- Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.

diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c
index 810098a8d8e4fca35a6009be01c52af1e8631bb1..b80c84de9e5d562b24abcb16a72264cf2b542ffc 100644 (file)
--- a/compat/getentropy_solaris.c
+++ b/compat/getentropy_solaris.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: getentropy_solaris.c,v 1.3 2014/07/12 14:46:31 deraadt Exp $  */
+/*     $OpenBSD: getentropy_solaris.c,v 1.13 2018/11/20 08:04:28 deraadt Exp $ */
 
 /*
  * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -15,8 +15,10 @@
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
  */
-#include "config.h"
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -30,10 +32,9 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <stdlib.h>
-#ifdef HAVE_STDINT_H
 #include <stdint.h>
-#endif
 #include <stdio.h>
+#include <link.h>
 #include <termios.h>
 #include <fcntl.h>
 #include <signal.h>
@@ -41,14 +42,10 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#ifdef HAVE_SYS_SHA2_H
 #include <sys/sha2.h>
 #define SHA512_Init SHA512Init
 #define SHA512_Update SHA512Update
 #define SHA512_Final SHA512Final
-#else
-#include "openssl/sha.h"
-#endif
 
 #include <sys/vfs.h>
 #include <sys/statfs.h>
@@ -67,17 +64,14 @@
 
 #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
 #define HD(x)   (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x)   (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
 
 int    getentropy(void *buf, size_t len);
 
-#ifdef CAN_REFERENCE_MAIN
-extern int main(int, char *argv[]);
-#endif
-static int gotdata(char *buf, size_t len);
 static int getentropy_urandom(void *buf, size_t len, const char *path,
     int devfscheck);
 static int getentropy_fallback(void *buf, size_t len);
+static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
 
 int
 getentropy(void *buf, size_t len)
@@ -86,7 +80,7 @@ getentropy(void *buf, size_t len)
 
        if (len > 256) {
                errno = EIO;
-               return -1;
+               return (-1);
        }
 
        /*
@@ -153,22 +147,6 @@ getentropy(void *buf, size_t len)
        return (ret);
 }
 
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
-       char    any_set = 0;
-       size_t  i;
-
-       for (i = 0; i < len; ++i)
-               any_set |= buf[i];
-       if (any_set == 0)
-               return -1;
-       return 0;
-}
-
 static int
 getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
 {
@@ -204,7 +182,7 @@ start:
        }
        for (i = 0; i < len; ) {
                size_t wanted = len - i;
-               ssize_t ret = read(fd, (char*)buf + i, wanted);
+               ssize_t ret = read(fd, (char *)buf + i, wanted);
 
                if (ret == -1) {
                        if (errno == EAGAIN || errno == EINTR)
@@ -215,13 +193,11 @@ start:
                i += ret;
        }
        close(fd);
-       if (gotdata(buf, len) == 0) {
-               errno = save_errno;
-               return 0;               /* satisfied */
-       }
+       errno = save_errno;
+       return (0);             /* satisfied */
 nodevrandom:
        errno = EIO;
-       return -1;
+       return (-1);
 }
 
 static const int cl[] = {
@@ -249,6 +225,15 @@ static const int cl[] = {
 #endif
 };
 
+static int
+getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
+{
+       SHA512_CTX *ctx = data;
+
+       SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
+       return (0);
+}
+
 static int
 getentropy_fallback(void *buf, size_t len)
 {
@@ -286,6 +271,8 @@ getentropy_fallback(void *buf, size_t len)
                                cnt += (int)tv.tv_usec;
                        }
 
+                       dl_iterate_phdr(getentropy_phdr, &ctx);
+
                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
                                HX(clock_gettime(cl[ii], &ts) == -1, ts);
 
@@ -306,9 +293,6 @@ getentropy_fallback(void *buf, size_t len)
                        HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
                            sigset);
 
-#ifdef CAN_REFERENCE_MAIN
-                       HF(main);               /* an addr in program */
-#endif
                        HF(getentropy); /* an addr in this library */
                        HF(printf);             /* an addr in libc */
                        p = (char *)&p;
@@ -428,14 +412,11 @@ getentropy_fallback(void *buf, size_t len)
                        HD(cnt);
                }
                SHA512_Final(results, &ctx);
-               memcpy((char*)buf + i, results, min(sizeof(results), len - i));
+               memcpy((char *)buf + i, results, min(sizeof(results), len - i));
                i += min(sizeof(results), len - i);
        }
-       memset(results, 0, sizeof results);
-       if (gotdata(buf, len) == 0) {
-               errno = save_errno;
-               return 0;               /* satisfied */
-       }
-       errno = EIO;
-       return -1;
+       explicit_bzero(&ctx, sizeof ctx);
+       explicit_bzero(results, sizeof results);
+       errno = save_errno;
+       return (0);             /* satisfied */
 }

diff --git a/doc/Changelog b/doc/Changelog
index 29ade4fbe0bf78c23eb1d8b35fce3d72739a039d..80e568d51fc55e8a33b5579c64b35915af970027 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -21,6 +21,7 @@
        - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD.
        - Synchronize compat/getentropy_win.c with version 1.5 from
          OpenBSD, no changes but makes the file, comments, identical.
+       - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.
 
 19 November 2019: Wouter
        - Fix CVE-2019-18934, shell execution in ipsecmod.