From 0af061a355e8bd2bbf02b8120c048c72646fe942 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Tue, 29 Oct 2019 02:55:53 +0000 Subject: Use arc4 to bit-spread the 512-byte random buffer over the .openbsd.randomdata section, which has grown a fair bit with the introduction of retguard. Mortimer discovered the repeated 512-byte sequence as retguard keys, and this resolves the issue. (Chacha does not fit on the media, so 1.5K early drop RC4 is hopefully sufficient in our KARL link universe) Version crank the bootblocks. sysupgrade -s will install new bootblocks. ok djm mortimer --- sys/arch/i386/stand/boot/Makefile | 4 ++-- sys/arch/i386/stand/boot/conf.c | 4 ++-- sys/arch/i386/stand/cdboot/Makefile | 4 ++-- sys/arch/i386/stand/cdboot/conf.c | 4 ++-- sys/arch/i386/stand/pxeboot/Makefile | 4 ++-- sys/arch/i386/stand/pxeboot/conf.c | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) (limited to 'sys/arch/i386/stand') diff --git a/sys/arch/i386/stand/boot/Makefile b/sys/arch/i386/stand/boot/Makefile index 4b7f7ab71c2..c4abfabb8dc 100644 --- a/sys/arch/i386/stand/boot/Makefile +++ b/sys/arch/i386/stand/boot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.69 2019/08/03 15:22:20 deraadt Exp $ +# $OpenBSD: Makefile,v 1.70 2019/10/29 02:55:51 deraadt Exp $ COPTS?= MAN?= boot.8 @@ -41,7 +41,7 @@ SRCS+= alloc.c ctime.c exit.c getchar.c memcmp.c memcpy.c memmove.c memset.c pri strtol.c strtoll.c SRCS+= close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fchmod.c \ fstat.c lseek.c open.c read.c readdir.c stat.c -SRCS+= elf32.c elf64.c loadfile.c +SRCS+= elf32.c elf64.c loadfile.c arc4.c SRCS+= ufs.c .if ${SOFTRAID:L} == "yes" SRCS+= aes_xts.c bcrypt_pbkdf.c blowfish.c explicit_bzero.c hmac_sha1.c \ diff --git a/sys/arch/i386/stand/boot/conf.c b/sys/arch/i386/stand/boot/conf.c index b2fb45d7dd6..c3520f05e4d 100644 --- a/sys/arch/i386/stand/boot/conf.c +++ b/sys/arch/i386/stand/boot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.71 2019/08/04 13:45:15 deraadt Exp $ */ +/* $OpenBSD: conf.c,v 1.72 2019/10/29 02:55:51 deraadt Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff @@ -41,7 +41,7 @@ #include #include "debug.h" -const char version[] = "3.39"; +const char version[] = "3.40"; int debug = 1; diff --git a/sys/arch/i386/stand/cdboot/Makefile b/sys/arch/i386/stand/cdboot/Makefile index 064803c8d95..aaf33480aa4 100644 --- a/sys/arch/i386/stand/cdboot/Makefile +++ b/sys/arch/i386/stand/cdboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.33 2019/08/03 15:22:21 deraadt Exp $ +# $OpenBSD: Makefile,v 1.34 2019/10/29 02:55:51 deraadt Exp $ MAN= cdboot.8 @@ -32,7 +32,7 @@ SRCS+= alloc.c ctime.c exit.c getchar.c memcmp.c memcpy.c memmove.c memset.c pri strtol.c strtoll.c SRCS+= close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fchmod.c \ fstat.c lseek.c open.c read.c readdir.c stat.c -SRCS+= elf32.c elf64.c loadfile.c +SRCS+= elf32.c elf64.c loadfile.c arc4.c SRCS+= cd9660.c ufs.c SRCS+= aes_xts.c bcrypt_pbkdf.c blowfish.c explicit_bzero.c hmac_sha1.c \ pkcs5_pbkdf2.c rijndael.c sha1.c sha2.c softraid.c diff --git a/sys/arch/i386/stand/cdboot/conf.c b/sys/arch/i386/stand/cdboot/conf.c index 69fe649cc32..cf619c5f1a3 100644 --- a/sys/arch/i386/stand/cdboot/conf.c +++ b/sys/arch/i386/stand/cdboot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.38 2019/08/04 13:45:15 deraadt Exp $ */ +/* $OpenBSD: conf.c,v 1.39 2019/10/29 02:55:51 deraadt Exp $ */ /* * Copyright (c) 2004 Tom Cosgrove @@ -42,7 +42,7 @@ #include #include "debug.h" -const char version[] = "3.34"; +const char version[] = "3.35"; int debug = 1; void (*sa_cleanup)(void) = NULL; diff --git a/sys/arch/i386/stand/pxeboot/Makefile b/sys/arch/i386/stand/pxeboot/Makefile index 926e2b2cf2c..0f2e4d2b5bc 100644 --- a/sys/arch/i386/stand/pxeboot/Makefile +++ b/sys/arch/i386/stand/pxeboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.30 2019/08/03 15:22:21 deraadt Exp $ +# $OpenBSD: Makefile,v 1.31 2019/10/29 02:55:51 deraadt Exp $ MAN= pxeboot.8 @@ -33,7 +33,7 @@ SRCS+= alloc.c ctime.c exit.c getchar.c globals.c memcmp.c memmove.c memcpy.c me strncpy.c strtol.c strtoll.c SRCS+= close.c closeall.c cons.c cread.c dev.c disklabel.c dkcksum.c fchmod.c \ fstat.c lseek.c read.c readdir.c stat.c -SRCS+= elf32.c elf64.c loadfile.c +SRCS+= elf32.c elf64.c loadfile.c arc4.c SRCS+= nfs.c ufs.c tftp.c SRCS+= bootp.c ether.c net.c netif.c rpc.c SRCS+= aes_xts.c bcrypt_pbkdf.c blowfish.c explicit_bzero.c hmac_sha1.c \ diff --git a/sys/arch/i386/stand/pxeboot/conf.c b/sys/arch/i386/stand/pxeboot/conf.c index 5dba51b2cc1..c1ecad5f519 100644 --- a/sys/arch/i386/stand/pxeboot/conf.c +++ b/sys/arch/i386/stand/pxeboot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.43 2019/08/04 13:45:15 deraadt Exp $ */ +/* $OpenBSD: conf.c,v 1.44 2019/10/29 02:55:51 deraadt Exp $ */ /* * Copyright (c) 2004 Tom Cosgrove @@ -44,7 +44,7 @@ #include "pxeboot.h" #include "pxe_net.h" -const char version[] = "3.34"; +const char version[] = "3.35"; int debug = 1; void (*sa_cleanup)(void) = pxe_shutdown; -- cgit v1.2.3