2 * Copyright (c) 1980, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 static const char copyright[] =
33 "@(#) Copyright (c) 1980, 1993\n\
34 The Regents of the University of California. All rights reserved.\n";
38 static char sccsid[] = "From: @(#)swapon.c 8.1 (Berkeley) 6/5/93";
41 #include <sys/cdefs.h>
42 __FBSDID("$FreeBSD$");
44 #include <sys/param.h>
45 #include <sys/capsicum.h>
47 #include <sys/sysctl.h>
63 #include <openssl/err.h>
64 #include <openssl/pem.h>
65 #include <openssl/rsa.h>
73 fprintf(stderr, "%s\n%s\n%s\n",
74 "usage: dumpon [-v] [-k public_key_file] special_file",
81 check_size(int fd, const char *fn)
83 int name[] = { CTL_HW, HW_PHYSMEM };
84 size_t namelen = nitems(name);
85 unsigned long physmem;
90 len = sizeof(minidump);
91 if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 &&
94 len = sizeof(physmem);
95 if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0)
96 err(EX_OSERR, "can't get memory size");
97 if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0)
98 err(EX_OSERR, "%s: can't get size", fn);
99 if ((uintmax_t)mediasize < (uintmax_t)physmem) {
101 printf("%s is smaller than physical memory\n", fn);
108 genkey(const char *pubkeyfile, struct diocskerneldump_arg *kda)
113 assert(pubkeyfile != NULL);
119 fp = fopen(pubkeyfile, "r");
121 err(1, "Unable to open %s", pubkeyfile);
123 if (cap_enter() < 0 && errno != ENOSYS)
124 err(1, "Unable to enter capability mode");
127 if (pubkey == NULL) {
128 errx(1, "Unable to allocate an RSA structure: %s",
129 ERR_error_string(ERR_get_error(), NULL));
132 pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL);
136 errx(1, "Unable to read data from %s.", pubkeyfile);
138 kda->kda_encryptedkeysize = RSA_size(pubkey);
139 if (kda->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
140 errx(1, "Public key has to be at most %db long.",
141 8 * KERNELDUMP_ENCKEY_MAX_SIZE);
144 kda->kda_encryptedkey = calloc(1, kda->kda_encryptedkeysize);
145 if (kda->kda_encryptedkey == NULL)
146 err(1, "Unable to allocate encrypted key");
148 kda->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
149 arc4random_buf(kda->kda_key, sizeof(kda->kda_key));
150 if (RSA_public_encrypt(sizeof(kda->kda_key), kda->kda_key,
151 kda->kda_encryptedkey, pubkey,
152 RSA_PKCS1_PADDING) != (int)kda->kda_encryptedkeysize) {
153 errx(1, "Unable to encrypt the one-time key.");
162 char dumpdev[PATH_MAX];
164 const char *sysctlname = "kern.shutdown.dumpdevname";
166 len = sizeof(dumpdev);
167 if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) {
168 if (errno == ENOMEM) {
169 err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n",
172 err(EX_OSERR, "Sysctl get '%s'\n", sysctlname);
176 printf("kernel dumps on ");
178 if (strlen(dumpdev) == 0) {
179 printf("%s\n", _PATH_DEVNULL);
181 printf("%s\n", dumpdev);
186 main(int argc, char *argv[])
188 struct diocskerneldump_arg kda;
189 const char *pubkeyfile;
192 int do_listdumpdev = 0;
197 while ((ch = getopt(argc, argv, "k:lv")) != -1)
215 if (do_listdumpdev) {
223 enable = (strcmp(argv[0], "off") != 0);
225 if (pubkeyfile != NULL) {
227 warnx("Unable to use the public key. Recompile dumpon with OpenSSL support.");
235 if (strncmp(argv[0], _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) {
238 i = snprintf(tmp, PATH_MAX, "%s%s", _PATH_DEV, argv[0]);
240 err(EX_OSERR, "%s", argv[0]);
241 } else if (i >= PATH_MAX) {
243 err(EX_DATAERR, "%s", argv[0]);
247 fd = open(dumpdev, O_RDONLY);
249 err(EX_OSFILE, "%s", dumpdev);
250 check_size(fd, dumpdev);
251 bzero(&kda, sizeof(kda));
254 i = ioctl(fd, DIOCSKERNELDUMP, &kda);
255 explicit_bzero(&kda, sizeof(kda));
258 if (pubkeyfile != NULL)
259 genkey(pubkeyfile, &kda);
263 i = ioctl(fd, DIOCSKERNELDUMP, &kda);
264 explicit_bzero(kda.kda_encryptedkey, kda.kda_encryptedkeysize);
265 free(kda.kda_encryptedkey);
266 explicit_bzero(&kda, sizeof(kda));
267 if (i == 0 && verbose)
268 printf("kernel dumps on %s\n", dumpdev);
270 fd = open(_PATH_DEVNULL, O_RDONLY);
272 err(EX_OSFILE, "%s", _PATH_DEVNULL);
275 i = ioctl(fd, DIOCSKERNELDUMP, &kda);
276 explicit_bzero(&kda, sizeof(kda));
277 if (i == 0 && verbose)
278 printf("kernel dumps disabled\n");
281 err(EX_OSERR, "ioctl(DIOCSKERNELDUMP)");