From: deraadt Date: Sat, 28 Dec 2013 02:51:06 +0000 (+0000) Subject: Try to load entropy data from disk:/etc/random.seed, and additionally X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2afebeae30e91331fb9f4496daf6b629e95d4d93;p=openbsd Try to load entropy data from disk:/etc/random.seed, and additionally use a MD-supplied random function. Then, insert this into the ELF openbsd.randomdata of the kernel, so that it has entropy right from the start. Some help from jsing for the softraid aspects. Also tested by phessler --- diff --git a/sys/arch/alpha/stand/boot/boot.c b/sys/arch/alpha/stand/boot/boot.c index 648ddc9a8c6..5f22c1ff3b1 100644 --- a/sys/arch/alpha/stand/boot/boot.c +++ b/sys/arch/alpha/stand/boot/boot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: boot.c,v 1.20 2011/06/05 21:49:36 miod Exp $ */ +/* $OpenBSD: boot.c,v 1.21 2013/12/28 02:51:06 deraadt Exp $ */ /* $NetBSD: boot.c,v 1.10 1997/01/18 01:58:33 cgd Exp $ */ /* @@ -57,6 +57,8 @@ paddr_t ptbr_save; int debug; +char rnddata[BOOTRANDOM_MAX]; /* XXX dummy */ + int main() { diff --git a/sys/arch/amd64/stand/Makefile.inc b/sys/arch/amd64/stand/Makefile.inc index bea81fb3d83..78aa8fb2f37 100644 --- a/sys/arch/amd64/stand/Makefile.inc +++ b/sys/arch/amd64/stand/Makefile.inc @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile.inc,v 1.9 2013/01/17 12:37:44 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.10 2013/12/28 02:51:06 deraadt Exp $ CFLAGS=${DEBUG} ${COPTS} -Os -Wall -Werror -CFLAGS+= -fno-stack-protector +CFLAGS+= -fno-stack-protector -DMDRANDOM CDIAGFLAGS= CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR} SACFLAGS=-D_STANDALONE diff --git a/sys/arch/amd64/stand/boot/Makefile b/sys/arch/amd64/stand/boot/Makefile index 77955079a2f..2f11b72cf37 100644 --- a/sys/arch/amd64/stand/boot/Makefile +++ b/sys/arch/amd64/stand/boot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.24 2013/06/02 21:01:48 guenther Exp $ +# $OpenBSD: Makefile,v 1.25 2013/12/28 02:51:06 deraadt Exp $ COPTS?= MAN?= boot.8 @@ -22,7 +22,7 @@ LDFLAGS+=-nostdlib -Bstatic -Ttext $(LINKADDR) -N -x -nopie LDFLAGS+=-melf_i386 -L/usr/libdata .PATH: ${SADIR}/libsa -SRCS+= alloca.S gidt.S +SRCS+= alloca.S gidt.S random_i386.S SRCS+= cmd_i386.c dev_i386.c exec_i386.c gateA20.c machdep.c SRCS+= bioscons.c biosdev.c diskprobe.c memprobe.c time.c .if ${SOFTRAID:L} == "yes" diff --git a/sys/arch/amd64/stand/cdboot/Makefile b/sys/arch/amd64/stand/cdboot/Makefile index 18d12b52718..f3d3fb37a91 100644 --- a/sys/arch/amd64/stand/cdboot/Makefile +++ b/sys/arch/amd64/stand/cdboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.21 2013/06/02 21:01:48 guenther Exp $ +# $OpenBSD: Makefile,v 1.22 2013/12/28 02:51:06 deraadt Exp $ MAN= cdboot.8 @@ -16,7 +16,7 @@ INSTALL_STRIP= .PATH: ${SADIR}/libsa SRCS+= machdep.c dev_i386.c exec_i386.c cmd_i386.c -SRCS+= gidt.S alloca.S biosdev.c bioscons.c gateA20.c \ +SRCS+= gidt.S random_i386.S alloca.S biosdev.c bioscons.c gateA20.c \ memprobe.c diskprobe.c time.c SRCS+= softraid.c diff --git a/sys/arch/amd64/stand/pxeboot/Makefile b/sys/arch/amd64/stand/pxeboot/Makefile index e3b1c27475f..f2fe87207a5 100644 --- a/sys/arch/amd64/stand/pxeboot/Makefile +++ b/sys/arch/amd64/stand/pxeboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.17 2013/04/23 16:41:13 jsing Exp $ +# $OpenBSD: Makefile,v 1.18 2013/12/28 02:51:07 deraadt Exp $ MAN= pxeboot.8 @@ -17,7 +17,7 @@ INSTALL_STRIP= .PATH: ${SADIR}/libsa # i386 stuff (so, it will possibly load in the same 64k) SRCS+= machdep.c exec_i386.c cmd_i386.c -SRCS+= gidt.S alloca.S biosdev.c bioscons.c gateA20.c \ +SRCS+= gidt.S random_i386.S alloca.S biosdev.c bioscons.c gateA20.c \ memprobe.c diskprobe.c time.c ## biosprobe.c SRCS+= pxe.c pxe_call.S pxe_net.c SRCS+= softraid.c diff --git a/sys/arch/hppa/stand/cdboot/cdboot.c b/sys/arch/hppa/stand/cdboot/cdboot.c index e2a6d1baf3e..e19c54c93e8 100644 --- a/sys/arch/hppa/stand/cdboot/cdboot.c +++ b/sys/arch/hppa/stand/cdboot/cdboot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cdboot.c,v 1.12 2012/06/26 16:18:45 deraadt Exp $ */ +/* $OpenBSD: cdboot.c,v 1.13 2013/12/28 02:51:07 deraadt Exp $ */ /* * Copyright (c) 2003 Michael Shalayeff @@ -63,6 +63,8 @@ struct consdev *cn_tab; typedef void (*startfuncp)(int, int, int, int, int, int, caddr_t) __attribute__ ((noreturn)); +char rnddata[BOOTRANDOM_MAX]; /* XXX dummy */ + void boot(dev_t dev) { diff --git a/sys/arch/i386/stand/Makefile.inc b/sys/arch/i386/stand/Makefile.inc index e1b447f0243..78fa6d376a5 100644 --- a/sys/arch/i386/stand/Makefile.inc +++ b/sys/arch/i386/stand/Makefile.inc @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile.inc,v 1.44 2013/01/18 04:10:16 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.45 2013/12/28 02:51:07 deraadt Exp $ CFLAGS=${DEBUG} ${COPTS} -Os -Wall -Werror -CFLAGS+= -fno-stack-protector +CFLAGS+= -fno-stack-protector -DMDRANDOM CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR} SACFLAGS=-D_STANDALONE DEBUGLIBS=no diff --git a/sys/arch/i386/stand/boot/Makefile b/sys/arch/i386/stand/boot/Makefile index 516e661706a..d8c75948ce0 100644 --- a/sys/arch/i386/stand/boot/Makefile +++ b/sys/arch/i386/stand/boot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.52 2013/06/02 21:01:48 guenther Exp $ +# $OpenBSD: Makefile,v 1.53 2013/12/28 02:51:07 deraadt Exp $ COPTS?= MAN?= boot.8 @@ -32,7 +32,7 @@ SRCS= srt0.S SRCS+= boot.c cmd.c vars.c bootarg.c conf.c .PATH: ${SADIR}/libsa -SRCS+= alloca.S debug_i386.S gidt.S +SRCS+= alloca.S debug_i386.S gidt.S random_i386.S SRCS+= apmprobe.c bioscons.c biosdev.c cmd_i386.c debug.c dev_i386.c \ diskprobe.c exec_i386.c gateA20.c machdep.c memprobe.c pciprobe.c \ ps2probe.c time.c diff --git a/sys/arch/i386/stand/cdboot/Makefile b/sys/arch/i386/stand/cdboot/Makefile index 3909c2d9c02..3457d5e50f0 100644 --- a/sys/arch/i386/stand/cdboot/Makefile +++ b/sys/arch/i386/stand/cdboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.19 2013/06/02 21:01:48 guenther Exp $ +# $OpenBSD: Makefile,v 1.20 2013/12/28 02:51:07 deraadt Exp $ MAN= cdboot.8 @@ -16,7 +16,7 @@ INSTALL_STRIP= CLEANFILES+= crt0.o ${PROG}.whole .PATH: ${SADIR}/libsa -SRCS+= alloca.S debug_i386.S gidt.S +SRCS+= alloca.S debug_i386.S gidt.S random_i386.S SRCS+= cmd_i386.c dev_i386.c exec_i386.c gateA20.c machdep.c SRCS+= apmprobe.c bioscons.c biosdev.c debug.c diskprobe.c memprobe.c \ pciprobe.c ps2probe.c time.c diff --git a/sys/arch/i386/stand/pxeboot/Makefile b/sys/arch/i386/stand/pxeboot/Makefile index 83cfd0de5b8..df0ece2ddc0 100644 --- a/sys/arch/i386/stand/pxeboot/Makefile +++ b/sys/arch/i386/stand/pxeboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.15 2013/04/23 16:41:13 jsing Exp $ +# $OpenBSD: Makefile,v 1.16 2013/12/28 02:51:07 deraadt Exp $ MAN= pxeboot.8 @@ -16,7 +16,7 @@ INSTALL_STRIP= CLEANFILES+= crt0.o ${PROG}.whole .PATH: ${SADIR}/libsa -SRCS+= alloca.S debug_i386.S gidt.S +SRCS+= alloca.S debug_i386.S gidt.S random_i386.S SRCS+= cmd_i386.c exec_i386.c gateA20.c machdep.c SRCS+= apmprobe.c bioscons.c biosdev.c debug.c diskprobe.c memprobe.c \ pciprobe.c ps2probe.c time.c diff --git a/sys/arch/sgi/stand/boot/boot.c b/sys/arch/sgi/stand/boot/boot.c index e63816f9e72..921d460ecf5 100644 --- a/sys/arch/sgi/stand/boot/boot.c +++ b/sys/arch/sgi/stand/boot/boot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: boot.c,v 1.22 2012/09/29 21:40:48 miod Exp $ */ +/* $OpenBSD: boot.c,v 1.23 2013/12/28 02:51:07 deraadt Exp $ */ /* * Copyright (c) 2004 Opsycon AB, www.opsycon.se. @@ -54,6 +54,8 @@ char *OSLoadFilename = NULL; int IP; +char rnddata[BOOTRANDOM_MAX]; /* XXX dummy */ + #include "version" /* diff --git a/sys/lib/libsa/loadfile_elf.c b/sys/lib/libsa/loadfile_elf.c index 834a295ca10..493aedd0e85 100644 --- a/sys/lib/libsa/loadfile_elf.c +++ b/sys/lib/libsa/loadfile_elf.c @@ -1,5 +1,5 @@ /* $NetBSD: loadfile.c,v 1.10 2000/12/03 02:53:04 tsutsui Exp $ */ -/* $OpenBSD: loadfile_elf.c,v 1.6 2009/11/30 05:18:08 miod Exp $ */ +/* $OpenBSD: loadfile_elf.c,v 1.7 2013/12/28 02:51:07 deraadt Exp $ */ /*- * Copyright (c) 1997 The NetBSD Foundation, Inc. @@ -95,6 +95,17 @@ ELFNAME(exec)(int fd, Elf_Ehdr *elf, u_long *marks, int flags) } for (first = 1, i = 0; i < elf->e_phnum; i++) { + if (phdr[i].p_type == PT_OPENBSD_RANDOMIZE) { + int m; + + /* Fill segment. */ + for (pos = 0; pos < phdr[i].p_filesz; pos += m) { + m = MIN(phdr[i].p_filesz - pos, sizeof(rnddata)); + BCOPY(rnddata, phdr[i].p_paddr + pos, m); + } + continue; + } + if (phdr[i].p_type != PT_LOAD || (phdr[i].p_flags & (PF_W|PF_R|PF_X)) == 0) continue; diff --git a/sys/lib/libsa/stand.h b/sys/lib/libsa/stand.h index b6f5e75b8c5..75c92df9c52 100644 --- a/sys/lib/libsa/stand.h +++ b/sys/lib/libsa/stand.h @@ -1,4 +1,4 @@ -/* $OpenBSD: stand.h,v 1.55 2013/01/07 20:02:11 miod Exp $ */ +/* $OpenBSD: stand.h,v 1.56 2013/12/28 02:51:07 deraadt Exp $ */ /* $NetBSD: stand.h,v 1.18 1996/11/30 04:35:51 gwr Exp $ */ /*- @@ -130,6 +130,10 @@ struct disklabel; char *getdisklabel(const char *, struct disklabel *); u_int dkcksum(struct disklabel *); +#define BOOTRANDOM "/etc/random.seed" +#define BOOTRANDOM_MAX 512 +extern char rnddata[BOOTRANDOM_MAX]; + void printf(const char *, ...); int snprintf(char *, size_t, const char *, ...); void vprintf(const char *, __va_list); diff --git a/sys/stand/boot/boot.c b/sys/stand/boot/boot.c index 4f64c52298f..7c8b6ebe810 100644 --- a/sys/stand/boot/boot.c +++ b/sys/stand/boot/boot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: boot.c,v 1.37 2011/04/17 09:49:48 kettenis Exp $ */ +/* $OpenBSD: boot.c,v 1.38 2013/12/28 02:51:07 deraadt Exp $ */ /* * Copyright (c) 2003 Dale Rahn @@ -35,6 +35,8 @@ #include #include +#include + #include "cmd.h" #ifndef KERNEL @@ -52,6 +54,8 @@ int bootprompt = 1; char *kernelfile = KERNEL; /* can be changed by MD code */ int boottimeout = 5; /* can be changed by MD code */ +char rnddata[BOOTRANDOM_MAX]; + void boot(dev_t bootdev) { @@ -79,13 +83,21 @@ boot(dev_t bootdev) while (1) { /* no boot.conf, or no boot cmd in there */ - if (bootprompt && st <= 0) + if (bootprompt && st <= 0) { do { printf("boot> "); } while(!getcmd()); + } st = 0; bootprompt = 1; /* allow reselect should we fail */ + st = loadrandom(BOOTRANDOM, rnddata, sizeof(rnddata)); + if (st != 0) + printf("loadrandom: error %d\n", st); +#ifdef MDRANDOM + mdrandom(rnddata, sizeof(rnddata)); +#endif + printf("booting %s: ", cmd.path); marks[MARK_START] = (u_long)cmd.addr; if ((fd = loadfile(cmd.path, marks, LOAD_ALL)) != -1) { @@ -112,11 +124,44 @@ boot(dev_t bootdev) run_loadfile(marks, cmd.boothowto); } -#ifdef _TEST int -main() +loadrandom(char *name, char *buf, size_t buflen) { - boot(0); - return 0; + char path[MAXPATHLEN]; + struct stat sb; + int fd, i; + +#define O_RDONLY 0 + + /* Extract the device name from the kernel we are loading. */ + for (i = 0; i < sizeof(cmd.path); i++) { + if (cmd.path[i] == ':') { + strlcpy(path, cmd.path, i + 1); + snprintf(path + i, sizeof(path) - i, ":%s", name); + break; + } else if (cmd.path[i] == '\0') { + snprintf(path, sizeof path, "%s:%s", + cmd.bootdev, name); + break; + } + } + + printf("loadrandom: %s\n", path); + + fd = open(path, O_RDONLY); + if (fd == -1) { + printf("cannot open %s\n", path); + return -1; + } + if (fstat(fd, &sb) == -1 || + sb.st_uid != 0 || + (sb.st_mode & (S_IWOTH|S_IROTH))) + goto fail; + if (read(fd, buf, buflen) != buflen) + goto fail; + close(fd); + return 0; +fail: + close(fd); + return (-1); } -#endif diff --git a/sys/stand/boot/bootarg.h b/sys/stand/boot/bootarg.h index 53930a5d522..a8a40bfc99f 100644 --- a/sys/stand/boot/bootarg.h +++ b/sys/stand/boot/bootarg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bootarg.h,v 1.11 2003/06/02 20:20:54 mickey Exp $ */ +/* $OpenBSD: bootarg.h,v 1.12 2013/12/28 02:51:07 deraadt Exp $ */ /* * Copyright (c) 1996-1999 Michael Shalayeff @@ -49,6 +49,9 @@ extern int bootargc; extern bootarg_t *bootargp; #endif +int loadrandom(char *name, char *buf, size_t buflen); +int mdrandom(char *buf, size_t buflen); + #ifdef _STANDALONE void addbootarg(int, size_t, void *); void makebootargs(caddr_t, size_t *);