diff options
| author | Florian Weimer <fweimer@redhat.com> | 2016-12-12 17:28:03 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2016-12-12 17:28:04 +0100 |
| commit | 92dcaa3e2f7bf0f7f1c04cd2fb6a317df1a4e225 (patch) | |
| tree | 31c4343ff83e493044ed9678650b790d482cb9d5 | |
| parent | 341657bc9c17d3ea4546c6d998e67ca349a78e80 (diff) | |
| download | glibc-92dcaa3e2f7bf0f7f1c04cd2fb6a317df1a4e225.tar.xz glibc-92dcaa3e2f7bf0f7f1c04cd2fb6a317df1a4e225.zip | |
Add getentropy, getrandom, <sys/random.h> [BZ #17252]
41 files changed, 693 insertions, 4 deletions
@@ -1,3 +1,51 @@ +2016-12-12 Florian Weimer <fweimer@redhat.com> + + [BZ #17252] + Add getentropy, getrandom. + * stdlib/sys/random.h: New file. + (headers): Add it. + * stdlib/Makefile (routines): Add getentropy, getrandom. + (tests): Add tst-getrandom. + * stdlib/Versions (GLIBC_2.25): Add getrandom, getentropy. + * stdlib/getentropy.c: New file. + * stdlib/getrandom.c: Likewise. + * stdlib/tst-getrandom.c: Likewise. + * sysdeps/unix/sysv/linux/getentropy.c: Likewise. + * sysdeps/unix/sysv/linux/getrandom.c: Likewise. + * manual/crypt.texi (Unpredictable Bytes): New section. + * manual/math.texi (Pseudo-Random Numbers): Add cross-reference. + * sysdeps/arm/nacl/libc.abilist: Add getrandom, getentropy. + * sysdeps/unix/sysv/linux/aarch64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/alpha/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/arm/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/hppa/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/i386/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/ia64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/microblaze/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/nios2/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist: + Likewise. + * sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist: + Likewise. + * sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist: Likewise. + * sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/sh/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/x86_64/64/libc.abilist: Likewise. + * sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist: Likewise. + 2016-12-10 Florian Weimer <fweimer@redhat.com> [BZ #20956] @@ -96,6 +96,9 @@ Version 2.25 affect the ABI of other libraries that use this type in their interfaces, if they are compiled or used with those options. +* The getentropy and getrandom functions, and the <sys/random.h> header file + have been added. + * The buffer size for byte-oriented stdio streams is now limited to 8192 bytes by default. Previously, on Linux, the default buffer size on most file systems was 4096 bytes (and thus remains unchanged), except on diff --git a/manual/crypt.texi b/manual/crypt.texi index 9f4474023e..4ab512bb37 100644 --- a/manual/crypt.texi +++ b/manual/crypt.texi @@ -45,6 +45,7 @@ encrypted authentication use normal DES. * getpass:: Prompting the user for a password. * crypt:: A one-way function for passwords. * DES Encryption:: Routines for DES encryption. +* Unpredictable Bytes:: Randomness for cryptography purposes. @end menu @node Legal Problems @@ -428,3 +429,114 @@ each byte. The @code{ecb_crypt}, @code{cbc_crypt}, and @code{des_setparity} functions and their accompanying macros are all defined in the header @file{rpc/des_crypt.h}. + +@node Unpredictable Bytes +@section Generating Unpredictable Bytes + +Some cryptographic applications (such as session key generation) need +unpredictable bytes. + +In general, application code should use a deterministic random bit +generator, which could call the @code{getentropy} function described +below internally to obtain randomness to seed the generator. The +@code{getrandom} function is intended for low-level applications which +need additional control over the blocking behavior. + +@comment sys/random.h +@comment GNU +@deftypefun int getentropy (void *@var{buffer}, size_t @var{length}) +@safety{@mtsafe{}@assafe{}@acsafe{}} + +This function writes @var{length} bytes of random data to the array +starting at @var{buffer}, which must be at most 256 bytes long. The +function returns zero on success. On failure, it returns @code{-1} and +@code{errno} is updated accordingly. + +The @code{getentropy} function is declared in the header file +@file{sys/random.h}. It is derived from OpenBSD. + +The @code{getentropy} function is not a cancellation point. A call to +@code{getentropy} can block if the system has just booted and the kernel +entropy pool has not yet been initialized. In this case, the function +will keep blocking even if a signal arrives, and return only after the +entropy pool has been initialized. + +The @code{getentropy} function can fail with several errors, some of +which are listed below. + +@table @code +@item ENOSYS +The kernel does not implement the required system call. + +@item EFAULT +The combination of @var{buffer} and @var{length} arguments specifies +an invalid memory range. + +@item EIO +More than 256 bytes of randomness have been requested, or the buffer +could not be overwritten with random data for an unspecified reason. + +@end table + +@end deftypefun + +@comment sys/random.h +@comment GNU +@deftypefun ssize_t getrandom (void *@var{buffer}, size_t @var{length}, unsigned int @var{flags}) +@safety{@mtsafe{}@assafe{}@acsafe{}} + +This function writes @var{length} bytes of random data to the array +starting at @var{buffer}. On success, this function returns the number +of bytes which have been written to the buffer (which can be less than +@var{length}). On error, @code{-1} is returned, and @code{errno} is +updated accordingly. + +The @code{getrandom} function is declared in the header file +@file{sys/random.h}. It is a GNU extension. + +The following flags are defined for the @var{flags} argument: + +@table @code +@item GRND_RANDOM +Use the @file{/dev/random} (blocking) pool instead of the +@file{/dev/urandom} (non-blocking) pool to obtain randomness. If the +@code{GRND_RANDOM} flag is specified, the @code{getrandom} function can +block even after the randomness source has been initialized. + +@item GRND_NONBLOCK +Instead of blocking, return to the caller immediately if no data is +available. +@end table + +The @code{getrandom} function is a cancellation point. + +Obtaining randomness from the @file{/dev/urandom} pool (i.e., a call +without the @code{GRND_RANDOM} flag) can block if the system has just +booted and the pool has not yet been initialized. + +The @code{getrandom} function can fail with several errors, some of +which are listed below. In addition, the function may not fill the +buffer completely and return a value less than @var{length}. + +@table @code +@item ENOSYS +The kernel does not implement the @code{getrandom} system call. + +@item EAGAIN +No random data was available and @code{GRND_NONBLOCK} was specified in +@var{flags}. + +@item EFAULT +The combination of @var{buffer} and @var{length} arguments specifies +an invalid memory range. + +@item EINTR +The system call was interrupted. During the system boot process, before +the kernel randomness pool is initialized, this can happen even if +@var{flags} is zero. + +@item EINVAL +The @var{flags} argument contains an invalid combination of flags. +@end table + +@end deftypefun diff --git a/manual/math.texi b/manual/math.texi index 5ad8732eca..9b699f1def 100644 --- a/manual/math.texi +++ b/manual/math.texi @@ -1443,7 +1443,8 @@ is convenient when you are debugging a program, but it is unhelpful if you want the program to behave unpredictably. If you want a different pseudo-random series each time your program runs, you must specify a different seed each time. For ordinary purposes, basing the seed on the -current time works well. +current time works well. For random numbers in cryptography, +@pxref{Unpredictable Bytes}. You can obtain repeatable sequences of numbers on a particular machine type by specifying the same initial seed value for the random number diff --git a/stdlib/Makefile b/stdlib/Makefile index 3cce9d98d4..d6512639e0 100644 --- a/stdlib/Makefile +++ b/stdlib/Makefile @@ -28,7 +28,7 @@ headers := stdlib.h bits/stdlib.h bits/stdlib-ldbl.h bits/stdlib-float.h \ errno.h sys/errno.h bits/errno.h \ ucontext.h sys/ucontext.h \ alloca.h fmtmsg.h \ - bits/stdlib-bsearch.h + bits/stdlib-bsearch.h sys/random.h routines := \ atof atoi atol atoll \ @@ -45,7 +45,7 @@ routines := \ srand48 seed48 lcong48 \ drand48_r erand48_r lrand48_r nrand48_r mrand48_r jrand48_r \ srand48_r seed48_r lcong48_r \ - drand48-iter \ + drand48-iter getrandom getentropy \ strfromf strfromd strfroml \ strtol strtoul strtoll strtoull \ strtol_l strtoul_l strtoll_l strtoull_l \ @@ -79,7 +79,8 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \ tst-setcontext3 tst-tls-atexit-nodelete \ tst-strtol-locale tst-strtod-nan-locale tst-strfmon_l \ tst-quick_exit tst-thread-quick_exit tst-width \ - tst-width-stdint tst-strfrom tst-strfrom-locale + tst-width-stdint tst-strfrom tst-strfrom-locale \ + tst-getrandom tests-static := tst-secure-getenv ifeq ($(have-cxx-thread_local),yes) CFLAGS-tst-quick_exit.o = -std=c++11 diff --git a/stdlib/Versions b/stdlib/Versions index 54416b7ea6..415b9945e2 100644 --- a/stdlib/Versions +++ b/stdlib/Versions @@ -115,6 +115,7 @@ libc { GLIBC_2.25 { # s* strfromd; strfromf; strfroml; + getrandom; getentropy; } GLIBC_PRIVATE { # functions which have an additional interface since they are diff --git a/stdlib/getentropy.c b/stdlib/getentropy.c new file mode 100644 index 0000000000..32a24c7633 --- /dev/null +++ b/stdlib/getentropy.c @@ -0,0 +1,31 @@ +/* Stub for getentropy. + Copyright (C) 2016 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <sys/random.h> +#include <errno.h> + +/* Write LENGTH bytes of randomness starting at BUFFER. Return 0 on + success and -1 on failure. */ +ssize_t +getentropy (void *buffer, size_t length) +{ + __set_errno (ENOSYS); + return -1; +} + +stub_warning (getentropy) diff --git a/stdlib/getrandom.c b/stdlib/getrandom.c new file mode 100644 index 0000000000..a24727bb70 --- /dev/null +++ b/stdlib/getrandom.c @@ -0,0 +1,31 @@ +/* Stub for getrandom. + Copyright (C) 2016 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <sys/random.h> +#include <errno.h> + +/* Write LENGTH bytes of randomness starting at BUFFER. Return the + number of bytes written, or -1 on error. */ +ssize_t +getrandom (void *buffer, size_t length, unsigned int flags) +{ + __set_errno (ENOSYS); + return -1; +} + +stub_warning (getrandom) diff --git a/stdlib/sys/random.h b/stdlib/sys/random.h new file mode 100644 index 0000000000..610b4685f1 --- /dev/null +++ b/stdlib/sys/random.h @@ -0,0 +1,42 @@ +/* Interfaces for obtaining random bytes. + Copyright (C) 2016 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any la |