Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src libc: Reintroduce getentropy.
details: https://anonhg.NetBSD.org/src/rev/dcc6206a3343
branches: trunk
changeset: 366582:dcc6206a3343
user: riastradh <riastradh%NetBSD.org@localhost>
date: Tue May 31 13:42:58 2022 +0000
description:
libc: Reintroduce getentropy.
This was introduced two years ago when the getrandom/getentropy API
question was still open, and removed because the discussion was
ongoing. Now getentropy is more widely adopted and soon to be in
POSIX. So reintroduce the symbol into libc since we'll be keeping it
anyway. Discussion of details of the semantics, as interpreted by
NetBSD, is ongoing, but the symbol needs to get in before the
netbsd-10 branch. The draft POSIX text is
(https://www.opengroup.org/austin/docs/austin_1110.pdf):
SYNOPSIS
#include <unistd.h>
int getentropy(void *buffer, size_t length);
DESCRIPTION
The getentropy() function shall write length bytes of data
starting at the location pointed to by buffer. The output
shall be unpredictable high quality random data, generated by
a cryptographically secure pseudo-random number
generator. The maximum permitted value for the length
argument is given by the {GETENTROPY_MAX} symbolic constant
defined in <limits.h>.
RETURN VALUES
Upon successful completion, getentropy() shall return 0;
otherwise, -1 shall be retunred and errno set to indicate the
error.
ERRORS
The getentropy() function shall fail if:
[EINVAL] The value of length is greater than
{GETENTROPY_MAX}.
The getentropy() function may fail if:
[ENOSYS] The system does not provide the necessary
source of entropy.
RATIONALE
The getentropy() function is not a cancellation point.
Minor changes from the previous introduction of getentropy into libc:
- Return EINVAL, not EIO, on buflen > 256.
- Define GETENTROPY_MAX in limits.h.
The declaration of getentropy in unistd.h and definition of
GETENTROPY_MAX in limits.h are currently conditional on
_NETBSD_SOURCE. When the next revision of POSIX is finalized, we can
expose them also under _POSIX_C_SOURCE > 20yymmL as usual -- and this
can be done as a pullup without breaking existing compiled programs.
diffstat:
distrib/sets/lists/comp/mi | 8 +-
distrib/sets/lists/debug/mi | 3 +-
distrib/sets/lists/tests/mi | 3 +-
include/limits.h | 6 +-
include/unistd.h | 3 +-
lib/libc/gen/Makefile.inc | 6 +-
lib/libc/gen/getentropy.3 | 94 ++++++++++++++++++
lib/libc/gen/getentropy.c | 67 +++++++++++++
lib/libc/include/namespace.h | 3 +-
tests/lib/libc/gen/Makefile | 3 +-
tests/lib/libc/gen/t_getentropy.c | 189 ++++++++++++++++++++++++++++++++++++++
11 files changed, 372 insertions(+), 13 deletions(-)
diffs (truncated from 530 to 300 lines):
diff -r 44ca183d7a85 -r dcc6206a3343 distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi Tue May 31 12:59:00 2022 +0000
+++ b/distrib/sets/lists/comp/mi Tue May 31 13:42:58 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.2414 2022/05/27 07:28:21 nia Exp $
+# $NetBSD: mi,v 1.2415 2022/05/31 13:42:58 riastradh Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
./etc/mtree/set.comp comp-sys-root
@@ -7698,7 +7698,7 @@
./usr/share/man/cat3/getdiskrawname.0 comp-c-catman .cat
./usr/share/man/cat3/getdomainname.0 comp-c-catman .cat
./usr/share/man/cat3/getdtablesize.0 comp-c-catman .cat
-./usr/share/man/cat3/getentropy.0 comp-c-catman obsolete
+./usr/share/man/cat3/getentropy.0 comp-c-catman .cat
./usr/share/man/cat3/getenv.0 comp-c-catman .cat
./usr/share/man/cat3/getenv_r.0 comp-c-catman .cat
./usr/share/man/cat3/getfsent.0 comp-c-catman .cat
@@ -16018,7 +16018,7 @@
./usr/share/man/html3/getdiskrawname.html comp-c-htmlman html
./usr/share/man/html3/getdomainname.html comp-c-htmlman html
./usr/share/man/html3/getdtablesize.html comp-c-htmlman html
-./usr/share/man/html3/getentropy.html comp-c-htmlman obsolete
+./usr/share/man/html3/getentropy.html comp-c-htmlman html
./usr/share/man/html3/getenv.html comp-c-htmlman html
./usr/share/man/html3/getenv_r.html comp-c-htmlman html
./usr/share/man/html3/getfsent.html comp-c-htmlman html
@@ -24276,7 +24276,7 @@
./usr/share/man/man3/getdiskrawname.3 comp-c-man .man
./usr/share/man/man3/getdomainname.3 comp-c-man .man
./usr/share/man/man3/getdtablesize.3 comp-c-man .man
-./usr/share/man/man3/getentropy.3 comp-c-man obsolete
+./usr/share/man/man3/getentropy.3 comp-c-man .man
./usr/share/man/man3/getenv.3 comp-c-man .man
./usr/share/man/man3/getenv_r.3 comp-c-man .man
./usr/share/man/man3/getfsent.3 comp-c-man .man
diff -r 44ca183d7a85 -r dcc6206a3343 distrib/sets/lists/debug/mi
--- a/distrib/sets/lists/debug/mi Tue May 31 12:59:00 2022 +0000
+++ b/distrib/sets/lists/debug/mi Tue May 31 13:42:58 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.385 2022/05/29 15:23:20 nia Exp $
+# $NetBSD: mi,v 1.386 2022/05/31 13:42:59 riastradh Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@@ -2007,6 +2007,7 @@
./usr/libdata/debug/usr/tests/lib/libc/gen/t_fpsetround.debug tests-lib-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/lib/libc/gen/t_ftok.debug tests-lib-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/lib/libc/gen/t_getcwd.debug tests-lib-debug debug,atf,compattestfile
+./usr/libdata/debug/usr/tests/lib/libc/gen/t_getentropy.debug tests-lib-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/lib/libc/gen/t_getgrent.debug tests-lib-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/lib/libc/gen/t_glob.debug tests-lib-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/lib/libc/gen/t_glob_star.debug tests-obsolete obsolete,compattestfile
diff -r 44ca183d7a85 -r dcc6206a3343 distrib/sets/lists/tests/mi
--- a/distrib/sets/lists/tests/mi Tue May 31 12:59:00 2022 +0000
+++ b/distrib/sets/lists/tests/mi Tue May 31 13:42:58 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1208 2022/05/27 07:28:22 nia Exp $
+# $NetBSD: mi,v 1.1209 2022/05/31 13:42:59 riastradh Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -2867,6 +2867,7 @@
./usr/tests/lib/libc/gen/t_fpsetround tests-lib-tests compattestfile,atf
./usr/tests/lib/libc/gen/t_ftok tests-lib-tests compattestfile,atf
./usr/tests/lib/libc/gen/t_getcwd tests-lib-tests compattestfile,atf
+./usr/tests/lib/libc/gen/t_getentropy tests-lib-tests compattestfile,atf
./usr/tests/lib/libc/gen/t_getgrent tests-lib-tests compattestfile,atf
./usr/tests/lib/libc/gen/t_glob tests-lib-tests compattestfile,atf
./usr/tests/lib/libc/gen/t_glob_star tests-obsolete obsolete
diff -r 44ca183d7a85 -r dcc6206a3343 include/limits.h
--- a/include/limits.h Tue May 31 12:59:00 2022 +0000
+++ b/include/limits.h Tue May 31 13:42:58 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: limits.h,v 1.42 2019/09/15 23:52:59 christos Exp $ */
+/* $NetBSD: limits.h,v 1.43 2022/05/31 13:42:59 riastradh Exp $ */
/*
* Copyright (c) 1988, 1993
@@ -144,6 +144,10 @@
#define MB_LEN_MAX 32 /* Allow ISO/IEC 2022 */
+#ifdef _NETBSD_SOURCE
+#define GETENTROPY_MAX 256
+#endif
+
#include <machine/limits.h>
#ifdef __CHAR_UNSIGNED__
diff -r 44ca183d7a85 -r dcc6206a3343 include/unistd.h
--- a/include/unistd.h Tue May 31 12:59:00 2022 +0000
+++ b/include/unistd.h Tue May 31 13:42:58 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: unistd.h,v 1.162 2021/10/15 22:32:28 andvar Exp $ */
+/* $NetBSD: unistd.h,v 1.163 2022/05/31 13:42:59 riastradh Exp $ */
/*-
* Copyright (c) 1998, 1999, 2008 The NetBSD Foundation, Inc.
@@ -338,6 +338,7 @@
int fdiscard(int, off_t, off_t);
int fsync_range(int, int, off_t, off_t);
int getdomainname(char *, size_t);
+int getentropy(void *, size_t);
int getgrouplist(const char *, gid_t, gid_t *, int *);
int getgroupmembership(const char *, gid_t, gid_t *, int, int *);
mode_t getmode(const void *, mode_t);
diff -r 44ca183d7a85 -r dcc6206a3343 lib/libc/gen/Makefile.inc
--- a/lib/libc/gen/Makefile.inc Tue May 31 12:59:00 2022 +0000
+++ b/lib/libc/gen/Makefile.inc Tue May 31 13:42:58 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.215 2021/11/15 14:01:51 christos Exp $
+# $NetBSD: Makefile.inc,v 1.216 2022/05/31 13:42:59 riastradh Exp $
# from: @(#)Makefile.inc 8.6 (Berkeley) 5/4/95
# gen sources
@@ -15,7 +15,7 @@
errc.c errlist.c errno.c execl.c execle.c execlp.c execv.c execvp.c \
exect.c extattr.c fmtcheck.c fmtmsg.c fnmatch.c fstab.c ftok.c \
fts.c ftw.c getbsize.c getcap.c getcwd.c \
- getdevmajor.c getdomainname.c getgrent.c \
+ getdevmajor.c getdomainname.c getentropy.c getgrent.c \
getgrouplist.c getgroupmembership.c gethostname.c \
getloadavg.c getlogin.c getmntinfo.c \
getnetgrent.c getpagesize.c \
@@ -61,7 +61,7 @@
fmtcheck.3 fmtmsg.3 fnmatch.3 fpclassify.3 fpgetmask.3 \
ftok.3 fts.3 ftw.3 \
getbsize.3 cgetcap.3 getcwd.3 getdevmajor.3 \
- getdomainname.3 getdiskbyname.3 getfsent.3 \
+ getdomainname.3 getdiskbyname.3 getentropy.3 getfsent.3 \
getgrent.3 getgrouplist.3 gethostname.3 getlastlogx.3 getloadavg.3 \
getmntinfo.3 getnetgrent.3 getpagesize.3 getpass.3 \
getprogname.3 getpwent.3 getttyent.3 getusershell.3 glob.3 \
diff -r 44ca183d7a85 -r dcc6206a3343 lib/libc/gen/getentropy.3
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/libc/gen/getentropy.3 Tue May 31 13:42:58 2022 +0000
@@ -0,0 +1,94 @@
+.\" $NetBSD: getentropy.3,v 1.4 2022/05/31 13:42:59 riastradh Exp $ $
+.\"
+.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Nia Alarie.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd May 1, 2020
+.Dt GETENTROPY 3
+.Os
+.Sh NAME
+.Nm getentropy
+.Nd fill a buffer with high quality random data
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In unistd.h
+.Ft int
+.Fn getentropy "void *buf" "size_t buflen"
+.In limits.h
+.Li #define GETENTROPY_MAX 256
+.Sh DESCRIPTION
+.Pp
+The
+.Fn getentropy
+function fills a buffer with high quality random data, suitable for seeding
+cryptographically secure psuedorandom number generators.
+.Pp
+.Fn getentropy
+is only intended for seeding random number generators and is not intended
+for use by regular code which simply needs secure random data.
+For this purpose, please use
+.Xr arc4random 3 .
+.Pp
+The maximum value for
+.Li buflen
+is 256 bytes.
+.Sh IMPLEMENTATION NOTES
+.Fn getentropy
+reads from the
+.Xr sysctl 7
+variable
+.Li kern.arandom .
+.Sh RETURN VALUES
+.Rv -std getentropy
+.Sh ERRORS
+.Fn getentropy
+will succeed unless:
+.Bl -tag -width Er
+.It Bq Er EFAULT
+The
+.Fa buf
+argument points to an invalid memory address.
+.It Bq Er EINVAL
+More than 256 bytes were requested.
+.Sh SEE ALSO
+.Xr arc4random 3 ,
+.Xr rnd 4
+.Sh STANDARDS
+The
+.Fn getentropy
+function is non-standard.
+However, it is likely to be included in the next revision of POSIX.
+.Sh HISTORY
+The
+.Fn getentropy
+function first appeared in
+.Ox 5.6 ,
+then in
+.Fx 12.0 ,
+and
+.Nx 10 .
diff -r 44ca183d7a85 -r dcc6206a3343 lib/libc/gen/getentropy.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/libc/gen/getentropy.c Tue May 31 13:42:58 2022 +0000
@@ -0,0 +1,67 @@
+/* $NetBSD: getentropy.c,v 1.3 2022/05/31 13:42:59 riastradh Exp $ */
+
+/*-
+ * Copyright (c) 2020 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Nia Alarie.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: getentropy.c,v 1.3 2022/05/31 13:42:59 riastradh Exp $");
+
+#include "namespace.h"
+
+#include <sys/param.h>
+#include <sys/sysctl.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <unistd.h>
+
+#ifdef __weak_alias
+__weak_alias(getentropy,_getentropy)
+#endif
+
+__CTASSERT(GETENTROPY_MAX == 256);
+
+int
+getentropy(void *buf, size_t buflen)
+{
+ size_t len = buflen;
+ int name[2] = { CTL_KERN, KERN_ARND };
+
+ if (buf == NULL && buflen > 0) {
+ errno = EFAULT;
+ return -1;
+ }
+
+ if (buflen > 256) {
+ errno = EINVAL;
+ return -1;
+ }
Home |
Main Index |
Thread Index |
Old Index