Use dl_iterate_phdr() to iterate over the segments and throw the addresses

into the hash; hoping the system has some ASLR or PIE.  This replaces and
substantially improves upon &main which proved problematic with some picky
linkers.
Work with kettenis, testing by beck

1 files changed, 14 insertions, 1 deletions

diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
index f06d95b281..40ea8a14ad 100644
--- a/src/lib/libcrypto/crypto/getentropy_linux.c
+++ b/src/lib/libcrypto/crypto/getentropy_linux.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: getentropy_linux.c,v 1.23 2014/07/13 13:03:09 deraadt Exp $   */
+/*      $OpenBSD: getentropy_linux.c,v 1.24 2014/07/13 13:37:38 deraadt Exp $   */
 
 /*
  * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -39,6 +39,7 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <stdio.h>
+#include <link.h>
 #include <termios.h>
 #include <fcntl.h>
 #include <signal.h>
@@ -81,6 +82,7 @@ static int getentropy_urandom(void *buf, size_t len);
 static int getentropy_sysctl(void *buf, size_t len);
 #endif
 static int getentropy_fallback(void *buf, size_t len);
+static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
 
 int
 getentropy(void *buf, size_t len)
@@ -293,6 +295,15 @@ static int cl[] = {
 };
 
 static int
+getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
+{
+        SHA512_CTX *ctx = data;
+
+        SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
+        return 0;
+}
+
+static int
 getentropy_fallback(void *buf, size_t len)
 {
         uint8_t results[SHA512_DIGEST_LENGTH];
@@ -328,6 +339,8 @@ getentropy_fallback(void *buf, size_t len)
                                 cnt += (int)tv.tv_usec;
                         }
 
+                        dl_iterate_phdr(getentropy_phdr, &ctx);
+
                         for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
                                 HX(clock_gettime(cl[ii], &ts) == -1, ts);