reallocarray() will be part of the next POSIX release, see
https://austingroupbugs.net/view.php?id=1218
adapt an errno value to match POSIX expectations
As discussed on tech-userlevel
The previous range introduced in time.h rev1.14 was supposed to account
for a mystical "double leap second", which ultimately never could exist
and was a mistaken interpretation from an early ISO C standard whereby
the possibility of two leap seconds within a year was erroneously
interpreted to mean that two leap seconds could occur at once.
This was introduced two years ago when the getrandom/getentropy API
question was still open, and removed because the discussion was
ongoing. Now getentropy is more widely adopted and soon to be in
POSIX. So reintroduce the symbol into libc since we'll be keeping it
anyway. Discussion of details of the semantics, as interpreted by
NetBSD, is ongoing, but the symbol needs to get in before the
netbsd-10 branch. The draft POSIX text is
(https://www.opengroup.org/austin/docs/austin_1110.pdf):
SYNOPSIS
#include <unistd.h>
int getentropy(void *buffer, size_t length);
DESCRIPTION
The getentropy() function shall write length bytes of data
starting at the location pointed to by buffer. The output
shall be unpredictable high quality random data, generated by
a cryptographically secure pseudo-random number
generator. The maximum permitted value for the length
argument is given by the {GETENTROPY_MAX} symbolic constant
defined in <limits.h>.
RETURN VALUES
Upon successful completion, getentropy() shall return 0;
otherwise, -1 shall be retunred and errno set to indicate the
error.
ERRORS
The getentropy() function shall fail if:
[EINVAL] The value of length is greater than
{GETENTROPY_MAX}.
The getentropy() function may fail if:
[ENOSYS] The system does not provide the necessary
source of entropy.
RATIONALE
The getentropy() function is not a cancellation point.
Minor changes from the previous introduction of getentropy into libc:
- Return EINVAL, not EIO, on buflen > 256.
- Define GETENTROPY_MAX in limits.h.
The declaration of getentropy in unistd.h and definition of
GETENTROPY_MAX in limits.h are currently conditional on
_NETBSD_SOURCE. When the next revision of POSIX is finalized, we can
expose them also under _POSIX_C_SOURCE > 20yymmL as usual -- and this
can be done as a pullup without breaking existing compiled programs.
There's really no need for all the complex #ifdefs present and, on top
of that, it didn't even work correctly for all NetBSD architectures.
Simply use endian.h and drop the rest. (Since there is no upstream for
this code anymore, there's no concern about complicating future merges,
either. This change is also consistent with what FreeBSD and OpenBSD
did years ago.)
Addresses PR toolchain/53880 (reported by maya@, originally encountered
by me on macppc when building a package that pulls in nameser_compat.h
before nameser.h by necessity -- necessity, that is, on another OS).
trampoline exclusively, thus relegating "sigcontext"-style handlers (which
have not been documented for many years now) to the dustbin of the compat
library.
When these functions where added to stdio.h 1.72 on 2008-08-04, the
conditional included _NETBSD_SOURCE.
The additional condition was removed in stdio.h 1.99 from 2020-03-20,
but the comment was not updated.
In stdio.h 1.1 from 1993-03-21, the struct had a member named _ub for
the ungetc buffer. That member was repurposed in stdio.h 1.42 from
2001-12-07 in order to support wide characters.
Remove the reference to the 'WARNING above' since there is no such
warning and even when this comment was added in stdio.h 1.20 from
1998-02-02, there was none.
The 'fairly grotesque' from 1994-04-03 referred to the conditional
definition of the type fpos_t, using two different integer types that
both happened to be 64-bit.
When stdio was changed on 2012-01-22 to keep track of the mbstate, the
conditional type definition was removed and the comment no longer made
sense.
- define u_{char,short,int,long} if we don't have _NETBSD_SOURCE defined
so that this compiles (and resolv.h since it includes this). This is
the simplest solution. Others:
- always define them (bad, pollutes namespace)
- create <sys/utypes.h> (bad, overkill)
- change them to unsigned {char, short, int long} (bad, too disruptive)
Changes:
- Add a new field r_ldbase in the r_debug struct.
- Set r_version to 1.
This harmonizes the support with OpenBSD and Linux.
FreeBSD uses version 0 (or no version).
Solaris uses version 2 that is not implemented elsewhere and relies on
SVR4 specific design and interfaces.
Update the code comments as r_debug and link_map is used by other software
than GDB, namely: sanitizers, rump, LLDB.
Posted to tech-userlevel@ a week ago and reviewed by riastradh@.
GETENTROPY(3) Library Functions Manual GETENTROPY(3)
NAME
getentropy - fill a buffer with high quality random data
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
getentropy(void *buf, size_t buflen);
DESCRIPTION
The getentropy() function fills a buffer with high quality random data,
suitable for seeding cryptographically secure psuedorandom number
generators.
getentropy() is only intended for seeding random number generators and is
not intended for use by regular code which simply needs secure random
data. For this purpose, please use arc4random(3).
The maximum value for buflen is 256 bytes.
IMPLEMENTATION NOTES
getentropy() reads from the sysctl(7) variable kern.arandom.
RETURN VALUES
The getentropy() function returns 0 on success, and -1 if an error
occurred.
ERRORS
getentropy() will succeed unless:
[EFAULT] The buf argument points to an invalid memory address.
[EIO] Too many bytes were requested.
SEE ALSO
arc4random(3), rnd(4)
STANDARDS
The getentropy() function is non-standard.
HISTORY
The getentropy() function first appeared in OpenBSD 5.6, then in
FreeBSD 12.0, and NetBSD 10.
C++ without real static_assert() can be incompatible with the C fallback
as presented in openjdk.
A pre-C11 compiler can be picky on the implementation.
nia