From af5080ef5d5b326d535b858a9c4a22bd68f4e170 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 5 May 2005 00:10:22 +0000 Subject: [PATCH] add rml's netdev-random patch and modify et to use it (finally some entropy on /dev/random) SVN-Revision: 802 --- .../403-netdev_random_core.patch | 296 ++++++++++++++++++ .../kernel-patches/404-netdev_random_et.patch | 11 + openwrt/package/linux/linux.config | 1 + openwrt/package/linux/linux.mk | 2 +- 4 files changed, 309 insertions(+), 1 deletion(-) create mode 100644 openwrt/package/linux/kernel-patches/403-netdev_random_core.patch create mode 100644 openwrt/package/linux/kernel-patches/404-netdev_random_et.patch diff --git a/openwrt/package/linux/kernel-patches/403-netdev_random_core.patch b/openwrt/package/linux/kernel-patches/403-netdev_random_core.patch new file mode 100644 index 00000000000..784b65e41c1 --- /dev/null +++ b/openwrt/package/linux/kernel-patches/403-netdev_random_core.patch @@ -0,0 +1,296 @@ +diff -urN linux-2.4.26-pre5/Documentation/Configure.help linux-2.4.26-pre5-netdev-core/Documentation/Configure.help +--- linux-2.4.26-pre5/Documentation/Configure.help Sat Mar 20 10:08:18 2004 ++++ linux-2.4.26-pre5-netdev-core/Documentation/Configure.help Sun Mar 21 10:16:14 2004 +@@ -10419,6 +10419,20 @@ + + If you don't know what to use this for, you don't need it. + ++Allow Net Devices to contribute to /dev/random ++CONFIG_NET_RANDOM ++ If you say Y here, network device interrupts will contribute to the ++ kernel entropy pool. Normally, block devices and some other devices ++ feed the pool. Some systems, such as those that are headless or diskless, ++ need additional entropy sources. Some people, however, feel that network ++ devices should not contribute to /dev/random because an external attacker ++ could observe incoming packets in an attempt to learn the entropy pool's ++ state. If you say N, no network device will contribute entropy. ++ ++ If you believe there is a chance of your network packets being observed ++ and you doubt the security of the entropy pool's one-way hash, do not ++ enable this. If unsure, say N. ++ + Ethertap network tap (OBSOLETE) + CONFIG_ETHERTAP + If you say Y here (and have said Y to "Kernel/User network link +diff -urN linux-2.4.26-pre5/drivers/net/Config.in linux-2.4.26-pre5-netdev-core/drivers/net/Config.in +--- linux-2.4.26-pre5/drivers/net/Config.in Sat Mar 20 10:08:18 2004 ++++ linux-2.4.26-pre5-netdev-core/drivers/net/Config.in Sun Mar 21 10:16:14 2004 +@@ -8,6 +8,7 @@ + tristate 'Bonding driver support' CONFIG_BONDING + tristate 'EQL (serial line load balancing) support' CONFIG_EQUALIZER + tristate 'Universal TUN/TAP device driver support' CONFIG_TUN ++bool 'Allow Net Devices to contribute to /dev/random' CONFIG_NET_RANDOM + if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then + tristate 'Ethertap network tap (OBSOLETE)' CONFIG_ETHERTAP + fi +diff -urN linux-2.4.26-pre5/include/asm-alpha/signal.h linux-2.4.26-pre5-netdev-core/include/asm-alpha/signal.h +--- linux-2.4.26-pre5/include/asm-alpha/signal.h Sat Dec 1 18:27:14 2001 ++++ linux-2.4.26-pre5-netdev-core/include/asm-alpha/signal.h Sun Mar 21 10:16:14 2004 +@@ -121,7 +121,14 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x40000000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 1 /* for blocking signals */ + #define SIG_UNBLOCK 2 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-arm/signal.h linux-2.4.26-pre5-netdev-core/include/asm-arm/signal.h +--- linux-2.4.26-pre5/include/asm-arm/signal.h Sat Sep 13 07:57:29 2003 ++++ linux-2.4.26-pre5-netdev-core/include/asm-arm/signal.h Sun Mar 21 10:16:14 2004 +@@ -125,7 +125,14 @@ + #define SA_PROBE 0x80000000 + #define SA_SAMPLE_RANDOM 0x10000000 + #define SA_SHIRQ 0x04000000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ + #define SIG_UNBLOCK 1 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-cris/signal.h linux-2.4.26-pre5-netdev-core/include/asm-cris/signal.h +--- linux-2.4.26-pre5/include/asm-cris/signal.h Sat Dec 1 18:27:14 2001 ++++ linux-2.4.26-pre5-netdev-core/include/asm-cris/signal.h Sun Mar 21 10:16:14 2004 +@@ -120,7 +120,14 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x04000000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ + #define SIG_UNBLOCK 1 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-i386/signal.h linux-2.4.26-pre5-netdev-core/include/asm-i386/signal.h +--- linux-2.4.26-pre5/include/asm-i386/signal.h Sun Mar 21 00:00:43 2004 ++++ linux-2.4.26-pre5-netdev-core/include/asm-i386/signal.h Sun Mar 21 10:16:14 2004 +@@ -119,7 +119,14 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x04000000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ + #define SIG_UNBLOCK 1 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-ia64/signal.h linux-2.4.26-pre5-netdev-core/include/asm-ia64/signal.h +--- linux-2.4.26-pre5/include/asm-ia64/signal.h Sat Mar 20 10:08:20 2004 ++++ linux-2.4.26-pre5-netdev-core/include/asm-ia64/signal.h Sun Mar 21 10:16:14 2004 +@@ -117,6 +117,12 @@ + #define SA_SHIRQ 0x04000000 + #define SA_PERCPU_IRQ 0x02000000 + ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 ++#endif ++ + #endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-m68k/signal.h linux-2.4.26-pre5-netdev-core/include/asm-m68k/signal.h +--- linux-2.4.26-pre5/include/asm-m68k/signal.h Fri Feb 20 07:38:33 2004 ++++ linux-2.4.26-pre5-netdev-core/include/asm-m68k/signal.h Sun Mar 21 10:16:14 2004 +@@ -116,7 +116,14 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x04000000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ + #define SIG_UNBLOCK 1 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-mips/signal.h linux-2.4.26-pre5-netdev-core/include/asm-mips/signal.h +--- linux-2.4.26-pre5/include/asm-mips/signal.h Sat Sep 13 07:57:31 2003 ++++ linux-2.4.26-pre5-netdev-core/include/asm-mips/signal.h Sun Mar 21 10:16:14 2004 +@@ -111,6 +111,12 @@ + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x02000000 + ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 ++#endif ++ + #endif /* __KERNEL__ */ + + #define SIG_BLOCK 1 /* for blocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-mips64/signal.h linux-2.4.26-pre5-netdev-core/include/asm-mips64/signal.h +--- linux-2.4.26-pre5/include/asm-mips64/signal.h Sat Sep 13 07:57:32 2003 ++++ linux-2.4.26-pre5-netdev-core/include/asm-mips64/signal.h Sun Mar 21 10:16:14 2004 +@@ -119,6 +119,12 @@ + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x02000000 + ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 ++#endif ++ + #endif /* __KERNEL__ */ + + #define SIG_BLOCK 1 /* for blocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-parisc/signal.h linux-2.4.26-pre5-netdev-core/include/asm-parisc/signal.h +--- linux-2.4.26-pre5/include/asm-parisc/signal.h Sun Jan 11 18:48:21 2004 ++++ linux-2.4.26-pre5-netdev-core/include/asm-parisc/signal.h Sun Mar 21 10:16:14 2004 +@@ -100,6 +100,12 @@ + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x04000000 + ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 ++#endif ++ + #endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-ppc/signal.h linux-2.4.26-pre5-netdev-core/include/asm-ppc/signal.h +--- linux-2.4.26-pre5/include/asm-ppc/signal.h Sat Sep 13 07:57:32 2003 ++++ linux-2.4.26-pre5-netdev-core/include/asm-ppc/signal.h Sun Mar 21 10:16:14 2004 +@@ -111,6 +111,13 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x04000000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 ++#endif ++ + #endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-s390/signal.h linux-2.4.26-pre5-netdev-core/include/asm-s390/signal.h +--- linux-2.4.26-pre5/include/asm-s390/signal.h Fri Feb 20 07:38:34 2004 ++++ linux-2.4.26-pre5-netdev-core/include/asm-s390/signal.h Sun Mar 21 10:16:14 2004 +@@ -129,7 +129,14 @@ + #define SA_SHIRQ 0x04000000 + #define SA_DOPATHGROUP 0x00100000 + #define SA_FORCE 0x00200000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ + #define SIG_UNBLOCK 1 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-s390x/signal.h linux-2.4.26-pre5-netdev-core/include/asm-s390x/signal.h +--- linux-2.4.26-pre5/include/asm-s390x/signal.h Fri Feb 20 07:38:34 2004 ++++ linux-2.4.26-pre5-netdev-core/include/asm-s390x/signal.h Sun Mar 21 10:16:14 2004 +@@ -129,7 +129,14 @@ + #define SA_SHIRQ 0x04000000 + #define SA_DOPATHGROUP 0x00100000 + #define SA_FORCE 0x00200000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ + #define SIG_UNBLOCK 1 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-sh/signal.h linux-2.4.26-pre5-netdev-core/include/asm-sh/signal.h +--- linux-2.4.26-pre5/include/asm-sh/signal.h Sat Dec 1 18:27:13 2001 ++++ linux-2.4.26-pre5-netdev-core/include/asm-sh/signal.h Sun Mar 21 10:16:14 2004 +@@ -107,7 +107,14 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_SHIRQ 0x04000000 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + #define SIG_BLOCK 0 /* for blocking signals */ + #define SIG_UNBLOCK 1 /* for unblocking signals */ +diff -urN linux-2.4.26-pre5/include/asm-sparc/signal.h linux-2.4.26-pre5-netdev-core/include/asm-sparc/signal.h +--- linux-2.4.26-pre5/include/asm-sparc/signal.h Sat Dec 1 18:27:14 2001 ++++ linux-2.4.26-pre5-netdev-core/include/asm-sparc/signal.h Sun Mar 21 10:16:14 2004 +@@ -176,7 +176,14 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_STATIC_ALLOC 0x80 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + /* Type of a signal handler. */ + #ifdef __KERNEL__ +diff -urN linux-2.4.26-pre5/include/asm-sparc64/signal.h linux-2.4.26-pre5-netdev-core/include/asm-sparc64/signal.h +--- linux-2.4.26-pre5/include/asm-sparc64/signal.h Sat Dec 1 18:27:14 2001 ++++ linux-2.4.26-pre5-netdev-core/include/asm-sparc64/signal.h Sun Mar 21 10:16:14 2004 +@@ -192,7 +192,14 @@ + #define SA_PROBE SA_ONESHOT + #define SA_SAMPLE_RANDOM SA_RESTART + #define SA_STATIC_ALLOC 0x80 ++ ++#ifdef CONFIG_NET_RANDOM ++#define SA_NET_RANDOM SA_SAMPLE_RANDOM ++#else ++#define SA_NET_RANDOM 0 + #endif ++ ++#endif /* __KERNEL__ */ + + /* Type of a signal handler. */ + #ifdef __KERNEL__ diff --git a/openwrt/package/linux/kernel-patches/404-netdev_random_et.patch b/openwrt/package/linux/kernel-patches/404-netdev_random_et.patch new file mode 100644 index 00000000000..e14a43c354c --- /dev/null +++ b/openwrt/package/linux/kernel-patches/404-netdev_random_et.patch @@ -0,0 +1,11 @@ +--- linux-2.4.30.old/drivers/net/et/et_linux.c 2005-05-05 02:53:35.000000000 +0200 ++++ linux-2.4.30/drivers/net/et/et_linux.c 2005-05-05 02:54:01.000000000 +0200 +@@ -192,7 +192,7 @@ + #endif + + /* register our interrupt handler */ +- if (request_irq(pdev->irq, et_isr, SA_SHIRQ, dev->name, et)) { ++ if (request_irq(pdev->irq, et_isr, SA_SHIRQ | SA_NET_RANDOM, dev->name, et)) { + ET_ERROR(("et%d: request_irq() failed\n", unit)); + goto fail; + } diff --git a/openwrt/package/linux/linux.config b/openwrt/package/linux/linux.config index 944de115b7c..588b877afd1 100644 --- a/openwrt/package/linux/linux.config +++ b/openwrt/package/linux/linux.config @@ -716,6 +716,7 @@ CONFIG_WL_STA=y # CONFIG_BONDING is not set # CONFIG_EQUALIZER is not set CONFIG_TUN=m +CONFIG_NET_RANDOM=y # CONFIG_ETHERTAP is not set # diff --git a/openwrt/package/linux/linux.mk b/openwrt/package/linux/linux.mk index 5e68bd5373c..1cfd69988fc 100644 --- a/openwrt/package/linux/linux.mk +++ b/openwrt/package/linux/linux.mk @@ -52,7 +52,6 @@ $(LINUX_DIR)/.unpacked: $(DL_DIR)/$(LINUX_SOURCE) $(DL_DIR)/$(LINUX_BINARY_WL_DR touch $(LINUX_DIR)/.unpacked $(LINUX_DIR)/.patched: $(LINUX_DIR)/.unpacked - $(PATCH) $(LINUX_DIR) $(LINUX_PATCHES) # copy kernel source which is maintained in openwrt via cvs cp -a $(LINUX_KERNEL_SOURCE)/* $(LINUX_DIR) # copy binary wlan driver @@ -60,6 +59,7 @@ $(LINUX_DIR)/.patched: $(LINUX_DIR)/.unpacked # copy proprietary et source cp -a $(BUILD_DIR)/et/* $(LINUX_DIR)/drivers/net/et cp -a $(BUILD_DIR)/et/*.h $(LINUX_DIR)/include/ + $(PATCH) $(LINUX_DIR) $(LINUX_PATCHES) $(SED) 's/@expr length/@-expr length/' $(LINUX_DIR)/Makefile touch $(LINUX_DIR)/.patched