CVS commit: src

["Taylor R Campbell" <riastradh%netbsd.org@localhost>]

Module Name:    src
Committed By:   riastradh
Date:           Fri Aug 14 00:53:16 UTC 2020

Modified Files:
        src/distrib/sets/lists/comp: mi
        src/distrib/sets/lists/debug: mi
        src/distrib/sets/lists/tests: mi
        src/lib/libc/sys: Makefile.inc
        src/sys/dev: random.c
        src/sys/kern: files.kern kern_entropy.c syscalls.master
        src/sys/rump/librump/rumpkern: Makefile.rumpkern
        src/sys/sys: Makefile entropy.h
        src/tests/lib/libc/sys: Makefile
Added Files:
        src/lib/libc/sys: getrandom.2
        src/sys/kern: sys_getrandom.c
        src/sys/sys: random.h
        src/tests/lib/libc/sys: t_getrandom.c

Log Message:
New system call getrandom() compatible with Linux and others.

Three ways to call:

getrandom(p, n, 0)              Blocks at boot until full entropy.
                                Returns up to n bytes at p; guarantees
                                up to 256 bytes even if interrupted
                                after blocking.  getrandom(0,0,0)
                                serves as an entropy barrier: return
                                only after system has full entropy.

getrandom(p, n, GRND_INSECURE)  Never blocks.  Guarantees up to 256
                                bytes even if interrupted.  Equivalent
                                to /dev/urandom.  Safe only after
                                successful getrandom(...,0),
                                getrandom(...,GRND_RANDOM), or read
                                from /dev/random.

getrandom(p, n, GRND_RANDOM)    May block at any time.  Returns up to n
                                bytes at p, but no guarantees about how
                                many -- may return as short as 1 byte.
                                Equivalent to /dev/random.  Legacy.
                                Provided only for source compatibility
                                with Linux.

Can also use flags|GRND_NONBLOCK to fail with EWOULDBLOCK/EAGAIN
without producing any output instead of blocking.

- The combination GRND_INSECURE|GRND_NONBLOCK is the same as
  GRND_INSECURE, since GRND_INSECURE never blocks anyway.

- The combinations GRND_INSECURE|GRND_RANDOM and
  GRND_INSECURE|GRND_RANDOM|GRND_NONBLOCK are nonsensical and fail
  with EINVAL.

As proposed on tech-userlevel, tech-crypto, tech-security, and
tech-kern, and subsequently adopted by core (minus the getentropy part
of the proposal, because other operating systems and participants in
the discussion couldn't come to an agreement about getentropy and
blocking semantics):

https://mail-index.netbsd.org/tech-userlevel/2020/05/02/msg012333.html


To generate a diff of this commit:
cvs rdiff -u -r1.2342 -r1.2343 src/distrib/sets/lists/comp/mi
cvs rdiff -u -r1.326 -r1.327 src/distrib/sets/lists/debug/mi
cvs rdiff -u -r1.888 -r1.889 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.244 -r1.245 src/lib/libc/sys/Makefile.inc
cvs rdiff -u -r0 -r1.1 src/lib/libc/sys/getrandom.2
cvs rdiff -u -r1.7 -r1.8 src/sys/dev/random.c
cvs rdiff -u -r1.50 -r1.51 src/sys/kern/files.kern
cvs rdiff -u -r1.22 -r1.23 src/sys/kern/kern_entropy.c
cvs rdiff -u -r0 -r1.1 src/sys/kern/sys_getrandom.c
cvs rdiff -u -r1.305 -r1.306 src/sys/kern/syscalls.master
cvs rdiff -u -r1.184 -r1.185 src/sys/rump/librump/rumpkern/Makefile.rumpkern
cvs rdiff -u -r1.175 -r1.176 src/sys/sys/Makefile
cvs rdiff -u -r1.3 -r1.4 src/sys/sys/entropy.h
cvs rdiff -u -r0 -r1.1 src/sys/sys/random.h
cvs rdiff -u -r1.66 -r1.67 src/tests/lib/libc/sys/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/lib/libc/sys/t_getrandom.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.