Up to [cvs.NetBSD.org] / src / lib / libc / gen
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Pull up following revision(s) (requested by riastradh in ticket #939): distrib/sets/lists/debug/module.md.amd64: revision 1.18 sys/modules/Makefile: revision 1.292 lib/libc/gen/arc4random.c: revision 1.34 lib/libc/gen/arc4random.c: revision 1.35 lib/libc/gen/arc4random.c: revision 1.36 lib/libc/gen/arc4random.c: revision 1.37 sys/kern/kern_entropy.c: revision 1.70 lib/libc/gen/arc4random.c: revision 1.38 sys/kern/kern_entropy.c: revision 1.71 lib/libc/gen/getentropy.3: revision 1.8 distrib/sets/lists/modules/md.amd64: revision 1.103 share/man/man4/rnd.4: revision 1.42 share/man/man4/rnd.4: revision 1.44 lib/libc/include/arc4random.h: revision 1.1 distrib/sets/lists/man/mi: revision 1.1786 sys/arch/i386/conf/GENERIC: revision 1.1258 sys/modules/acpivmgenid/acpivmgenid.ioconf: revision 1.1 sys/arch/amd64/conf/ALL: revision 1.190 distrib/sets/lists/debug/mi: revision 1.446 sys/arch/i386/conf/ALL: revision 1.521 lib/libc/gen/Makefile.inc: revision 1.219 distrib/sets/lists/debug/module.md.i386: revision 1.12 sys/dev/acpi/acpi_vmgenid.c: revision 1.1 sys/dev/acpi/acpi_vmgenid.c: revision 1.2 lib/libc/include/reentrant.h: revision 1.22 sys/arch/evbarm/conf/GENERIC64: revision 1.219 share/man/man4/Makefile: revision 1.735 distrib/sets/lists/modules/md.i386: revision 1.100 distrib/sets/lists/tests/mi: revision 1.1334 lib/libc/gen/arc4random.3: revision 1.22 sys/dev/acpi/files.acpi: revision 1.133 lib/libc/gen/arc4random.3: revision 1.23 tests/lib/libc/gen/t_arc4random.c: revision 1.1 sys/sys/entropy.h: revision 1.6 sys/arch/amd64/conf/GENERIC: revision 1.614 sys/modules/acpivmgenid/Makefile: revision 1.1 share/man/man4/acpivmgenid.4: revision 1.1 lib/libc/gen/Makefile.inc: revision 1.220 tests/lib/libc/gen/Makefile: revision 1.56 share/man/man4/acpivmgenid.4: revision 1.2 share/man/man4/acpivmgenid.4: revision 1.3 (all via patch) Catch up with all the lint warnings since exit on warning was disabled. Disable 'missing header declaration' and 'nested extern' warnings for now. acpivmgenid(4): New driver for virtual machine generation ID. Added to amd64/ALL and i386/ALL kernel configurations, and made available as a loadable module acpivmgenid.kmod on x86, for now. TBD: Add to all ACPI-supporting GENERIC kernels. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork entropy(9): Factor out subroutines to reset and gather entropy. `Reset' means we keep the data in the pool, but assume it had zero entropy. `Gather' means we request samples from all on-demand sources and wait for the synchronous ones to complete. No functional change intended, other than to expose new symbols -- just preparation to expose these to acpivmgenid(4), so it can use these when the VM host notifies us that we, the guest, have been cloned. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork acpivmgenid(4): Reset and gather entropy on VM clone notification. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random(3): Reseed if system entropy epoch changes. This can happen, for example, if the system is a VM instance, and the VM is cloned. This incurs the cost of a system call on every arc4random call, which is unfortunate, but 1. we don't currently have a (machine-independent) mechanism for exposing a read-only page to userland shared by the kernel to enable a cheaper access path to the entropy epoch; and 2. the algorithm here -- a simple application of ChaCha -- is likely also a bottleneck and could be much cheaper by (a) using sys/crypto/chacha for machine-dependent vectorized ChaCha code, and (b) filling a buffer (somewhere between a cipher block and a page) in a batch at a time, instead of running ChaCha to generate only 32 bytes at a time. So although this might be a performance hit, the security benefit is worthwhile and we have a clear path to do better than reversing the performance hit later. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork acpivmgenid(4): Nix BUGS that have been squashed. Reference kern.entropy.epoch for the remaining bug (which is a performance issue, not a security issue). PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork entropy(9): Allow unprivileged reads of sysctl kern.entropy.epoch. Applications need this in order to know when to reseed. (We should also expose it through a page shared read-only with userland for cheaper access, but until we do, let's let applications get at it through sysctl.) PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random.c: Fix test program. This isn't wired up anywhere, but let's reduce the bitrot. It was helpful in reminding me that kern.entropy.epoch was, for reasons I can't remember, restricted to privileged access. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork amd64, evbarm, i386: Add acpivmgenid(4) to GENERIC. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork rnd(4): Document kern.entropy.epoch is unprivileged and elaborate. Cross-reference acpivmgenid(4). PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random(3): Note that arc4random respects kern.entropy.epoch. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork Add debug info for new acpivmgenid module arc4random(3): Add automatic tests. This verifies that: - arc4random zeroes its state and reseeds itself on fork - arc4random reseeds itself on entropy consolidation (e.g., VM clone) - arc4random falls back to global state if it can't allocate local state because address space limits cause mmap to fail NOTE: This adds a new libc symbol __arc4random_global, but it's in the reserved namespace and only used by t_arc4random, so no libc minor bump. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork getentropy(3): Note intent to reseed on VM clone, and caveats. Tidy markup and pacify some mandoc -Tlint complaints while here. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork Bump dates on man pages recently updated to mention VM clones. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random(3): Pacify some of lint's complaints. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork arc4random: suppress another lint warning
Pull up following revision(s) (requested by riastradh in ticket #938): lib/libc/gen/getentropy.3: revision 1.7 include/limits.h: revision 1.44 include/unistd.h: revision 1.167 getentropy(3): Make this visible to POSIX.1-2024 applications. Likewise GETENTROPY_MAX. It is now part of POSIX: https://pubs.opengroup.org/onlinepubs/9799919799.2024edition/functions/getentropy.html Cite standard in man page too. While here, use `.Nm' rather than `.Fn getentropy' for self-reference in the man page, for consistency with other usage. PR standards/58603: getentropy(3): update visibility and documentation for POSIX.1-2024
getentropy(3): Note intent to reseed on VM clone, and caveats. Tidy markup and pacify some mandoc -Tlint complaints while here. PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM fork
getentropy(3): Make this visible to POSIX.1-2024 applications. Likewise GETENTROPY_MAX. It is now part of POSIX: https://pubs.opengroup.org/onlinepubs/9799919799.2024edition/functions/getentropy.html Cite standard in man page too. While here, use `.Nm' rather than `.Fn getentropy' for self-reference in the man page, for consistency with other usage. PR standards/58603: getentropy(3): update visibility and documentation for POSIX.1-2024
Pull up following revision(s) (requested by riastradh in ticket #319): sys/dev/pci/ubsec.c: revision 1.64 sys/dev/pci/hifn7751.c: revision 1.82 lib/libc/gen/getentropy.3: revision 1.5 lib/libc/gen/getentropy.3: revision 1.6 share/man/man4/rnd.4: revision 1.41 lib/libc/sys/getrandom.2: revision 1.2 lib/libc/sys/getrandom.2: revision 1.3 share/man/man5/rc.conf.5: revision 1.193 share/man/man7/entropy.7: revision 1.5 share/man/man7/entropy.7: revision 1.6 share/man/man7/entropy.7: revision 1.7 share/man/man7/entropy.7: revision 1.8 etc/security: revision 1.130 share/man/man7/entropy.7: revision 1.9 etc/security: revision 1.131 sys/crypto/cprng_fast/cprng_fast.c: revision 1.19 sys/sys/rndio.h: revision 1.3 tests/lib/libc/sys/t_getrandom.c: revision 1.5 etc/defaults/rc.conf: revision 1.164 etc/defaults/rc.conf: revision 1.165 sys/sys/rndsource.h: revision 1.10 sys/kern/kern_entropy.c: revision 1.62 sys/kern/kern_entropy.c: revision 1.63 sys/kern/kern_entropy.c: revision 1.64 sys/kern/subr_cprng.c: revision 1.44 sys/kern/kern_entropy.c: revision 1.65 sys/kern/kern_clock.c: revision 1.149 sys/dev/pci/viornd.c: revision 1.22 share/man/man9/rnd.9: revision 1.32 sys/kern/subr_prf.c: revision 1.202 sys/sys/rndsource.h: revision 1.8 sys/sys/rndsource.h: revision 1.9 share/man/man7/entropy.7: revision 1.10 1. Reinstate netbsd<=9 entropy estimator to unblock /dev/random, in parallel with assessment of only confident entropy sources (seed, HWRNG) for security warnings like sshd keys in motd and daily insecurity report. 2. Make multiuser boot wait for first /dev/random output soon after loading a seed and configuring rndctl, so that getentropy(3) meets its contract starting early at boot without introducing blocking paths that could cause hangs in init(8) or single-user mode. Operators can choose to disable this wait in rc.conf. 3. Fix some bugs left over from reducing the global entropy lock from a spin lock at IPL_VM to an adaptive lock at IPL_SOFTSERIAL. 4. Update man pages.
getentropy(3): use .Sx to xref CAVEATS
getrandom(2), getentropy(3): Rework man pages. Make supportable promises. Omit needless verbiage. Give caveats with cross-references to entropy(7). Emphasize that security is necessarily relative to system configuration. XXX pullup-10
libc: Reintroduce getentropy. This was introduced two years ago when the getrandom/getentropy API question was still open, and removed because the discussion was ongoing. Now getentropy is more widely adopted and soon to be in POSIX. So reintroduce the symbol into libc since we'll be keeping it anyway. Discussion of details of the semantics, as interpreted by NetBSD, is ongoing, but the symbol needs to get in before the netbsd-10 branch. The draft POSIX text is (https://www.opengroup.org/austin/docs/austin_1110.pdf): SYNOPSIS #include <unistd.h> int getentropy(void *buffer, size_t length); DESCRIPTION The getentropy() function shall write length bytes of data starting at the location pointed to by buffer. The output shall be unpredictable high quality random data, generated by a cryptographically secure pseudo-random number generator. The maximum permitted value for the length argument is given by the {GETENTROPY_MAX} symbolic constant defined in <limits.h>. RETURN VALUES Upon successful completion, getentropy() shall return 0; otherwise, -1 shall be retunred and errno set to indicate the error. ERRORS The getentropy() function shall fail if: [EINVAL] The value of length is greater than {GETENTROPY_MAX}. The getentropy() function may fail if: [ENOSYS] The system does not provide the necessary source of entropy. RATIONALE The getentropy() function is not a cancellation point. Minor changes from the previous introduction of getentropy into libc: - Return EINVAL, not EIO, on buflen > 256. - Define GETENTROPY_MAX in limits.h. The declaration of getentropy in unistd.h and definition of GETENTROPY_MAX in limits.h are currently conditional on _NETBSD_SOURCE. When the next revision of POSIX is finalized, we can expose them also under _POSIX_C_SOURCE > 20yymmL as usual -- and this can be done as a pullup without breaking existing compiled programs.
remove getentropy bits
Fix macro usage. Fix typo. New sentence, new line.
Add getentropy() to libc - a simple wrapper to access the kernel CSPRNG. Posted to tech-userlevel@ a week ago and reviewed by riastradh@. GETENTROPY(3) Library Functions Manual GETENTROPY(3) NAME getentropy - fill a buffer with high quality random data LIBRARY Standard C Library (libc, -lc) SYNOPSIS #include <unistd.h> int getentropy(void *buf, size_t buflen); DESCRIPTION The getentropy() function fills a buffer with high quality random data, suitable for seeding cryptographically secure psuedorandom number generators. getentropy() is only intended for seeding random number generators and is not intended for use by regular code which simply needs secure random data. For this purpose, please use arc4random(3). The maximum value for buflen is 256 bytes. IMPLEMENTATION NOTES getentropy() reads from the sysctl(7) variable kern.arandom. RETURN VALUES The getentropy() function returns 0 on success, and -1 if an error occurred. ERRORS getentropy() will succeed unless: [EFAULT] The buf argument points to an invalid memory address. [EIO] Too many bytes were requested. SEE ALSO arc4random(3), rnd(4) STANDARDS The getentropy() function is non-standard. HISTORY The getentropy() function first appeared in OpenBSD 5.6, then in FreeBSD 12.0, and NetBSD 10.