libc: Fix getentropy POSIX 2024 conformance issues

GETENTROPY_MAX should be defined in limits.h. EINVAL is the return
value for buflen > GETENTROPY_MAX.

PR: 282783
Reviewed by: markj, asomers, jh

libc: Fix getentropy POSIX 2024 conformance issues

GETENTROPY_MAX should be defined in limits.h. EINVAL is the return
value for buflen > GETENTROPY_MAX.

PR: 282783
Reviewed by: markj, asomers, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47689

show more ...

getentropy: restore unistd.h include

It is needed for SSP support.

Reported by: netchild, Shawn Webb
Fixes: 62dab3d016ab ("getentropy: Remove fallback code")
Sponsored by: The FreeBSD Foundation

getentropy: Remove fallback code

We don't in general support running newer libc on an older kernel, but
have occasionally added support for specific functionality on a case-by-
case basis. When we

getentropy: Remove fallback code

We don't in general support running newer libc on an older kernel, but
have occasionally added support for specific functionality on a case-by-
case basis. When we do this it is usually done as an aid for developers
to get across a change that introduced new functionality, as for 64-bit
inodes and the introduction of the getrandom syscall.

The getrandom syscall was added in commit e9ac27430c0c ("Implement
getrandom(2) and getentropy(3)") in 2018, and exists in all supported
FreeBSD versions. The ECAPMODE special case applied to a few months
worth of kernel versions also in 2018 -- fixed as of commit ed1fa01ac45a
("Regen after r337998.").

The backwards-compatibility support is no longer needed, so remove it.

Relnotes: Yes
Reviewed by: brooks, cem, delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47636

show more ...

getentropy: Add Git hashes corresponding to SVN references

getentropy has a comment about a special case to support kernels between
SVN revisions r331280 and r337999. Add the corresponding Git hash

getentropy: Add Git hashes corresponding to SVN references

getentropy has a comment about a special case to support kernels between
SVN revisions r331280 and r337999. Add the corresponding Git hashes so
there's a usable reference after Subversion infrastructure disappears.

Sponsored by: The FreeBSD Foundation

show more ...

include: ssp: round out fortification of current set of headers

ssp/ssp.h needed some improvements:
- `len` isn't always a size_t, it may need casted
- In some cases we may want to use a len that

include: ssp: round out fortification of current set of headers

ssp/ssp.h needed some improvements:
- `len` isn't always a size_t, it may need casted
- In some cases we may want to use a len that isn't specified as a
parameter (e.g., L_ctermid), so __ssp_redirect() should be more
flexible.
- In other cases we may want additional checking, so pull all of the
declaration bits out of __ssp_redirect_raw() so that some functions
can implement the body themselves.

strlcat/strlcpy should be the last of the fortified functions that get
their own __*_chk symbols, and these cases are only done to be
consistent with the rest of the str*() set.

Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45679

show more ...

libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Kee

libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Keep those.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42385

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

Misc compiler warning fixes in lib/libc

Reviewed by: kevans, imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26534

Merge ^/head r339015 through r339669.

getentropy(3): Trap non-API errnos from getrandom(2) and abort

Additionally, reconcile our abort behavior with arc4random(3). Unlike
SIGABRT, SIGKILL cannot be caught by the user program. These fa

getentropy(3): Trap non-API errnos from getrandom(2) and abort

Additionally, reconcile our abort behavior with arc4random(3). Unlike
SIGABRT, SIGKILL cannot be caught by the user program. These failures
are fatal conditions and should not return to the caller, as they did in
the instance that resulted in D17049.

While here, fix some minor typos in a comment.

Reviewed by: delphij
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17050

show more ...

Merge ^/head r338026 through r338297, and resolve conflicts.

In r331279 the code used ENOSYS to check the existence of getrandom(2).
This will only work if the caller already handles SIGSYS, which is not
always the case.

Address this by checking osreldate ins

In r331279 the code used ENOSYS to check the existence of getrandom(2).
This will only work if the caller already handles SIGSYS, which is not
always the case.

Address this by checking osreldate instead. Note that because there
was not __FreeBSD_version bump when the system call was added, use
1200061 (r332100) which is the first bump after the introduction of
the system call.

PR: 230762
Reported by: Jenkins via Mark Millard
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D16807

show more ...

Update userland arc4random() with OpenBSD's Chacha20 based arc4random().

ObsoleteFiles.inc:

Remove manual pages for arc4random_addrandom(3) and
arc4random_stir(3).

contrib/ntp/lib/isc/

Update userland arc4random() with OpenBSD's Chacha20 based arc4random().

ObsoleteFiles.inc:

Remove manual pages for arc4random_addrandom(3) and
arc4random_stir(3).

contrib/ntp/lib/isc/random.c:
contrib/ntp/sntp/libevent/evutil_rand.c:

Eliminate in-tree usage of arc4random_addrandom().

crypto/heimdal/lib/roken/rand.c:
crypto/openssh/config.h:

Eliminate in-tree usage of arc4random_stir().

include/stdlib.h:

Remove arc4random_stir() and arc4random_addrandom() prototypes,
provide temporary shims for transistion period.

lib/libc/gen/Makefile.inc:

Hook arc4random-compat.c to build, add hint for Chacha20 source for
kernel, and remove arc4random_addrandom(3) and arc4random_stir(3)
links.

lib/libc/gen/arc4random.c:

Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the
sys/crypto/chacha20 implementation of keystream.

lib/libc/gen/Symbol.map:

Remove arc4random_stir and arc4random_addrandom interfaces.

lib/libc/gen/arc4random.h:

Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own.

lib/libc/gen/arc4random.3:

Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and
r118247.

lib/libc/gen/arc4random-compat.c:

Compatibility shims for arc4random_stir and arc4random_addrandom
functions to preserve ABI. Log once when called but do nothing
otherwise.

lib/libc/gen/getentropy.c:
lib/libc/include/libc_private.h:

Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl).
Remove from libc_private.h as a result.

sys/crypto/chacha20/chacha.c:
sys/crypto/chacha20/chacha.h:

Make it possible to use the kernel implementation in libc.

PR: 182610
Reviewed by: cem, markm
Obtained from: OpenBSD
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16760

show more ...

Merge ^/head r337646 through r338014.

Workaround ECAPMODE for kernels between revision [331280, 337999)
where getrandom(2) is not available in capability mode.

getentropy(3): Fallback to kern.arandom sysctl on older kernels

On older kernels, when userspace program disables SIGSYS, catch ENOSYS and
emulate getrandom(2) syscall with the kern.arandom sysctl (

getentropy(3): Fallback to kern.arandom sysctl on older kernels

On older kernels, when userspace program disables SIGSYS, catch ENOSYS and
emulate getrandom(2) syscall with the kern.arandom sysctl (via existing
arc4_sysctl wrapper).

Special care is taken to faithfully emulate EFAULT on NULL pointers, because
sysctl(3) as used by kern.arandom ignores NULL oldp. (This was caught by
getentropy(3) ATF tests.)

Reported by: kib
Reviewed by: kib
Discussed with: delphij
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D14785

show more ...

Implement getrandom(2) and getentropy(3)

The general idea here is to provide userspace programs with well-defined
sources of entropy, in a fashion that doesn't require opening a new file
descriptor

Implement getrandom(2) and getentropy(3)

The general idea here is to provide userspace programs with well-defined
sources of entropy, in a fashion that doesn't require opening a new file
descriptor (ulimits) or accessing paths (/dev/urandom may be restricted
by chroot or capsicum).

getrandom(2) is the more general API, and comes from the Linux world.
Since our urandom and random devices are identical, the GRND_RANDOM flag
is ignored.

getentropy(3) is added as a compatibility shim for the OpenBSD API.

truss(1) support is included.

Tests for both system calls are provided. Coverage is believed to be at
least as comprehensive as LTP getrandom(2) test coverage. Additionally,
instructions for running the LTP tests directly against FreeBSD are provided
in the "Test Plan" section of the Differential revision linked below. (They
pass, of course.)

PR: 194204
Reported by: David CARLIER <david.carlier AT hardenedbsd.org>
Discussed with: cperciva, delphij, jhb, markj
Relnotes: maybe
Differential Revision: https://reviews.freebsd.org/D14500

show more ...