From patchwork Fri Mar 21 19:34:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 875265 Delivered-To: patch@linaro.org Received: by 2002:a5d:5f4c:0:b0:38f:210b:807b with SMTP id cm12csp1046153wrb; Fri, 21 Mar 2025 12:35:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVlLj3MlLth/OWbklnw0hJvp4+/kvMWTLC83DfKDdETCKrAU7Qq7FpVOXIFmMd4zWgPD+4RsQ==@linaro.org X-Google-Smtp-Source: AGHT+IH4Zb+KTtSFZCQ5le1J07hpJyEGH+lvV3tG9yPknx1/ssmj8+1RAPlyV0hQ8TnOinwezncb X-Received: by 2002:a05:622a:904:b0:476:b4c9:f4c9 with SMTP id d75a77b69052e-4771de7ddebmr75979221cf.49.1742585706798; Fri, 21 Mar 2025 12:35:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1742585706; cv=pass; d=google.com; s=arc-20240605; b=bJHZfJlrql+t+hzjt9p8T+TVOyAxEe04a3dByZWfX78LhWkurs2chTRpga5kL5didq J5bCZHKGYgsS1rEkswi4IBQwos7joNyjal+U9cKxoYuF2O0y4v8edNiZN5JBVcyFZNqm xHe8TD4JZ0jW0a/IzNMG15GZXCi5QQ9Br+bWRGtBbuXjhcDl77YHh52n/3527U2AoVah 868w2OuL6EHNNXGXKxpeHTKDtwOLnS8jd6EO2E1I9r20OW4kie8A7vbq6LuPdg8OMokD rOlKWVPHqe9+3qdp5/0VZ2Y3mBax1LpPybDAyNc3xTSOBa9+Zucb+6LNyBS5WHhhHBeh Se2g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature :dkim-filter:arc-filter:dmarc-filter:delivered-to:dkim-filter; bh=RdJarKzvC9JJQw0gbh7m56ST7bdl+ixBIZqZg9+r8lc=; fh=/UjE63U3mlLNn0euFy7MFqOs/g434wOd7Di4tJpUSYs=; b=lj0CFafSr7/9EzanE/2pU4B0DfCiWF/PvFYgL1J+eNh99b2lKEtoCPU8pO1p7OWmy/ vpUuJiugZEMzOhkT3expJ43R+A8E0QtRTGaKNivChukP0qRiatBXxYyEJXSdUmFRZec3 wZ50tp9HUsKGI9WmbkLa+e3DQfWE/jKSbKtBA9zcoKjzj3RjKuROv/Bk2/NHSpc4cnOW fg3d9zyplXlBLDsbQ983kWsJ4/dmW4QUPbg6JQBNdndrdkWCpwYVfu2SFCDbYsox1b6Y q44Knq57byA8MIvayipcsKtaXsZ7A35eHDAcgutSZqml5EkN0DwgE/4RatwSgYDTmojJ Lr0Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=c+yrgSNg; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-4771d15da94si23529561cf.132.2025.03.21.12.35.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Mar 2025 12:35:06 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=c+yrgSNg; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 61FA43858C60 for ; Fri, 21 Mar 2025 19:35:06 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 61FA43858C60 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=c+yrgSNg X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by sourceware.org (Postfix) with ESMTPS id 7B1533858D20 for ; Fri, 21 Mar 2025 19:34:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7B1533858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7B1533858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1742585690; cv=none; b=td7fmF8PWUs6+LlFoQZUEM55IpibwmuAIB//qQqmys6vKpX0BQwRNRfxnAhCzIURzav2RWheOyyJUKJA7rbebrX6SXmVCfFx6XS41Utarz/2HIpFUlMOqnGw+/1z5DHVRWo07Vu1YbbIn0MFVHN37G60GfPLYatJQrqL/aNKBu0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1742585690; c=relaxed/simple; bh=ND79RO+UPgIAWTX9HuviIeEEPiFki1ibKZT3eo9mEps=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=vZ09j6jlpqiX7MQdDL0ARyISsBj8X+L+nAXadhCzM6yYwctQXvyFxMGngDYXZkb60BNczrOPKwCuYfm9kII1y2I8536YFxKSdzgL7/hou/u+2x8tNpUrvwcCqoLLvGeSuuu/EFITS3HWPsgZ/6WGiqzL7mt0Bv5GMNQtKQ0MocE= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7B1533858D20 Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-22435603572so46492885ad.1 for ; Fri, 21 Mar 2025 12:34:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1742585689; x=1743190489; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=RdJarKzvC9JJQw0gbh7m56ST7bdl+ixBIZqZg9+r8lc=; b=c+yrgSNgXAfvlnqFvxALseBY9GhlKm/l9u/NczL6M5WSpU7hqwKrk55mkt1BcXtKC7 JtC8AwQ6Ik+E0jNBLfLyhdQXO2K9fyyxnkbprxCUIWcTZ4H5Tur4SOZICmCIN0my0C9U /V4rA8GcGBXyO+5yJQQBRgK8ZtUg4ttwTHmd4egB3w9NXyRHwksAJEajqf8Oy8PKLo4n bX+tX6UL4cnBJ83dNyObbnj1y/HpWtw4kF8L63PUx8USc1Y9APR7/maTjb1Sh5j4VJIF AC8xB1NtD7QfZ0DlC9rALxezcLkx9F54WcYYzEamgeCfqAgGFhlBFQ12rAJXdeWWyRGd 0BQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742585689; x=1743190489; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RdJarKzvC9JJQw0gbh7m56ST7bdl+ixBIZqZg9+r8lc=; b=gZbu2H6t19adZsoAvV9M96Yx9mbecRP2cTfjAqlu87TCbANUGeO73yr59b0eH0o58+ qXdqk8wMoLIshkPLfAEwxel5f+UeuiCUQ7N8szibKD8I752muM7C8m4e5t70B1dB+9IO TNxkKaL+cS2cLA6/Ic6N2ycYMbQEu0WQjDnrZD4Obcg2MWoh6xW4eO/p9WWrqD/8/Wi1 RuklYNVfj4kTAKfAUWKcwwPGrbQya9IVScDec6fz2/QQtx49nkfm+JLiZbQHoSR33phB EA1NPG9ZPGSaX8pXOb8PoQzw+xFUokM5pVhbskmUAV6T9zcoG3bDdTk8X5pMUFYPDlZE iOTQ== X-Gm-Message-State: AOJu0YxwVRoxO5QYBND0eIoKQMh78fh1mGhXQfp8Z2coHUYZr2heVwzl xYp7kwxmvEnV964VntGm/pfNJFJAQAyjXGtTubv3RP5SuzWDrOcwI/WbdGVbD+k6XpggcMCu2z/ 2 X-Gm-Gg: ASbGncsvsalxn0/ilEymMgB/cv14HIAW7UNufpeBQu7mUXY0r6xGE2LiUAZwbL3s6z+ hS0bYqADVPFEoxpOER76y9akXGV3Ez/0VKbq0sP1Us/1pLI6tJDtR9imb4RXD60y0D13FX4F9gj N+Ym6dEGNvCIHQqDYPl0ZxE4sZVn/UsLI9R8SZdHukt9YTLpppNIPCudwZWaKvXABEr++/U0X2y GvPJfjo41h+FtAKaEH7JFnuHuoeENC8IrJKvWFHNQjJprblqc7mojvnP623iNJody87fYsmpSzW RfrZ4J4aKWB6UqOXcoKEEsCDCPjYIMrifaeexRs+ihB13poH9s1umAyQtw== X-Received: by 2002:a05:6a00:1489:b0:736:450c:fa56 with SMTP id d2e1a72fcca58-7390598df59mr5972662b3a.5.1742585688767; Fri, 21 Mar 2025 12:34:48 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:aaeb:38f3:a1e8:650f:37d7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73906286e4bsm2488575b3a.177.2025.03.21.12.34.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Mar 2025 12:34:48 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: =?utf-8?q?Cristian_Rodr=C3=ADguez?= Subject: [PATCH] stdlib: Consolidate getentropy and adapt to POSIX 2024 semantics Date: Fri, 21 Mar 2025 16:34:14 -0300 Message-ID: <20250321193444.2339539-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org POSIX.1-2024 added getentropy with some slight different semantics: 1. Buffer larger than 256 (GETENTROPY_MAX) should return EINVAL insted of EIO. 2. There is no defined error is no entropy could be obtained. It means that the function should not fail. Although both requirements would require new symbol version, the implementation was initially provides for compatibility with BSD, and both FreeBSD and OpenBSD already adapt their implementation to POSIX 2024. So I think it is not worth a compatibily symbol. This patch does not add GETENTROPY_MAX on limits.h, since glibc still does not have a preprocessor handling for POSIX 2024. The consolidation uses __getrandom_nocancel, which might uses the vDSO implementation if supported. Checked on x86_64-linux-gnu. --- manual/crypt.texi | 2 +- stdlib/getentropy.c | 49 ++++++++++++++++++--- stdlib/tst-getrandom.c | 2 +- sysdeps/mach/hurd/getentropy.c | 59 ------------------------- sysdeps/unix/sysv/linux/getentropy.c | 65 ---------------------------- 5 files changed, 46 insertions(+), 131 deletions(-) delete mode 100644 sysdeps/mach/hurd/getentropy.c delete mode 100644 sysdeps/unix/sysv/linux/getentropy.c diff --git a/manual/crypt.texi b/manual/crypt.texi index 4882ee34e5..ce68f2853a 100644 --- a/manual/crypt.texi +++ b/manual/crypt.texi @@ -73,7 +73,7 @@ used by this function was added to the Linux kernel in version 3.17.) The combination of @var{buffer} and @var{length} arguments specifies an invalid memory range. -@item EIO +@item EINVAL @var{length} is larger than 256, or the kernel entropy pool has suffered a catastrophic failure. @end table diff --git a/stdlib/getentropy.c b/stdlib/getentropy.c index 5149fbdde0..aa42341291 100644 --- a/stdlib/getentropy.c +++ b/stdlib/getentropy.c @@ -16,16 +16,55 @@ License along with the GNU C Library; if not, see . */ -#include +#include #include +#include +#include + +static void +getentropy_fatal (void) +{ + __libc_fatal ("Fatal glibc error: cannot get entropy for getentropy\n"); +} /* Write LENGTH bytes of randomness starting at BUFFER. Return 0 on success and -1 on failure. */ int getentropy (void *buffer, size_t length) { - __set_errno (ENOSYS); - return -1; -} + if (length > 256) + { + __set_errno (EINVAL); + return -1; + } -stub_warning (getentropy) + /* Try to fill the buffer completely. Even with the 256 byte limit + above, we might still receive an EINTR error (when blocking + during boot). */ + void *end = buffer + length; + while (buffer < end) + { + /* NB: No cancellation point. */ + ssize_t bytes = __getrandom_nocancel (buffer, end - buffer, 0); + if (bytes < 0) + { + switch (errno) + { + case EINTR: + continue; + case ENOSYS: + return -1; + default: + getentropy_fatal (); + } + } + else if (bytes == 0) + /* No more bytes available. This should not happen under normal + circumstances. */ + getentropy_fatal (); + + /* Try again in case of a short read. */ + buffer += bytes; + } + return 0; +} diff --git a/stdlib/tst-getrandom.c b/stdlib/tst-getrandom.c index 3b2153376b..9fff7a8309 100644 --- a/stdlib/tst-getrandom.c +++ b/stdlib/tst-getrandom.c @@ -211,7 +211,7 @@ test_getentropy (void) errors = true; return; } - if (errno != EIO) + if (errno != EINVAL) { printf ("error: getentropy wrong error for 257 byte buffer: %m\n"); errors = true; diff --git a/sysdeps/mach/hurd/getentropy.c b/sysdeps/mach/hurd/getentropy.c deleted file mode 100644 index 6ad8acc773..0000000000 --- a/sysdeps/mach/hurd/getentropy.c +++ /dev/null @@ -1,59 +0,0 @@ -/* Implementation of getentropy based on getrandom. - Copyright (C) 2016-2025 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - . */ - -#include -#include -#include -#include -#include - -/* Write LENGTH bytes of randomness starting at BUFFER. Return 0 on - success and -1 on failure. */ -int -getentropy (void *buffer, size_t length) -{ - /* The interface is documented to return EIO for buffer lengths - longer than 256 bytes. */ - if (length > 256) - return __hurd_fail (EIO); - - /* Try to fill the buffer completely. Even with the 256 byte limit - above, we might still receive an EINTR error (when blocking - during boot). */ - void *end = buffer + length; - while (buffer < end) - { - /* NB: No cancellation point. */ - ssize_t bytes = __getrandom (buffer, end - buffer, 0); - if (bytes < 0) - { - if (errno == EINTR) - /* Try again if interrupted by a signal. */ - continue; - else - return -1; - } - if (bytes == 0) - /* No more bytes available. This should not happen under - normal circumstances. */ - return __hurd_fail (EIO); - /* Try again in case of a short read. */ - buffer += bytes; - } - return 0; -} diff --git a/sysdeps/unix/sysv/linux/getentropy.c b/sysdeps/unix/sysv/linux/getentropy.c deleted file mode 100644 index a62c9fb099..0000000000 --- a/sysdeps/unix/sysv/linux/getentropy.c +++ /dev/null @@ -1,65 +0,0 @@ -/* Implementation of getentropy based on the getrandom system call. - Copyright (C) 2016-2025 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - . */ - -#include -#include -#include -#include -#include - -/* Write LENGTH bytes of randomness starting at BUFFER. Return 0 on - success and -1 on failure. */ -int -getentropy (void *buffer, size_t length) -{ - /* The interface is documented to return EIO for buffer lengths - longer than 256 bytes. */ - if (length > 256) - { - __set_errno (EIO); - return -1; - } - - /* Try to fill the buffer completely. Even with the 256 byte limit - above, we might still receive an EINTR error (when blocking - during boot). */ - void *end = buffer + length; - while (buffer < end) - { - /* NB: No cancellation point. */ - ssize_t bytes = INLINE_SYSCALL_CALL (getrandom, buffer, end - buffer, 0); - if (bytes < 0) - { - if (errno == EINTR) - /* Try again if interrupted by a signal. */ - continue; - else - return -1; - } - if (bytes == 0) - { - /* No more bytes available. This should not happen under - normal circumstances. */ - __set_errno (EIO); - return -1; - } - /* Try again in case of a short read. */ - buffer += bytes; - } - return 0; -}