ return (-1);
}
-#endif
diff --git a/sys/stand/boot/bootarg.h b/sys/stand/boot/bootarg.h
index 53930a5d522..a8a40bfc99f 100644
--- a/sys/stand/boot/bootarg.h
+++ b/sys/stand/boot/bootarg.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bootarg.h,v 1.11 2003/06/02 20:20:54 mickey Exp $ */
+/* $OpenBSD: bootarg.h,v 1.12 2013/12/28 02:51:07 deraadt Exp $ */
/*
* Copyright (c) 1996-1999 Michael Shalayeff
@@ -49,6 +49,9 @@ extern int bootargc;
extern bootarg_t *bootargp;
#endif
+int loadrandom(char *name, char *buf, size_t buflen);
+int mdrandom(char *buf, size_t buflen);
+
#ifdef _STANDALONE
void addbootarg(int, size_t, void *);
void makebootargs(caddr_t, size_t *);