This was introduced two years ago when the getrandom/getentropy API
question was still open, and removed because the discussion was
ongoing. Now getentropy is more widely adopted and soon to be in
POSIX. So reintroduce the symbol into libc since we'll be keeping it
anyway. Discussion of details of the semantics, as interpreted by
NetBSD, is ongoing, but the symbol needs to get in before the
netbsd-10 branch. The draft POSIX text is
(https://www.opengroup.org/austin/docs/austin_1110.pdf):
SYNOPSIS
#include <unistd.h>
int getentropy(void *buffer, size_t length);
DESCRIPTION
The getentropy() function shall write length bytes of data
starting at the location pointed to by buffer. The output
shall be unpredictable high quality random data, generated by
a cryptographically secure pseudo-random number
generator. The maximum permitted value for the length
argument is given by the {GETENTROPY_MAX} symbolic constant
defined in <limits.h>.
RETURN VALUES
Upon successful completion, getentropy() shall return 0;
otherwise, -1 shall be retunred and errno set to indicate the
error.
ERRORS
The getentropy() function shall fail if:
[EINVAL] The value of length is greater than
{GETENTROPY_MAX}.
The getentropy() function may fail if:
[ENOSYS] The system does not provide the necessary
source of entropy.
RATIONALE
The getentropy() function is not a cancellation point.
Minor changes from the previous introduction of getentropy into libc:
- Return EINVAL, not EIO, on buflen > 256.
- Define GETENTROPY_MAX in limits.h.
The declaration of getentropy in unistd.h and definition of
GETENTROPY_MAX in limits.h are currently conditional on
_NETBSD_SOURCE. When the next revision of POSIX is finalized, we can
expose them also under _POSIX_C_SOURCE > 20yymmL as usual -- and this
can be done as a pullup without breaking existing compiled programs.
Still being discussed in tech-userlevel. If we wait any longer someone
is going to try the excuse that the discussion is entirely pointless, since
removing symbols is too hard.
Posted to tech-userlevel@ a week ago and reviewed by riastradh@.
GETENTROPY(3) Library Functions Manual GETENTROPY(3)
NAME
getentropy - fill a buffer with high quality random data
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
getentropy(void *buf, size_t buflen);
DESCRIPTION
The getentropy() function fills a buffer with high quality random data,
suitable for seeding cryptographically secure psuedorandom number
generators.
getentropy() is only intended for seeding random number generators and is
not intended for use by regular code which simply needs secure random
data. For this purpose, please use arc4random(3).
The maximum value for buflen is 256 bytes.
IMPLEMENTATION NOTES
getentropy() reads from the sysctl(7) variable kern.arandom.
RETURN VALUES
The getentropy() function returns 0 on success, and -1 if an error
occurred.
ERRORS
getentropy() will succeed unless:
[EFAULT] The buf argument points to an invalid memory address.
[EIO] Too many bytes were requested.
SEE ALSO
arc4random(3), rnd(4)
STANDARDS
The getentropy() function is non-standard.
HISTORY
The getentropy() function first appeared in OpenBSD 5.6, then in
FreeBSD 12.0, and NetBSD 10.
This as discussed on current-users in the thread
entitled:
Proposal: new libc/libutil functions to map SIGXXXX <-> "XXXX"
that can be found (starting at):
http://mail-index.netbsd.org/current-users/2017/04/28/msg031600.html
These functions provide the mechanism to enable applications
to divorce themselves from internal details of the signal
implementation.
Libc minor bumped, prototypes in <signal.h>, sets lists updated (and sorted).
One and all: feel free to improve the sources & man page (etc), but
please do not change the function signatures without discussion.
The original exect(2) from BSD4.2 was enabling bit for tracing
(single-step mode) and calling execve(2). The purpose of it was to generate
a signal for a tracer once the application will change its image to a new
program.
This approach no longer works as:
- exect(2) traces (single-steps) libc and it requires hundreds or
thousands steps before entering a new image
- it's vax and x86 specific code
- this functionality has been moved to the kernel - once a process is
traced it will generate SIGTRAP with si_code TRAP_EXEC and route it to
its debugger
- the side effects and unportability make this interface unusable
- there are no known users of this interface
- it apparently never worked better since day0 of NetBSD ("day0 bug")
Users are requested to move to other execve(2) variants. Calling current
execve(2) as it is the most similar behavior to this one from BSD4.2.
Discussed several times on mailing lists and in PR/51700.
Add warning to exect(3) telling about marking this function obsolete.
This function is prepared to be removed in next libc major bump.
Sponsored by <The NetBSD Foundation>
- syslog_ss.c *_ss api functions (don't use stdio, time)
- syslog.c: *syslog* non _ss api functions (use stdio, time)
- xsyslog.c> common guts.
The motivation for this is not to drag in stdio/locale/floating point/time
for every binary, since syslog_ss() is used in __stack_check_fail() for SSP.
These changes conforms to the C11 standard
References:
- 7.27.1/3 Components of time (struct timespec)
- 7.27.2.5 The timespec_get function
According to ISO/IEC 9899:201x (draft) <time.h> defines the timespec
structure and declares the timespec_get(3) function with TIME_UTC
definition.
According to a C++17 standard draft <ctime> offers the same interface in
the std:: namespace.
The timespec_get function modifies the timespec object pointed by ts
to hold the current calendar time in the given base. The standard notes
only the TIME_UTC base with implementation defined value, set it to 1
as zero is reserved for error handling. Once operation was successful this
function returns passed base, otherwise exits with zero.
The timespec struct was already part of the POSIX standard in <time.h>.
Enable this interface unconditionally in the header to allow to use it
in a code prior C11 and C++17 as an extension.
Review notes from <christos>
* do not build _errno.c (different thread/tls handling)
* do not build either phk- or jemalloc (different backing page allocation)
Somehow I missed these in the previous commit, but now libc built with
RUMPRUN=yes works also with rumprun-posix, so there's reasonably high
confidence that I didn't miss anything anymore.
Also introduce library functions for copying extended attributes from one
file to another:
- extattr_copy_file, extattr_copy_fd, extattr_copy_link, with FreeBSD style,
where a namespace is to be supplied
- cpxattr, fcpxattr, lcpxattr, with Linux style, where all namespaces
accessible to the caller are copied, and the others are silently ignored.
- no need for all the weak symbols
- define a new _VIS_END flag for UNVIS_END so that there are no collisions
between and vis and unvis flags.
- add bound versions of the vis and unvis functions that take the length of
the destination buffer. Unlike the OpenBSD ones they return -1 or NULL if
the buffer is not large enough, instead of silently truncating.
2. do not use _CTYPE_NUM_CHARS macro to read data from LC_CTYPE(old BSDCTYPE style) database.
because 1<<CHAR_BIT is MD, so i added MI macro _CTYPE_CACHE_SIZE(1<<8).
3. remove _NB_CACHED_RUNE macro, use _CTYPE_CACHE_SIZE instead.
riastradh