The NetBSD Project

CVS log for src/lib/libc/gen/getentropy.3

[BACK] Up to [cvs.NetBSD.org] / src / lib / libc / gen

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.4.2.3: download - view: text, markup, annotated - select for diffs
Wed Oct 9 13:25:10 2024 UTC (2 months ago) by martin
Branches: netbsd-10
Diff to: previous 1.4.2.2: preferred, colored; branchpoint 1.4: preferred, colored; next MAIN 1.5: preferred, colored
Changes since revision 1.4.2.2: +18 -4 lines
Pull up following revision(s) (requested by riastradh in ticket #939):

	distrib/sets/lists/debug/module.md.amd64: revision 1.18
	sys/modules/Makefile: revision 1.292
	lib/libc/gen/arc4random.c: revision 1.34
	lib/libc/gen/arc4random.c: revision 1.35
	lib/libc/gen/arc4random.c: revision 1.36
	lib/libc/gen/arc4random.c: revision 1.37
	sys/kern/kern_entropy.c: revision 1.70
	lib/libc/gen/arc4random.c: revision 1.38
	sys/kern/kern_entropy.c: revision 1.71
	lib/libc/gen/getentropy.3: revision 1.8
	distrib/sets/lists/modules/md.amd64: revision 1.103
	share/man/man4/rnd.4: revision 1.42
	share/man/man4/rnd.4: revision 1.44
	lib/libc/include/arc4random.h: revision 1.1
	distrib/sets/lists/man/mi: revision 1.1786
	sys/arch/i386/conf/GENERIC: revision 1.1258
	sys/modules/acpivmgenid/acpivmgenid.ioconf: revision 1.1
	sys/arch/amd64/conf/ALL: revision 1.190
	distrib/sets/lists/debug/mi: revision 1.446
	sys/arch/i386/conf/ALL: revision 1.521
	lib/libc/gen/Makefile.inc: revision 1.219
	distrib/sets/lists/debug/module.md.i386: revision 1.12
	sys/dev/acpi/acpi_vmgenid.c: revision 1.1
	sys/dev/acpi/acpi_vmgenid.c: revision 1.2
	lib/libc/include/reentrant.h: revision 1.22
	sys/arch/evbarm/conf/GENERIC64: revision 1.219
	share/man/man4/Makefile: revision 1.735
	distrib/sets/lists/modules/md.i386: revision 1.100
	distrib/sets/lists/tests/mi: revision 1.1334
	lib/libc/gen/arc4random.3: revision 1.22
	sys/dev/acpi/files.acpi: revision 1.133
	lib/libc/gen/arc4random.3: revision 1.23
	tests/lib/libc/gen/t_arc4random.c: revision 1.1
	sys/sys/entropy.h: revision 1.6
	sys/arch/amd64/conf/GENERIC: revision 1.614
	sys/modules/acpivmgenid/Makefile: revision 1.1
	share/man/man4/acpivmgenid.4: revision 1.1
	lib/libc/gen/Makefile.inc: revision 1.220
	tests/lib/libc/gen/Makefile: revision 1.56
	share/man/man4/acpivmgenid.4: revision 1.2
	share/man/man4/acpivmgenid.4: revision 1.3

	(all via patch)

Catch up with all the lint warnings since exit on warning was disabled.

Disable 'missing header declaration' and 'nested extern' warnings for now.
acpivmgenid(4): New driver for virtual machine generation ID.

Added to amd64/ALL and i386/ALL kernel configurations, and made
available as a loadable module acpivmgenid.kmod on x86, for now.
TBD: Add to all ACPI-supporting GENERIC kernels.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

entropy(9): Factor out subroutines to reset and gather entropy.
`Reset' means we keep the data in the pool, but assume it had zero
entropy.  `Gather' means we request samples from all on-demand
sources and wait for the synchronous ones to complete.

No functional change intended, other than to expose new symbols --
just preparation to expose these to acpivmgenid(4), so it can use
these when the VM host notifies us that we, the guest, have been
cloned.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

acpivmgenid(4): Reset and gather entropy on VM clone notification.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random(3): Reseed if system entropy epoch changes.
This can happen, for example, if the system is a VM instance, and the
VM is cloned.

This incurs the cost of a system call on every arc4random call, which
is unfortunate, but
1. we don't currently have a (machine-independent) mechanism for
   exposing a read-only page to userland shared by the kernel to
   enable a cheaper access path to the entropy epoch; and
2. the algorithm here -- a simple application of ChaCha -- is likely
   also a bottleneck and could be much cheaper by
   (a) using sys/crypto/chacha for machine-dependent vectorized
       ChaCha code, and
   (b) filling a buffer (somewhere between a cipher block and a page)
       in a batch at a time, instead of running ChaCha to generate
       only 32 bytes at a time.
So although this might be a performance hit, the security benefit is
worthwhile and we have a clear path to do better than reversing the
performance hit later.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

acpivmgenid(4): Nix BUGS that have been squashed.
Reference kern.entropy.epoch for the remaining bug (which is a
performance issue, not a security issue).
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

entropy(9): Allow unprivileged reads of sysctl kern.entropy.epoch.

Applications need this in order to know when to reseed.  (We should
also expose it through a page shared read-only with userland for
cheaper access, but until we do, let's let applications get at it
through sysctl.)
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random.c: Fix test program.

This isn't wired up anywhere, but let's reduce the bitrot.  It was
helpful in reminding me that kern.entropy.epoch was, for reasons I
can't remember, restricted to privileged access.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

amd64, evbarm, i386: Add acpivmgenid(4) to GENERIC.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

rnd(4): Document kern.entropy.epoch is unprivileged and elaborate.
Cross-reference acpivmgenid(4).
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random(3): Note that arc4random respects kern.entropy.epoch.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork
Add debug info for new acpivmgenid module

arc4random(3): Add automatic tests.

This verifies that:
- arc4random zeroes its state and reseeds itself on fork
- arc4random reseeds itself on entropy consolidation (e.g., VM clone)
- arc4random falls back to global state if it can't allocate local
  state because address space limits cause mmap to fail

NOTE: This adds a new libc symbol __arc4random_global, but it's in
the reserved namespace and only used by t_arc4random, so no libc
minor bump.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

getentropy(3): Note intent to reseed on VM clone, and caveats.

Tidy markup and pacify some mandoc -Tlint complaints while here.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

Bump dates on man pages recently updated to mention VM clones.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random(3): Pacify some of lint's complaints.
PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

arc4random: suppress another lint warning

Revision 1.4.2.2: download - view: text, markup, annotated - select for diffs
Wed Oct 9 13:12:40 2024 UTC (2 months ago) by martin
Branches: netbsd-10
Diff to: previous 1.4.2.1: preferred, colored; branchpoint 1.4: preferred, colored
Changes since revision 1.4.2.1: +6 -6 lines
Pull up following revision(s) (requested by riastradh in ticket #938):

	lib/libc/gen/getentropy.3: revision 1.7
	include/limits.h: revision 1.44
	include/unistd.h: revision 1.167

getentropy(3): Make this visible to POSIX.1-2024 applications.

Likewise GETENTROPY_MAX.

It is now part of POSIX:
https://pubs.opengroup.org/onlinepubs/9799919799.2024edition/functions/getentropy.html

Cite standard in man page too.  While here, use `.Nm' rather than
`.Fn getentropy' for self-reference in the man page, for consistency
with other usage.

PR standards/58603: getentropy(3): update visibility and documentation
for POSIX.1-2024

Revision 1.8: download - view: text, markup, annotated - select for diffs
Wed Aug 28 14:08:48 2024 UTC (3 months, 2 weeks ago) by riastradh
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +18 -4 lines
getentropy(3): Note intent to reseed on VM clone, and caveats.

Tidy markup and pacify some mandoc -Tlint complaints while here.

PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
fork

Revision 1.7: download - view: text, markup, annotated - select for diffs
Thu Aug 15 23:44:49 2024 UTC (3 months, 3 weeks ago) by riastradh
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +6 -6 lines
getentropy(3): Make this visible to POSIX.1-2024 applications.

Likewise GETENTROPY_MAX.

It is now part of POSIX:

https://pubs.opengroup.org/onlinepubs/9799919799.2024edition/functions/getentropy.html

Cite standard in man page too.  While here, use `.Nm' rather than
`.Fn getentropy' for self-reference in the man page, for consistency
with other usage.

PR standards/58603: getentropy(3): update visibility and documentation
for POSIX.1-2024

Revision 1.4.2.1: download - view: text, markup, annotated - select for diffs
Fri Aug 11 14:35:24 2023 UTC (16 months ago) by martin
Branches: netbsd-10
CVS tags: netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +48 -23 lines
Pull up following revision(s) (requested by riastradh in ticket #319):

	sys/dev/pci/ubsec.c: revision 1.64
	sys/dev/pci/hifn7751.c: revision 1.82
	lib/libc/gen/getentropy.3: revision 1.5
	lib/libc/gen/getentropy.3: revision 1.6
	share/man/man4/rnd.4: revision 1.41
	lib/libc/sys/getrandom.2: revision 1.2
	lib/libc/sys/getrandom.2: revision 1.3
	share/man/man5/rc.conf.5: revision 1.193
	share/man/man7/entropy.7: revision 1.5
	share/man/man7/entropy.7: revision 1.6
	share/man/man7/entropy.7: revision 1.7
	share/man/man7/entropy.7: revision 1.8
	etc/security: revision 1.130
	share/man/man7/entropy.7: revision 1.9
	etc/security: revision 1.131
	sys/crypto/cprng_fast/cprng_fast.c: revision 1.19
	sys/sys/rndio.h: revision 1.3
	tests/lib/libc/sys/t_getrandom.c: revision 1.5
	etc/defaults/rc.conf: revision 1.164
	etc/defaults/rc.conf: revision 1.165
	sys/sys/rndsource.h: revision 1.10
	sys/kern/kern_entropy.c: revision 1.62
	sys/kern/kern_entropy.c: revision 1.63
	sys/kern/kern_entropy.c: revision 1.64
	sys/kern/subr_cprng.c: revision 1.44
	sys/kern/kern_entropy.c: revision 1.65
	sys/kern/kern_clock.c: revision 1.149
	sys/dev/pci/viornd.c: revision 1.22
	share/man/man9/rnd.9: revision 1.32
	sys/kern/subr_prf.c: revision 1.202
	sys/sys/rndsource.h: revision 1.8
	sys/sys/rndsource.h: revision 1.9
	share/man/man7/entropy.7: revision 1.10

1. Reinstate netbsd<=9 entropy estimator to unblock /dev/random, in
   parallel with assessment of only confident entropy sources (seed,
   HWRNG) for security warnings like sshd keys in motd and daily
   insecurity report.

2. Make multiuser boot wait for first /dev/random output soon after
   loading a seed and configuring rndctl, so that getentropy(3) meets
   its contract starting early at boot without introducing blocking
   paths that could cause hangs in init(8) or single-user mode.
   Operators can choose to disable this wait in rc.conf.

3. Fix some bugs left over from reducing the global entropy lock from
   a spin lock at IPL_VM to an adaptive lock at IPL_SOFTSERIAL.

4. Update man pages.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Fri Jun 30 22:15:14 2023 UTC (17 months, 2 weeks ago) by uwe
Branches: MAIN
CVS tags: perseant-exfatfs-base-20240630, perseant-exfatfs-base, perseant-exfatfs
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +4 -2 lines
getentropy(3): use .Sx to xref CAVEATS

Revision 1.5: download - view: text, markup, annotated - select for diffs
Fri Jun 30 21:44:22 2023 UTC (17 months, 2 weeks ago) by riastradh
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +46 -23 lines
getrandom(2), getentropy(3): Rework man pages.

Make supportable promises.  Omit needless verbiage.  Give caveats
with cross-references to entropy(7).  Emphasize that security is
necessarily relative to system configuration.

XXX pullup-10

Revision 1.4: download - view: text, markup, annotated - select for diffs
Tue May 31 13:42:59 2022 UTC (2 years, 6 months ago) by riastradh
Branches: MAIN
CVS tags: netbsd-10-base
Branch point for: netbsd-10
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +9 -8 lines
libc: Reintroduce getentropy.

This was introduced two years ago when the getrandom/getentropy API
question was still open, and removed because the discussion was
ongoing.  Now getentropy is more widely adopted and soon to be in
POSIX.  So reintroduce the symbol into libc since we'll be keeping it
anyway.  Discussion of details of the semantics, as interpreted by
NetBSD, is ongoing, but the symbol needs to get in before the
netbsd-10 branch.  The draft POSIX text is
(https://www.opengroup.org/austin/docs/austin_1110.pdf):

    SYNOPSIS
        #include <unistd.h>

        int getentropy(void *buffer, size_t length);

    DESCRIPTION
        The getentropy() function shall write length bytes of data
        starting at the location pointed to by buffer. The output
        shall be unpredictable high quality random data, generated by
        a cryptographically secure pseudo-random number
        generator. The maximum permitted value for the length
        argument is given by the {GETENTROPY_MAX} symbolic constant
        defined in <limits.h>.

    RETURN VALUES
        Upon successful completion, getentropy() shall return 0;
        otherwise, -1 shall be retunred and errno set to indicate the
        error.

    ERRORS
        The getentropy() function shall fail if:

        [EINVAL]        The value of length is greater than
                        {GETENTROPY_MAX}.

        The getentropy() function may fail if:

        [ENOSYS]        The system does not provide the necessary
                        source of entropy.

    RATIONALE
        The getentropy() function is not a cancellation point.

Minor changes from the previous introduction of getentropy into libc:

- Return EINVAL, not EIO, on buflen > 256.
- Define GETENTROPY_MAX in limits.h.

The declaration of getentropy in unistd.h and definition of
GETENTROPY_MAX in limits.h are currently conditional on
_NETBSD_SOURCE.  When the next revision of POSIX is finalized, we can
expose them also under _POSIX_C_SOURCE > 20yymmL as usual -- and this
can be done as a pullup without breaking existing compiled programs.

Revision 1.3
Tue Sep 22 21:37:47 2020 UTC (4 years, 2 months ago) by nia
Branches: MAIN
CVS tags: cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
FILE REMOVED
Changes since revision 1.2: +1 -1 lines
remove getentropy bits

Revision 1.2: download - view: text, markup, annotated - select for diffs
Thu May 7 12:55:06 2020 UTC (4 years, 7 months ago) by wiz
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +6 -6 lines
Fix macro usage. Fix typo. New sentence, new line.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Wed May 6 16:17:36 2020 UTC (4 years, 7 months ago) by nia
Branches: MAIN
Add getentropy() to libc - a simple wrapper to access the kernel CSPRNG.

Posted to tech-userlevel@ a week ago and reviewed by riastradh@.

GETENTROPY(3)		   Library Functions Manual		 GETENTROPY(3)

NAME
     getentropy - fill a buffer with high quality random data

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <unistd.h>

     int
     getentropy(void *buf, size_t buflen);

DESCRIPTION
     The getentropy() function fills a buffer with high quality random data,
     suitable for seeding cryptographically secure psuedorandom number
     generators.

     getentropy() is only intended for seeding random number generators and is
     not intended for use by regular code which simply needs secure random
     data.  For this purpose, please use arc4random(3).

     The maximum value for buflen is 256 bytes.

IMPLEMENTATION NOTES
     getentropy() reads from the sysctl(7) variable kern.arandom.

RETURN VALUES
     The getentropy() function returns 0 on success, and -1 if an error
     occurred.

ERRORS
     getentropy() will succeed unless:

     [EFAULT]		The buf argument points to an invalid memory address.

     [EIO]		Too many bytes were requested.

SEE ALSO
     arc4random(3), rnd(4)

STANDARDS
     The getentropy() function is non-standard.

HISTORY
     The getentropy() function first appeared in OpenBSD 5.6, then in
     FreeBSD 12.0, and NetBSD 10.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>